Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hulp nodig bij virus, advertisement popups

pimvandenderen
10 antwoorden
  • wie kan mij helpen met de irritante advertisementpopups
    heb al verschillende onderwerpen gelezen hier, ma kom er nie uit,
    ook nie met un hijack want bij mij staan andere dingen
    heb ook smitfraudfix geprobeert ma werkte ook nie
    hierbij zal ik ff un me hijackthis log plaatsen

    alvast bedankt
    grtz leon

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:38:09, on 15-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\soundman.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\tsitra1000106.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinAble\winable.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.arnhem.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rjvdyimx.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293314D6ECF32257895769ABCF75D7551F77C152BBD53B2C3832212339B3E4827B144
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hpnsvkrv.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 5130 bytes
  • Download Combofix naar je [b:ca5038d325]bureaublad[/b:ca5038d325]

    Dubbelklik op [u:ca5038d325]combofix.exe[/u:ca5038d325]
    Kies voor "Continue" door [b:ca5038d325]1[/b:ca5038d325] te typen gevolgd door [b:ca5038d325]ENTER[/b:ca5038d325].
    Tijdens het runnen van de fix, [b:ca5038d325]NIET[/b:ca5038d325] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:ca5038d325]combofix.txt[/b:ca5038d325] openen. Bewaar dit logje.

    [i:ca5038d325]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:ca5038d325]

    Plaats in je volgende antwoord het logje van combofix ([i:ca5038d325]combofix.txt[/i:ca5038d325]) tesamen met een vers Hijackthis log.
  • hey bedankt voor de hulp, het is er nog wel mja
    hier is de combofix log
    en in me volgende antwoord de hijackthis log

    ComboFix 07-10-16.1 - gerritsen 2007-10-16 19:04:20.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.81 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\gerritsen\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Hammer.dll
    C:\Program Files\inetget2
    C:\Program Files\ISM
    C:\Program Files\Temporary
    C:\Program Files\WinAble
    C:\Program Files\WinAble\winable.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\xOe
    C:\Temp\xOe\tOasF.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\b148.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\afqqhxyj.dll
    C:\WINDOWS\system32\c3
    C:\WINDOWS\system32\gebyv.dll
    C:\WINDOWS\system32\gwlgljfr.dll
    C:\WINDOWS\system32\hjwtgviq.exe
    C:\WINDOWS\system32\hpnsvkrv.dll
    C:\WINDOWS\system32\loodqojj.exe
    C:\WINDOWS\system32\s3
    C:\WINDOWS\system32\s3\rw1000dr.exe
    C:\WINDOWS\system32\tewwsnsc.exe
    C:\WINDOWS\system32\U3
    C:\WINDOWS\system32\U3\gb83122.exe
    C:\WINDOWS\system32\udqqsmcy.exe
    C:\WINDOWS\system32\vMW02a
    C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
    C:\WINDOWS\system32\vrkvsnph.ini
    C:\WINDOWS\system32\vybeg.bak1
    C:\WINDOWS\system32\vybeg.bak1
    C:\WINDOWS\system32\vybeg.bak2
    C:\WINDOWS\system32\vybeg.bak2
    C:\WINDOWS\system32\vybeg.ini
    C:\WINDOWS\system32\vybeg.ini
    C:\WINDOWS\system32\xxyvwwv.dll
    C:\WINDOWS\tsitra1000106.exe
    C:\WINDOWS\tsitra572.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
    .

    2007-10-16 19:02 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-15 22:37 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-15 22:06 2,932 –a—— C:\WINDOWS\system32\tmp.reg
    2007-10-14 19:17 339,968 –a—— C:\WINDOWS\system32\rjvdyimx.dll
    2007-10-14 19:16 389,184 –a—— C:\WINDOWS\system32\iqnbiwpp.exe
    2007-10-13 19:18 339,968 –a—— C:\WINDOWS\system32\hewaoiqo.dll
    2007-10-13 19:17 389,184 –a—— C:\WINDOWS\system32\rincnoin.exe
    2007-10-12 22:10 <DIR> d——– C:\Program Files\ReflexiveArcade
    2007-10-02 20:34 <DIR> d——– C:\Temp
    2007-09-26 21:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ScreenSeven
    2007-09-22 12:05 <DIR> d——– C:\Program Files\LimeWire
    2007-09-17 23:02 <DIR> d——– C:\Documents and Settings\gerritsen\Application Data\Apple Computer
    2007-09-17 22:49 <DIR> d——– C:\Program Files\QuickTime
    2007-09-17 22:45 <DIR> d——– C:\Program Files\iTunes
    2007-09-17 22:45 <DIR> d——– C:\Program Files\iPod
    2007-09-17 22:44 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple Computer

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-04 20:28 ——— d—–w C:\Program Files\Zylom Games
    2007-10-04 20:14 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\Zylom
    2007-10-02 20:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Zylom
    2007-09-28 15:06 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\Skype
    2007-09-26 20:05 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-26 19:05 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\PlayFirst
    2007-09-26 19:05 ——— d—–w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-09-17 21:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-13 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
    2007-09-11 16:20 ——— d—–w C:\Program Files\Microsoft.NET
    2007-09-07 18:55 ——— d—–w C:\Program Files\Alwil Software
    2007-09-06 10:09 801,144 —-a-w C:\WINDOWS\system32\aswBoot.exe
    2007-09-06 10:05 94,416 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 95,608 —-a-w C:\WINDOWS\system32\AvastSS.scr
    2007-09-06 10:00 26,624 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-09-03 09:12 ——— d—–w C:\Program Files\Google
    2007-09-01 14:36 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\Magic Academy
    2007-08-29 16:31 ——— d—–w C:\Documents and Settings\All Users\Application Data\FreshGames
    2007-08-26 20:40 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2007-08-26 18:35 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\VeniceMysteryData
    2007-08-23 18:08 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-08-22 15:19 ——— d—–w C:\Program Files\AvRack
    2007-08-22 15:19 ——— d—–w C:\Program Files\Avance Sound Manager
    2007-08-21 19:49 ——— d—–w C:\Documents and Settings\All Users\Application Data\Intenium
    2007-08-19 16:26 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\Zak&Jack
    2007-08-19 16:13 ——— d—–w C:\Program Files\BFG
    2007-08-19 16:13 ——— d—–w C:\Documents and Settings\All Users\Application Data\Trymedia
    2007-08-17 19:23 ——— d—–w C:\Documents and Settings\All Users\Application Data\JollyBear
    2007-08-17 11:06 ——— d—–w C:\Program Files\Java
    2007-08-17 11:04 ——— d—–w C:\Program Files\Common Files\Java
    2007-08-17 11:03 ——— d—–w C:\Program Files\Skype
    2007-08-17 11:03 ——— d—–w C:\Program Files\Common Files\Skype
    2007-08-17 11:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2007-08-16 18:29 ——— d—–w C:\Program Files\MSN Messenger
    2007-08-16 17:20 ——— d—–w C:\Documents and Settings\gerritsen\Application Data\InterVideo
    2007-08-16 17:19 ——— d—–w C:\Program Files\Common Files\InterVideo
    2007-08-16 17:18 ——— d—–w C:\Program Files\InterVideo
    2007-08-16 17:18 ——— d—–w C:\Program Files\InterActual
    2007-08-16 17:18 ——— d—–w C:\Program Files\Creative
    2007-08-16 15:28 ——— d—–w C:\Program Files\microsoft frontpage
    2007-08-16 15:21 ——— d—–w C:\Program Files\Windows Plus
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E4084D-D504-46F2-9FE0-32C4761EC593}]
    C:\Program Files\MSN Gaming Zone\hokevogaC:\WINDOWS\system32\U3\gb83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-10-14 19:17 339968 –a—— C:\WINDOWS\system32\rjvdyimx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\rjvdyimx.dll [2007-10-14 19:17 339968]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SoundMan"="soundman.exe" [2001-05-29 19:02 C:\WINDOWS\soundman.exe]
    "PKR Pal"="./\pkrpal.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-17 22:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-16 19:18:44]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\rjvdyimx]
    rjvdyimx.dll 2007-10-14 19:17 339968 C:\WINDOWS\system32\rjvdyimx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll

    R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 19:09:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-16 19:12:15 - machine was rebooted
    .
    — E O F —
  • hier de hijackthis log
    hoop dat jij er wat mee kan want ik ben radeloos :-?


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:14:42, on 16-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\soundman.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.arnhem.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {07E4084D-D504-46F2-9FE0-32C4761EC593} - C:\Program Files\MSN Gaming Zone\hokevogaC:\WINDOWS\system32\U3\gb83122.exe.dll (file missing)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rjvdyimx.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rjvdyimx.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: rjvdyimx - C:\WINDOWS\SYSTEM32\rjvdyimx.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 5356 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:7db469e1d0]
    File::
    C:\WINDOWS\system32\rjvdyimx.dll
    C:\WINDOWS\system32\hewaoiqo.dll
    C:\WINDOWS\system32\rincnoin.exe
    C:\WINDOWS\system32\U3\gb83122.exe.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E4084D-D504-46F2-9FE0-32C4761EC593}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PKR Pal"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\rjvdyimx]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=-

    Folder::
    C:\Program Files\MSN Gaming Zone\hokevoga
    [/b:7db469e1d0]
    Sla dit op op je Bureaublad als [b:7db469e1d0]CFScript.txt[/b:7db469e1d0]

    Sleep [b:7db469e1d0]CFScript.txt[/b:7db469e1d0] in [b:7db469e1d0]ComboFix.exe[/b:7db469e1d0] zoals getoond in onderstaand voorbeeld :

    [img:7db469e1d0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:7db469e1d0]

    Dit zal [b:7db469e1d0]ComboFix[/b:7db469e1d0] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:7db469e1d0]Combofix.txt[/b:7db469e1d0] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hey ik denk dat er iets fout is gegaan, heb gedaan wat je zei, start ie opnieuw op, vraagt ie om een wachtwoord, ma dat heb ik dach ik nooit ingevuld of in hoeven vullen. dus kom nu me pc niet in. Via veilige modus geprobeerd, staat administrator er ook bij ma moet ik ook ineens wachtwoord invullen, hoop dat je me kan helpen, zit nu via me mobiel
    Grtz leon
  • Hoi Leon,

    Kan je als wachtwoord niet opgeven "Administrator", "Admin" of gewoon het wachtwoord leeg laten? (wachtwoorden wel zonder quotes)

    Pim
  • Dit werkt ook niet, is er nog een omweg nu, of is het verstandiger om xp opnieuw te installeren?
  • Ik denk toch dat je dit wachtwoord ooit zelf moet hebben ingesteld.

    Ik heb hier een tooltje voor je, deze kan je branden als opstartbare CD en zo je wachtwoord veranderen. Je zou wel even moeten branden vanaf een andere computer: http://www.loginrecovery.com/instructions.php#cd

    Succes!
  • hey pim, bedankt voor de hulp iig
    heb ut geprobeert met ut progje van jou, ma wilde ook nie
    dus nu gwoon xp opnieuw geinstalleerd, ben nu iig van die popups af, en me c: schijf is ook weer lekker leeg,
    was wel ff raar met dat wachtwoord, want heb xp net 2 maanden erop staan, en had ut nog wel geweten dat ik wat heb ingevoerd, heb er nu maar wel 1 opgezet die ik iig niet zal vergeten :lol:
    thnx nogmaals
    grtz leon

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.