Vraag & Antwoord

Beveiliging & privacy

hulp nodig bij virus, advertisement popups

10 antwoorden
  • wie kan mij helpen met de irritante advertisementpopups heb al verschillende onderwerpen gelezen hier, ma kom er nie uit, ook nie met un hijack want bij mij staan andere dingen heb ook smitfraudfix geprobeert ma werkte ook nie hierbij zal ik ff un me hijackthis log plaatsen alvast bedankt grtz leon Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:38:09, on 15-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\tsitra1000106.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WinAble\winable.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.arnhem.chello.nl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rjvdyimx.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293314D6ECF32257895769ABCF75D7551F77C152BBD53B2C3832212339B3E4827B144 O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hpnsvkrv.dll",sitypnow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5130 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:ca5038d325]bureaublad[/b:ca5038d325] Dubbelklik op [u:ca5038d325]combofix.exe[/u:ca5038d325] Kies voor "Continue" door [b:ca5038d325]1[/b:ca5038d325] te typen gevolgd door [b:ca5038d325]ENTER[/b:ca5038d325]. Tijdens het runnen van de fix, [b:ca5038d325]NIET[/b:ca5038d325] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:ca5038d325]combofix.txt[/b:ca5038d325] openen. Bewaar dit logje. [i:ca5038d325]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:ca5038d325] Plaats in je volgende antwoord het logje van combofix ([i:ca5038d325]combofix.txt[/i:ca5038d325]) tesamen met een vers Hijackthis log.
  • hey bedankt voor de hulp, het is er nog wel mja hier is de combofix log en in me volgende antwoord de hijackthis log ComboFix 07-10-16.1 - gerritsen 2007-10-16 19:04:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.81 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\gerritsen\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Hammer.dll C:\Program Files\inetget2 C:\Program Files\ISM C:\Program Files\Temporary C:\Program Files\WinAble C:\Program Files\WinAble\winable.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\xOe C:\Temp\xOe\tOasF.log C:\WINDOWS\b122.exe C:\WINDOWS\b148.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\afqqhxyj.dll C:\WINDOWS\system32\c3 C:\WINDOWS\system32\gebyv.dll C:\WINDOWS\system32\gwlgljfr.dll C:\WINDOWS\system32\hjwtgviq.exe C:\WINDOWS\system32\hpnsvkrv.dll C:\WINDOWS\system32\loodqojj.exe C:\WINDOWS\system32\s3 C:\WINDOWS\system32\s3\rw1000dr.exe C:\WINDOWS\system32\tewwsnsc.exe C:\WINDOWS\system32\U3 C:\WINDOWS\system32\U3\gb83122.exe C:\WINDOWS\system32\udqqsmcy.exe C:\WINDOWS\system32\vMW02a C:\WINDOWS\system32\vMW02a\vMW02a1065.exe C:\WINDOWS\system32\vrkvsnph.ini C:\WINDOWS\system32\vybeg.bak1 C:\WINDOWS\system32\vybeg.bak1 C:\WINDOWS\system32\vybeg.bak2 C:\WINDOWS\system32\vybeg.bak2 C:\WINDOWS\system32\vybeg.ini C:\WINDOWS\system32\vybeg.ini C:\WINDOWS\system32\xxyvwwv.dll C:\WINDOWS\tsitra1000106.exe C:\WINDOWS\tsitra572.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))) . 2007-10-16 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 22:37 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-15 22:06 2,932 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-14 19:17 339,968 --a------ C:\WINDOWS\system32\rjvdyimx.dll 2007-10-14 19:16 389,184 --a------ C:\WINDOWS\system32\iqnbiwpp.exe 2007-10-13 19:18 339,968 --a------ C:\WINDOWS\system32\hewaoiqo.dll 2007-10-13 19:17 389,184 --a------ C:\WINDOWS\system32\rincnoin.exe 2007-10-12 22:10 <DIR> d-------- C:\Program Files\ReflexiveArcade 2007-10-02 20:34 <DIR> d-------- C:\Temp 2007-09-26 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScreenSeven 2007-09-22 12:05 <DIR> d-------- C:\Program Files\LimeWire 2007-09-17 23:02 <DIR> d-------- C:\Documents and Settings\gerritsen\Application Data\Apple Computer 2007-09-17 22:49 <DIR> d-------- C:\Program Files\QuickTime 2007-09-17 22:45 <DIR> d-------- C:\Program Files\iTunes 2007-09-17 22:45 <DIR> d-------- C:\Program Files\iPod 2007-09-17 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 20:28 --------- d-----w C:\Program Files\Zylom Games 2007-10-04 20:14 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\Zylom 2007-10-02 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2007-09-28 15:06 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\Skype 2007-09-26 20:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-09-26 19:05 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\PlayFirst 2007-09-26 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-09-17 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-13 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio 2007-09-11 16:20 --------- d-----w C:\Program Files\Microsoft.NET 2007-09-07 18:55 --------- d-----w C:\Program Files\Alwil Software 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-03 09:12 --------- d-----w C:\Program Files\Google 2007-09-01 14:36 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\Magic Academy 2007-08-29 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreshGames 2007-08-26 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-08-26 18:35 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\VeniceMysteryData 2007-08-23 18:08 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-08-22 15:19 --------- d-----w C:\Program Files\AvRack 2007-08-22 15:19 --------- d-----w C:\Program Files\Avance Sound Manager 2007-08-21 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium 2007-08-19 16:26 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\Zak&Jack 2007-08-19 16:13 --------- d-----w C:\Program Files\BFG 2007-08-19 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-08-17 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear 2007-08-17 11:06 --------- d-----w C:\Program Files\Java 2007-08-17 11:04 --------- d-----w C:\Program Files\Common Files\Java 2007-08-17 11:03 --------- d-----w C:\Program Files\Skype 2007-08-17 11:03 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-17 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-08-16 18:29 --------- d-----w C:\Program Files\MSN Messenger 2007-08-16 17:20 --------- d-----w C:\Documents and Settings\gerritsen\Application Data\InterVideo 2007-08-16 17:19 --------- d-----w C:\Program Files\Common Files\InterVideo 2007-08-16 17:18 --------- d-----w C:\Program Files\InterVideo 2007-08-16 17:18 --------- d-----w C:\Program Files\InterActual 2007-08-16 17:18 --------- d-----w C:\Program Files\Creative 2007-08-16 15:28 --------- d-----w C:\Program Files\microsoft frontpage 2007-08-16 15:21 --------- d-----w C:\Program Files\Windows Plus . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E4084D-D504-46F2-9FE0-32C4761EC593}] C:\Program Files\MSN Gaming Zone\hokevogaC:\WINDOWS\system32\U3\gb83122.exe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-10-14 19:17 339968 --a------ C:\WINDOWS\system32\rjvdyimx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\rjvdyimx.dll [2007-10-14 19:17 339968] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SoundMan"="soundman.exe" [2001-05-29 19:02 C:\WINDOWS\soundman.exe] "PKR Pal"="./\pkrpal.exe" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-17 22:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 14:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-16 19:18:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rjvdyimx] rjvdyimx.dll 2007-10-14 19:17 339968 C:\WINDOWS\system32\rjvdyimx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 19:09:58 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-16 19:12:15 - machine was rebooted . --- E O F ---
  • hier de hijackthis log hoop dat jij er wat mee kan want ik ben radeloos :-? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:42, on 16-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\soundman.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.arnhem.chello.nl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {07E4084D-D504-46F2-9FE0-32C4761EC593} - C:\Program Files\MSN Gaming Zone\hokevogaC:\WINDOWS\system32\U3\gb83122.exe.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rjvdyimx.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rjvdyimx.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rjvdyimx - C:\WINDOWS\SYSTEM32\rjvdyimx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5356 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:7db469e1d0] File:: C:\WINDOWS\system32\rjvdyimx.dll C:\WINDOWS\system32\hewaoiqo.dll C:\WINDOWS\system32\rincnoin.exe C:\WINDOWS\system32\U3\gb83122.exe.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E4084D-D504-46F2-9FE0-32C4761EC593}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PKR Pal"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rjvdyimx] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=- Folder:: C:\Program Files\MSN Gaming Zone\hokevoga [/b:7db469e1d0] Sla dit op op je Bureaublad als [b:7db469e1d0]CFScript.txt[/b:7db469e1d0] Sleep [b:7db469e1d0]CFScript.txt[/b:7db469e1d0] in [b:7db469e1d0]ComboFix.exe[/b:7db469e1d0] zoals getoond in onderstaand voorbeeld : [img:7db469e1d0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:7db469e1d0] Dit zal [b:7db469e1d0]ComboFix[/b:7db469e1d0] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:7db469e1d0]Combofix.txt[/b:7db469e1d0] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hey ik denk dat er iets fout is gegaan, heb gedaan wat je zei, start ie opnieuw op, vraagt ie om een wachtwoord, ma dat heb ik dach ik nooit ingevuld of in hoeven vullen. dus kom nu me pc niet in. Via veilige modus geprobeerd, staat administrator er ook bij ma moet ik ook ineens wachtwoord invullen, hoop dat je me kan helpen, zit nu via me mobiel Grtz leon
  • Hoi Leon, Kan je als wachtwoord niet opgeven "Administrator", "Admin" of gewoon het wachtwoord leeg laten? (wachtwoorden wel zonder quotes) Pim
  • Dit werkt ook niet, is er nog een omweg nu, of is het verstandiger om xp opnieuw te installeren?
  • Ik denk toch dat je dit wachtwoord ooit zelf moet hebben ingesteld. Ik heb hier een tooltje voor je, deze kan je branden als opstartbare CD en zo je wachtwoord veranderen. Je zou wel even moeten branden vanaf een andere computer: http://www.loginrecovery.com/instructions.php#cd Succes!
  • hey pim, bedankt voor de hulp iig heb ut geprobeert met ut progje van jou, ma wilde ook nie dus nu gwoon xp opnieuw geinstalleerd, ben nu iig van die popups af, en me c: schijf is ook weer lekker leeg, was wel ff raar met dat wachtwoord, want heb xp net 2 maanden erop staan, en had ut nog wel geweten dat ik wat heb ingevoerd, heb er nu maar wel 1 opgezet die ik iig niet zal vergeten :lol: thnx nogmaals grtz leon

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.