Virus, systeemherstel en nu: AVG8.5 niet te verwijderen en ik kan niks downloaden

[Phoenix81]

Hallo, Ik ben echt een leek met computers, dus ik hoop op hulp!

Ik heb een laptop, draait op Vista en eind april kreeg ik eens een melding dat ik een of ander Trojan virus had binnen gehaald. Ik kon het niet verwijderen en kreeg de een na de andere pop-up. Ik heb toen een update van AVG 9 geinstalleerd en gescand, alles in de vault, maar het probleem bleef. Ook was mijn laptop al langer erg traag. Ik vond een log op mijn bureaublad:

#

# An unexpected error has been detected by Java Runtime Environment:

#

# EXCEPTION_GUARD_PAGE (0x80000001) at pc=0x6d898675, pid=6020, tid=5820

#

# Java VM: Java HotSpot Client VM (11.0-b16 mixed mode, sharing windows-x86)

# Problematic frame:

# V [jvm.dll+0x98675]

#

# If you would like to submit a bug report, please visit:

# HotSpot Virtual Machine Error Reporting Page

#

--------------- T H R E A D ---------------

Current thread (0x00b68800): VMThread [stack: 0x00ab0000,0x00b00000] [id=5820]

siginfo: ExceptionCode=0x80000001, ExceptionInformation=0x00000000 0x01c7001f

Registers:

EAX=0x01c7001f, EBX=0x00aff9e4, ECX=0x00aff9e4, EDX=0x6d9e0a08

ESP=0x00aff7dc, EBP=0x00b6903c, ESI=0x01c7001f, EDI=0x00aff870

EIP=0x6d898675, EFLAGS=0x00010283

Top of Stack: (sp=0x00aff7dc)

0x00aff7dc: 01c7001b 6d8a5e92 01c7001f 0457c400

0x00aff7ec: 00aff870 00000000 00000001 00b6903c

0x00aff7fc: 00000000 00aff870 00aff83c 00b68800

0x00aff80c: 6d8788b1 6d8788c0 00aff83c 6d857ed0

0x00aff81c: 6d857ee8 00aff870 6d8a646f 05a7f960

0x00aff82c: 05a7f990 02409ccf 00aff9e4 00000001

0x00aff83c: 6d8a61f2 00aff9e4 00aff888 00000001

0x00aff84c: 00aff9e4 6d9a936b 00aff9e4 00aff888

Instructions: (pc=0x6d898675)

0x6d898665: c2 04 00 cc cc cc cc cc cc cc cc 56 8b 74 24 08

0x6d898675: 8b 06 85 c0 57 8b f9 74 55 3b 47 1c 73 50 8b 08

Stack: [0x00ab0000,0x00b00000], sp=0x00aff7dc, free space=317k

Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)

V [jvm.dll+0x98675]

VM_Operation (0x05c5f7e8): GenCollectForAllocation, mode: safepoint, requested by thread 0x0457e000

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )

0x04580000 JavaThread "Thread-17" [_thread_blocked, id=6112, stack(0x05cb0000,0x05d00000)]

0x0457e000 JavaThread "thread applet-vmain.class-5" [_thread_blocked, id=2516, stack(0x05c10000,0x05c60000)]

0x0457d800 JavaThread "Applet 5 LiveConnect Worker Thread" [_thread_blocked, id=2232, stack(0x05b70000,0x05bc0000)]

0x0457d400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=4212, stack(0x058f0000,0x05940000)]

0x0457e400 JavaThread "Image Fetcher 0" daemon [_thread_blocked, id=6040, stack(0x05c60000,0x05cb0000)]

0x0457ec00 JavaThread "Applet 4 LiveConnect Worker Thread" [_thread_blocked, id=3552, stack(0x05b20000,0x05b70000)]

0x0457cc00 JavaThread "thread applet-vmain.class-3" [_thread_blocked, id=3164, stack(0x05ec0000,0x05f10000)]

0x0457c400 JavaThread "thread applet-vmain.class-1" [_thread_in_native, id=3412, stack(0x05a30000,0x05a80000)]

0x0457c800 JavaThread "AWT-EventQueue-4" [_thread_blocked, id=3376, stack(0x05a80000,0x05ad0000)]

0x0457b000 JavaThread "Applet 3 LiveConnect Worker Thread" [_thread_blocked, id=2020, stack(0x05940000,0x05990000)]

0x0457bc00 JavaThread "AWT-EventQueue-3" [_thread_blocked, id=920, stack(0x059e0000,0x05a30000)]

0x0457b800 JavaThread "Applet 2 LiveConnect Worker Thread" [_thread_blocked, id=2740, stack(0x05990000,0x059e0000)]

0x04579400 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=2856, stack(0x05850000,0x058a0000)]

0x0457ac00 JavaThread "AWT-Shutdown" [_thread_blocked, id=780, stack(0x05240000,0x05290000)]

0x0457a000 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=3392, stack(0x044a0000,0x044f0000)]

0x04579800 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=1404, stack(0x058a0000,0x058f0000)]

0x04579000 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=3712, stack(0x051d0000,0x05220000)]

0x04578800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=4004, stack(0x055b0000,0x05600000)]

0x0456dc00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2604, stack(0x05320000,0x05370000)]

0x04568800 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=152, stack(0x052d0000,0x05320000)]

0x0455d800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2888, stack(0x04e40000,0x04e90000)]

0x04557800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=1288, stack(0x04da0000,0x04df0000)]

0x04551000 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" [_thread_in_native, id=6116, stack(0x04840000,0x04890000)]

0x00bf3c00 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2704, stack(0x04450000,0x044a0000)]

0x00bee400 JavaThread "Timer-0" [_thread_blocked, id=6108, stack(0x04400000,0x04450000)]

0x00b85400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6140, stack(0x01d60000,0x01db0000)]

0x00b81000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=6064, stack(0x01d10000,0x01d60000)]

0x00b80400 JavaThread "Attach Listener" daemon [_thread_blocked, id=3224, stack(0x01cc0000,0x01d10000)]

0x00b75800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5860, stack(0x01c70000,0x01cc0000)]

0x00b6e800 JavaThread "Finalizer" daemon [_thread_blocked, id=5856, stack(0x01c20000,0x01c70000)]

0x00b6a000 JavaThread "Reference Handler" daemon [_thread_blocked, id=6036, stack(0x00c40000,0x00c90000)]

0x008dfc00 JavaThread "main" [_thread_blocked, id=5844, stack(0x00900000,0x00950000)]

Other Threads:

=>0x00b68800 VMThread [stack: 0x00ab0000,0x00b00000] [id=5820]

0x00b97800 WatcherThread [stack: 0x01db0000,0x01e00000] [id=3596]

VM state:at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])

[0x00b406f0] UNKNOWN - owner thread: 0x00b68800

[0x00b40b50] UNKNOWN - owner thread: 0x0457e000

Heap

def new generation total 4544K, used 3076K [0x24000000, 0x244e0000, 0x244e0000)

eden space 4096K, 75% used [0x24000000, 0x24300830, 0x24400000)

from space 448K, 0% used [0x24400000, 0x24400968, 0x24470000)

to space 448K, 0% used [0x24470000, 0x24470030, 0x244e0000)

tenured generation total 60544K, used 36851K [0x244e0000, 0x28000000, 0x28000000)

the space 60544K, 60% used [0x244e0000, 0x268dcca8, 0x268dce00, 0x28000000)

compacting perm gen total 12288K, used 2726K [0x28000000, 0x28c00000, 0x2c000000)

the space 12288K, 22% used [0x28000000, 0x282a99b8, 0x282a9a00, 0x28c00000)

ro space 8192K, 63% used [0x2c000000, 0x2c513ae8, 0x2c513c00, 0x2c800000)

rw space 12288K, 53% used [0x2c800000, 0x2ce683f8, 0x2ce68400, 0x2d400000)

Dynamic libraries:

0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe

0x77ba0000 - 0x77cc7000 C:\Windows\system32\ntdll.dll

0x76740000 - 0x7681b000 C:\Windows\system32\kernel32.dll

0x765e0000 - 0x766a6000 C:\Windows\system32\ADVAPI32.dll

0x76cd0000 - 0x76d92000 C:\Windows\system32\RPCRT4.dll

0x6e610000 - 0x6e62e000 C:\Windows\system32\ShimEng.dll

0x76240000 - 0x7626c000 C:\Windows\system32\apphelp.dll

0x6bd30000 - 0x6bdb8000 C:\Windows\AppPatch\AcLayers.DLL

0x76ab0000 - 0x76b4d000 C:\Windows\system32\USER32.dll

0x76c80000 - 0x76ccb000 C:\Windows\system32\GDI32.dll

0x76e30000 - 0x77940000 C:\Windows\system32\SHELL32.dll

0x77d50000 - 0x77dfa000 C:\Windows\system32\msvcrt.dll

0x76900000 - 0x76958000 C:\Windows\system32\SHLWAPI.dll

0x76960000 - 0x76aa4000 C:\Windows\system32\ole32.dll

0x76bf0000 - 0x76c7d000 C:\Windows\system32\OLEAUT32.dll

0x762c0000 - 0x762de000 C:\Windows\system32\USERENV.dll

0x762a0000 - 0x762b4000 C:\Windows\system32\Secur32.dll

0x731e0000 - 0x73222000 C:\Windows\system32\WINSPOOL.DRV

0x75da0000 - 0x75db4000 C:\Windows\system32\MPR.dll

0x76b50000 - 0x76b6e000 C:\Windows\system32\IMM32.DLL

0x76830000 - 0x768f8000 C:\Windows\system32\MSCTF.dll

0x76da0000 - 0x76da9000 C:\Windows\system32\LPK.DLL

0x76db0000 - 0x76e2d000 C:\Windows\system32\USP10.dll

0x6c1b0000 - 0x6c1b5000 C:\Windows\system32\avgrsstx.dll

0x750c0000 - 0x7525e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll

0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll

0x74e50000 - 0x74e82000 C:\Windows\system32\WINMM.dll

0x74e10000 - 0x74e49000 C:\Windows\system32\OLEACC.dll

0x6d280000 - 0x6d288000 C:\Program Files\Java\jre6\bin\hpi.dll

0x76400000 - 0x76407000 C:\Windows\system32\PSAPI.DLL

0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll

0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll

0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll

0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll

0x6d1c0000 - 0x6d1d3000 C:\Program Files\Java\jre6\bin\deploy.dll

0x75ca0000 - 0x75d91000 C:\Windows\system32\CRYPT32.dll

0x75e20000 - 0x75e32000 C:\Windows\system32\MSASN1.dll

0x77ac0000 - 0x77b91000 C:\Windows\system32\WININET.dll

0x76820000 - 0x76823000 C:\Windows\system32\Normaliz.dll

0x77a70000 - 0x77ab6000 C:\Windows\system32\iertutil.dll

0x77940000 - 0x77a6a000 C:\Windows\system32\urlmon.dll

0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll

0x75a30000 - 0x75a38000 C:\Windows\system32\VERSION.dll

0x6dd70000 - 0x6df72000 C:\Windows\system32\msi.dll

0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll

0x77cd0000 - 0x77cfd000 C:\Windows\system32\WS2_32.dll

0x765d0000 - 0x765d6000 C:\Windows\system32\NSI.dll

0x75970000 - 0x759ab000 C:\Windows\system32\mswsock.dll

0x75a20000 - 0x75a25000 C:\Windows\System32\wship6.dll

0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll

0x6d000000 - 0x6d138000 C:\Program Files\Java\jre6\bin\awt.dll

0x72a60000 - 0x72a6c000 C:\Windows\system32\DWMAPI.DLL

0x753c0000 - 0x753ff000 C:\Windows\system32\uxtheme.dll

0x10000000 - 0x10017000 C:\Windows\system32\MsnChatHook.dll

0x04500000 - 0x04522000 C:\Windows\system32\ShowErrMsg.dll

0x04ea0000 - 0x04eea000 C:\Windows\system32\sysenv.dll

0x76b70000 - 0x76be3000 C:\Windows\system32\comdlg32.dll

0x04f00000 - 0x04f15000 C:\Windows\system32\BatchCrypto.dll

0x04f30000 - 0x04f94000 C:\Windows\system32\CryptoAPI.dll

0x76140000 - 0x761db000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCR80.dll

0x04fb0000 - 0x04fec000 C:\Windows\system32\keyManager.dll

0x6c910000 - 0x6ca1f000 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

0x72760000 - 0x727e7000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCP80.dll

0x72560000 - 0x7263c000 C:\Windows\system32\dbghelp.dll

0x6d220000 - 0x6d274000 C:\Program Files\Java\jre6\bin\fontmanager.dll

0x75650000 - 0x75655000 C:\Windows\System32\wshtcpip.dll

0x74df0000 - 0x74dff000 C:\Windows\system32\NLAapi.dll

0x75c00000 - 0x75c19000 C:\Windows\system32\IPHLPAPI.DLL

0x75bc0000 - 0x75bf5000 C:\Windows\system32\dhcpcsvc.DLL

0x75e60000 - 0x75e8c000 C:\Windows\system32\DNSAPI.dll

0x75bb0000 - 0x75bb7000 C:\Windows\system32\WINNSI.DLL

0x75b80000 - 0x75ba1000 C:\Windows\system32\dhcpcsvc6.DLL

0x6f270000 - 0x6f27f000 C:\Windows\system32\napinsp.dll

0x6f1e0000 - 0x6f1f2000 C:\Windows\system32\pnrpnsp.dll

0x6f260000 - 0x6f268000 C:\Windows\System32\winrnr.dll

0x77d00000 - 0x77d4a000 C:\Windows\system32\WLDAP32.dll

0x6f290000 - 0x6f296000 C:\Windows\system32\rasadhlp.dll

0x757b0000 - 0x757eb000 C:\Windows\system32\rsaenh.dll

0x6d190000 - 0x6d1b3000 C:\Program Files\Java\jre6\bin\dcpr.dll

0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll

0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll

0x6cc70000 - 0x6cce0000 C:\Windows\system32\DSOUND.dll

0x75670000 - 0x7568a000 C:\Windows\system32\POWRPROF.dll

0x73f40000 - 0x73f6f000 C:\Windows\system32\wdmaud.drv

0x73f30000 - 0x73f34000 C:\Windows\system32\ksuser.dll

0x74d80000 - 0x74da7000 C:\Windows\system32\MMDevAPI.DLL

0x74e00000 - 0x74e07000 C:\Windows\system32\AVRT.dll

0x76440000 - 0x765ca000 C:\Windows\system32\SETUPAPI.dll

0x754c0000 - 0x754ed000 C:\Windows\system32\WINTRUST.dll

0x76410000 - 0x76439000 C:\Windows\system32\imagehlp.dll

0x73e50000 - 0x73e71000 C:\Windows\system32\AUDIOSES.DLL

0x73b60000 - 0x73bc6000 C:\Windows\system32\audioeng.dll

0x73f10000 - 0x73f19000 C:\Windows\system32\msacm32.drv

0x73c70000 - 0x73c84000 C:\Windows\system32\MSACM32.dll

0x73e40000 - 0x73e47000 C:\Windows\system32\midimap.dll

VM Arguments:

jvm_args: -D__jvm_launched=875348034 -Xbootclasspath/a:C:\\PROGRA~1\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\plugin.jar -Dsun.plugin2.jvm.args=-D__jvm_launched=875348034 "-Xbootclasspath/a:C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\classes" --

java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid1228_pipe4,read_pipe_name=jpi2_pid1228_pipe3

Launcher Type: SUN_STANDARD

Environment Variables:

PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;D:\Program Files\QuickTime\QTSystem\

USERNAME=Linda

OS=Windows_NT

PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows Vista Build 6001 Service Pack 1

CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 6 stepping 1, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 1038012k(168976k free), swap 2346732k(860040k free)

vm_info: Java HotSpot Client VM (11.0-b16) for windows-x86 JRE (1.6.0_11-b03), built on Nov 10 2008 02:15:12 by "java_re" with MS VC++ 7.1

time: Sat Apr 24 22:36:26 2010

elapsed time: 18 seconds

Uiteindelijk heb ik systeemherstelpunt gedaan en toen was alles weer normaal. Behalve dat de update van AVG weer verdwenen was natuurlijk.

Ook is AVG uitgeschakeld, maar ik kan hem (8.5) niet meer inschakelen. Ook kan ik de update niet installeren en ook kan ik het programma niet deinstalleren om er een ander antivirusprogramma op te kunnen zetten. Ik heb dat via Programma's en onderdelen geprobeerd, maar krijg de volgende melding:

Installer initialization failed due to following error:

Error: @AvgErrorCode_0x0253 %FILE% = "C:\Program Files\AVG\AVG8"

@AvgErrorCode_0x0020

Overigens kan ik helemaal NIETS meer downloaden! Als ik op uitvoeren klik, gebeurt er niets en na opslaan en downloaden, is het bestand of de toepassing gewoon niet terug te vinden.

Kan iemand mij helpen om AVG eraf te halen zodat ik iets nieuws kan installeren en een goede scan kan uitvoeren en vervolgens hopelijk weer veilig kan downloaden?

[kweezie wabbit]

Je kan altijd de nodige bestanden downloaden met een een andere pc en via een usb stick overbrengen naar de probleem pc.

Om AVG te verwijderen kan je AVG remover gebruiken maar ik zou daar nog even mee wachten. We gaan eerst proberen die trojan te neutraliseren.

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

HijackThis zal openen na het installeren.

Klik op "Do a systemscan and save a logfile".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

N.B. : gebruikers van Windows Vista en Windows 7 zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

[Phoenix81]

Ok, dat moet ik dan dus idd via een stickje doen ergens, want uiteraard is er niets op mijn bureaublad te vinden, dacht ik probeer het toch ff...

Overigens is het knip en plak verhaal me wel bekend hoor, al ben ik een leek als het op de techniek aankomt

Bedankt tot zover! Als ik de Scan heb gedaan en het logje heb, kom ik weer terug!

[kweezie wabbit]

Doe maar op rustig aan, wij hebben tijd.

En die knip en plak historie is een standaardtekstje zodat ook echte beginners mee kunnen.