Vraag & Antwoord

Beveiliging & privacy

Wie wil deze log checken?

Anoniem
jgbteg
7 antwoorden
  • Wat vage problemen zoals niet af willen sluiten en een lastige bridge.dll
    Vast bedankt

    :\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\WINDOWS\ewupdater.exe
    C:\temp\salm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\tibs3.exe
    C:\Program Files\DeskAd Service\DeskAdServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Kees\Application Data
    erh.exe
    C:\Program Files\DeskAd Service\DeskAdKeep.exe
    C:\WINDOWS\System32\?ttrib.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Utils\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
    O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
    O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
    O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
    O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
    O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
    O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data
    erh.exe
    O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab


  • In [b:427e2300d4]veilige modus[/b:427e2300d4] scannen met een geupdate Ad-aware SE.
    Instructies vind je hier: http://users.telenet.be/marcvn/spyware/1414188.htm

    Rebooten en een nieuwe hijackthislog maken. Post je volledige log.
  • Okay bedankt ga ik morgen proberen. (is de pc van mijn buurman en die is nu weg)
  • [quote:aefb30424d="jgbteg"]Okay bedankt ga ik morgen proberen. (is de pc van mijn buurman en die is nu weg)[/quote:aefb30424d]

    Okay opdracht uitgevoerd. en hier is de nieuwe log

    Logfile of HijackThis v1.98.2
    Scan saved at 16:41:11, on 20-1-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\WINDOWS\ewupdater.exe
    C:\temp\salm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\tibs3.exe
    C:\Program Files\DeskAd Service\DeskAdServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Kees\Application Data
    erh.exe
    C:\WINDOWS\System32\?ttrib.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\DeskAd Service\DeskAdKeep.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Utils\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
    O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
    O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
    O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
    O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
    O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
    O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data
    erh.exe
    O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab


  • Update eerst je Hijackthis. Je gebruikt een oude versie.

    Zorg dat alle verborgen bestanden weergegeven worden.

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:2ca496f83b]
    R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)

    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll

    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
    O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
    O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

    O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
    O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
    O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
    O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
    O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data
    erh.exe
    O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe

    [/b:2ca496f83b]

    Verwijder de volgende bestanden indien aanwezig:
    C:\WINDOWS\ewupdater.exe
    C:\WINDOWS\system32\ledldpc.exe
    C:\WINDOWS\system32\mstrups.exe
    C:\WINDOWS\system32\resman3.exe
    C:\WINDOWS\system32\ryptbg.exe
    C:\WINDOWS\system32\xpsp2fw.exe
    C:\WINDOWS\System32\tibs3.exe

    Verwijder de volgende mappen indien aanwezig:
    C:\Program Files\DeskAd Service


    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • Ok alles uitgevoerd en ook de nieuwe hijack gedownload en hier is de logfile
    En heel erg bedankt de pc loopt gelijk een stuk sneller.


    Logfile of HijackThis v1.99.0
    Scan saved at 17:33:28, on 20-1-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Documents and Settings\Kees\Local Settings\Temp\Tijdelijke map 2 voor hijackthisnew.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  • Deze fixen:
    [b:678e88d73e]
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile

    O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
    [/b:678e88d73e]

    Download dit regfiletje.
    Unzip het, dubbelklik op navifix.reg en laat de wijzigingen aan je register toevoegen.

    Verwijder in veilige modus dit bestand:
    c:\windows\system32\twink64.exe

    Herstart de computer en plaats een nieuwe hijackthislog.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord