Vraag & Antwoord
Wie wil deze log checken?
7 antwoorden
- Update eerst je Hijackthis. Je gebruikt een oude versie.
Zorg dat alle verborgen bestanden weergegeven worden.
Start de computer in veilige modus.
Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
[b:2ca496f83b]
R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data\nerh.exe
O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
[/b:2ca496f83b]
Verwijder de volgende bestanden indien aanwezig:
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\system32\ledldpc.exe
C:\WINDOWS\system32\mstrups.exe
C:\WINDOWS\system32\resman3.exe
C:\WINDOWS\system32\ryptbg.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\System32\tibs3.exe
Verwijder de volgende mappen indien aanwezig:
C:\Program Files\DeskAd Service
Reboot de computer, run HijackThis opnieuw en post een nieuwe log. - Wat vage problemen zoals niet af willen sluiten en een lastige bridge.dll
Vast bedankt
:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\WINDOWS\ewupdater.exe
C:\temp\salm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kees\Application Data\nerh.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\System32\?ttrib.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Utils\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data\nerh.exe
O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab - In [b:427e2300d4]veilige modus[/b:427e2300d4] scannen met een geupdate Ad-aware SE.
Instructies vind je hier: http://users.telenet.be/marcvn/spyware/1414188.htm
Rebooten en een nieuwe hijackthislog maken. Post je volledige log. - Okay bedankt ga ik morgen proberen. (is de pc van mijn buurman en die is nu weg)
- [quote:aefb30424d="jgbteg"]Okay bedankt ga ik morgen proberen. (is de pc van mijn buurman en die is nu weg)[/quote:aefb30424d]
Okay opdracht uitgevoerd. en hier is de nieuwe log
Logfile of HijackThis v1.98.2
Scan saved at 16:41:11, on 20-1-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\WINDOWS\ewupdater.exe
C:\temp\salm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kees\Application Data\nerh.exe
C:\WINDOWS\System32\?ttrib.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Utils\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data\nerh.exe
O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab - Ok alles uitgevoerd en ook de nieuwe hijack gedownload en hier is de logfile
En heel erg bedankt de pc loopt gelijk een stuk sneller.
Logfile of HijackThis v1.99.0
Scan saved at 17:33:28, on 20-1-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\Kees\Local Settings\Temp\Tijdelijke map 2 voor hijackthisnew.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe - Deze fixen:
[b:678e88d73e]
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
[/b:678e88d73e]
Download dit regfiletje.
Unzip het, dubbelklik op navifix.reg en laat de wijzigingen aan je register toevoegen.
Verwijder in veilige modus dit bestand:
c:\windows\system32\twink64.exe
Herstart de computer en plaats een nieuwe hijackthislog.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden