Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 16

Discussie: ter controle

  1. 29 June 2006, 18:42 #1
    élenias
    élenias is offline
    Gevorderd   élenias's schermafbeelding
    Geregistreerd
    12 May 2005
    Locatie
    Wingene (west-Vlaanderen)
    Berichten
    122
    Bedankjes
    14
    Bedankt
    1 keer in 1 post

    ter controle

    Logfile of HijackThis v1.99.1
    Scan saved at 18:41:14, on 29/06/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Belgium Identity Card\beidSystemTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Documents and Settings\TiTTaN\Bureaublad\Snelkoppelingen\HijackT his.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Certificate Import] C:\Program Files\Belgium Identity Card\beidSystemTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [emg8784b] RUNDLL32.EXE w144cf5e.dll,n 0018784a0000000a144cf5e
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dark-elenias.spaces.msn.com//...d/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Zetes - C:\WINDOWS\System32\Belpic PCSC Service.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



    Alvast bedankt!
  2. 29 June 2006, 21:33 #2
    Beamerke
    Beamerke is offline
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts
    Hoi,

    kan je volgend bestandje eens laten scannen op http://www.virustotal.com/en/indexf.html

    C:\WINDOWS\system32\w144cf5e.dll

    Meld het resultaat even.
    Killing the beasts inside your paradise since 2004

  3. 30 June 2006, 09:09 #3
    élenias
    élenias is offline
    Gevorderd   élenias's schermafbeelding
    Geregistreerd
    12 May 2005
    Locatie
    Wingene (west-Vlaanderen)
    Berichten
    122
    Bedankjes
    14
    Bedankt
    1 keer in 1 post
    Kheb het bestand gescand en dit zijn de resultaten:
    Complete scanning result of "w144cf5e.dll", received in VirusTotal at 06.30.2006, 09:03:26 (CET).

    <table border="0" cellpadding="0" cellspacing="0" width="100%"> <thead><tr><td>Antivirus</td><td>Version</td><td align="center">Update</td><td>Result</td></tr></thead> <tbody> <tr><td>AntiVir</td><td>6.35.0.19</td><td align="center">06.30.2006</td><td class="positivo">HEUR/Trojan.Downloader</td></tr><tr><td>Authentium</td><td>4.93.8</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Avast</td><td>4.7.844.0</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>AVG</td><td>386</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>BitDefender</td><td>7.2</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>CAT-QuickHeal</td><td>8.00</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>ClamAV</td><td>devel-20060426</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>DrWeb</td><td>n</td><td align="center">-</td><td class="negativo">no virus found</td></tr><tr><td>eTrust-InoculateIT</td><td>23.72.53</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>eTrust-Vet</td><td>12.6.2283</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>Ewido</td><td>3.5</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Fortinet</td><td>2.77.0.0</td><td align="center">06.30.2006</td><td class="positivo">W32/AXF!tr.dldr</td></tr><tr><td>F-Prot</td><td>3.16f</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Ikarus</td><td>0.2.65.0</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Kaspersky</td><td>4.0.2.24</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>McAfee</td><td>4796</td><td align="center">06.29.2006</td><td class="positivo">Downloader-AXF</td></tr><tr><td>Microsoft</td><td>1.1481</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>NOD32v2</td><td>1.1633</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Norman</td><td>5.90.21</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Panda</td><td>9.0.0.4</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>Sophos</td><td>4.07.0</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>Symantec</td><td>8.0</td><td align="center">06.30.2006</td><td class="negativo">no virus found</td></tr><tr><td>TheHacker</td><td>5.9.8.166</td><td align="center">06.28.2006</td><td class="negativo">no virus found</td></tr><tr><td>UNA</td><td>1.83</td><td align="center">06.28.2006</td><td class="negativo">no virus found</td></tr><tr><td>VBA32</td><td>3.11.0</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr><tr><td>VirusBuster</td><td>4.3.7:9</td><td align="center">06.29.2006</td><td class="negativo">no virus found</td></tr></tbody></table>

    <table border="0" cellpadding="0" cellspacing="0" width="100%"><thead><tr><td>Aditional Information</td></tr></thead> <tbody> <tr><td>File size: 29696 bytes</td></tr><tr><td>MD5: c1ece2804dff41be872d045a99a9ed51</td></tr><tr><td>SHA1: 972ebf3f5070308ca7104e219478c83a946d7e1e</td></tr></tbody></table>
  4. 30 June 2006, 15:10 #4
    Beamerke
    Beamerke is offline
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts
    Hmmmzzz.....

    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven..

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [emg8784b] RUNDLL32.EXE w144cf5e.dll,n 0018784a0000000a144cf5e

    Klik daarna op "Fix checked" en sluit HijackThis af.


    Start de computer in veilige modus.


    Zoek via Windows verkenner naar volgende bestand, en verwijder het indien het nog aanwezig is:

    C:\WINDOWS\system32\w144cf5e.dll

    LAAT HET VOORLOPIG WEL NOG IN DE PRULLEBAK ZITTEN. DUS DE PRULLEBAK NOG NIET LEEGMAKEN!!!!!! JE MAG HET EVENTUEEL ZELFS EVEN OP EEN DISKETTE OF USB-STICK PLAATSEN ZODAT HET NIET VERLOREN GAAT.

    Herstart de computer in normale modus.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Vertel er dan ook even bij hoe alles verder werkt.
    Killing the beasts inside your paradise since 2004

  5. 1 July 2006, 13:56 #5
    élenias
    élenias is offline
    Gevorderd   élenias's schermafbeelding
    Geregistreerd
    12 May 2005
    Locatie
    Wingene (west-Vlaanderen)
    Berichten
    122
    Bedankjes
    14
    Bedankt
    1 keer in 1 post
    Logfile of HijackThis v1.99.1
    Scan saved at 13:54:51, on 1/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\TiTTaN\Bureaublad\Snelkoppelingen\HijackT his.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dark-elenias.spaces.msn.com//...d/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    Kheb het bestandje op m'n mp3 gezet en het zit ook in de prullenbak nog.
    Alles werkt prima, maar telkens ik de pc in normale modus opstart krijg ik de map System32 geopend op m'n computer en ook komen er pop ups tevoorschijn zonder dat ik op internet bezig ben, van microsoft dat er zouden virussen en error's op m'n pc zitten.
    Aan wat zou dit kunnen liggen?

    alvast al bedankt voor je hulp.
  6. 1 July 2006, 20:18 #6
    Beamerke
    Beamerke is offline
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts
    Eens kijken wat vundofix zegt:

    Download VundoFix.exe naar je bureaublad.
    • Dubbelklik VundoFix.exe om het te starten.
    • Zet een vinkje naast: Run VundoFix as a task.
    • Je zal een melding krijgen dat Vundofix zal sluiten en daarna terug openen. Klik OK
    • Wanneer VundoFix opnieuw opent, klik de Scan for Vundo knop.
    • Eenmaal gedaan met scannen, klik de Remove Vundo knop.
    • Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
    • Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
    • Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
    • Start je pc terug opnieuw op.
    Post het resultaat van Vundofix (C:\Vundofix.txt) in je volgende antwoord, samen met een nieuw logje van hijackthis.
    Killing the beasts inside your paradise since 2004

  7. 2 July 2006, 11:42 #7
    élenias
    élenias is offline
    Gevorderd   élenias's schermafbeelding
    Geregistreerd
    12 May 2005
    Locatie
    Wingene (west-Vlaanderen)
    Berichten
    122
    Bedankjes
    14
    Bedankt
    1 keer in 1 post
    Logfile of HijackThis v1.99.1
    Scan saved at 11:41:31, on 2/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\TiTTaN\Bureaublad\Snelkoppelingen\HijackT his.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dark-elenias.spaces.msn.com//...d/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




    VundoFix V4.2.84

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 11:33:06 2/07/2006

    Listing files found while scanning....


    C:\WINDOWS\system32\mnnmp.bak1
    C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\pmnnm.dll
    Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
    C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
    C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.tmp
    C:\WINDOWS\system32\mnnmp.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.ini
    C:\WINDOWS\system32\mnnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mnnmp.ini2
    C:\WINDOWS\system32\mnnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\pmnnm.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\pmnnm.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
  8. 2 July 2006, 17:13 #8
    Beamerke
    Beamerke is offline
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts
    We zitten dus op het juiste spoor

    Download KillAFile

    Dubbelklik erop en pak de bestanden uit op je Bureaublad.
    Sluit alle open vensters, sla alle bestanden op die nog openstaan.
    Open de map Kill_a_File op je Bureaublad en dubbelklik op kill_a_file.bat.

    Er opent een dosscherm.
    Kies optie 1 - Delete a file on reboot.
    Er wordt gevraagd om het pad en de naam van het bestand in te geven dat je wil verwijderen.
    Hier tik je in (of knip en plak):
    • C:\WINDOWS\system32\pmnnm.dll
    Druk daarna op Enter en de computer zal opnieuw starten.

    Controleer dan even of je C:\WINDOWS\system32\pmnnm.dll nog kan vinden op je pc.

    Maak daarna een nieuw logje van hijackthis.
    Killing the beasts inside your paradise since 2004

  9. 5 July 2006, 18:24 #9
    élenias
    élenias is offline
    Gevorderd   élenias's schermafbeelding
    Geregistreerd
    12 May 2005
    Locatie
    Wingene (west-Vlaanderen)
    Berichten
    122
    Bedankjes
    14
    Bedankt
    1 keer in 1 post
    Logfile of HijackThis v1.99.1
    Scan saved at 18:23:58, on 5/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\TiTTaN\Bureaublad\Snelkoppelingen\HijackT his.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {4D5BCA9F-A900-4D96-86ED-9F537C3356B9} - C:\WINDOWS\System32\pmnnm.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dark-elenias.spaces.msn.com//...d/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: pmnnm - C:\WINDOWS\System32\pmnnm.dll (file missing)
    O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




    Het bestandje staat niet meer op mijn computer.
  10. 6 July 2006, 07:36 #10
    Beamerke
    Beamerke is offline
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts
    En we maken weer vorderingen

    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven..

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O2 - BHO: (no name) - {4D5BCA9F-A900-4D96-86ED-9F537C3356B9} - C:\WINDOWS\System32\pmnnm.dll (file missing)
    O20 - Winlogon Notify: pmnnm - C:\WINDOWS\System32\pmnnm.dll (file missing)
    O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Start de computer in veilige modus.


    Zoek via Windows verkenner naar volgende bestandje, en verwijder het indien aanwezig:

    C:\WINDOWS\SYSTEM32\winbjt32.dll

    Herstart de computer in normale modus.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    PS: Mocht je winbjt32.dll niet kunnen verwijderen, dan mag je killafile hiervoor gebruiken.
    Killing the beasts inside your paradise since 2004

« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. controle
    Door Sille in forum HijackThis
    Reacties: 5
    Laatste bericht: 11 December 2005, 23:02
  2. ff ter controle
    Door gotenks in forum HijackThis
    Reacties: 8
    Laatste bericht: 11 December 2005, 15:51
  3. Ook ff ter controle
    Door Simply in forum HijackThis
    Reacties: 9
    Laatste bericht: 3 December 2005, 16:44
  4. even ter controle
    Door seb in forum HijackThis
    Reacties: 5
    Laatste bericht: 30 September 2005, 19:08

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels