Mededeling

Collapse
No announcement yet.

kan trojan vundo niet verwijderen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • kan trojan vundo niet verwijderen

    hai ik heb zowat me computer gescand en heel wat virussen verwijderd.Maar die Trojan vundo kan ik helaas niet verwijderen.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:27:48, on 26-3-2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PC Auto Shutdown\ShutdownService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlinesoccermanager.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
    O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\System32\pmnkjji.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199328621828
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O20 - Winlogon Notify: pmnkjji - C:\WINDOWS\SYSTEM32\pmnkjji.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7059 bytes

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      bedankt voor je reactie smeenk hier heb je me vbg logje


      [03/27/2008, 0:58:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kendo\Bureaublad\VirtumundoBeGone.exe" )
      [03/27/2008, 0:58:29] - Detected System Information:
      [03/27/2008, 0:58:29] - Windows Version: 5.1.2600, Service Pack 1
      [03/27/2008, 0:58:29] - Current Username: Kendo (Admin)
      [03/27/2008, 0:58:29] - Windows is in NORMAL mode.
      [03/27/2008, 0:58:29] - Searching for Browser Helper Objects:
      [03/27/2008, 0:58:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [03/27/2008, 0:58:29] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
      [03/27/2008, 0:58:29] - BHO 3: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} ()
      [03/27/2008, 0:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/27/2008, 0:58:29] - Checking for HKLM\...\Winlogon\Notify\pmnkjji
      [03/27/2008, 0:58:29] - Found: HKLM\...\Winlogon\Notify\pmnkjji - This is probably Virtumundo.
      [03/27/2008, 0:58:29] - Assigning {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} MSEvents Object
      [03/27/2008, 0:58:29] - BHO list has been changed! Starting over...
      [03/27/2008, 0:58:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [03/27/2008, 0:58:29] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
      [03/27/2008, 0:58:29] - BHO 3: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} (MSEvents Object)
      [03/27/2008, 0:58:29] - ALERT: Found MSEvents Object!
      [03/27/2008, 0:58:29] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/27/2008, 0:58:29] - BHO 5: {811C2D3B-7AB4-4C89-BB24-DFF845EA3D94} ()
      [03/27/2008, 0:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/27/2008, 0:58:29] - Checking for HKLM\...\Winlogon\Notify\jkklj
      [03/27/2008, 0:58:29] - Key not found: HKLM\...\Winlogon\Notify\jkklj, continuing.
      [03/27/2008, 0:58:29] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [03/27/2008, 0:58:29] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [03/27/2008, 0:58:29] - BHO 8: {b5dfe6a9-4855-432c-b1cb-440d04fcf500} ()
      [03/27/2008, 0:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/27/2008, 0:58:29] - Checking for HKLM\...\Winlogon\Notify\anwjocsj
      [03/27/2008, 0:58:29] - Key not found: HKLM\...\Winlogon\Notify\anwjocsj, continuing.
      [03/27/2008, 0:58:29] - Finished Searching Browser Helper Objects
      [03/27/2008, 0:58:29] - *** Detected MSEvents Object
      [03/27/2008, 0:58:29] - Trying to remove MSEvents Object...
      [03/27/2008, 0:58:30] - Terminating Process: IEXPLORE.EXE
      [03/27/2008, 0:58:31] - Terminating Process: RUNDLL32.EXE
      [03/27/2008, 0:58:31] - Disabling Automatic Shell Restart
      [03/27/2008, 0:58:31] - Terminating Process: EXPLORER.EXE
      [03/27/2008, 0:58:31] - Suspending the NT Session Manager System Service
      [03/27/2008, 0:58:32] - Terminating Windows NT Logon/Logoff Manager
      [03/27/2008, 0:58:32] - Re-enabling Automatic Shell Restart
      [03/27/2008, 0:58:32] - File to disable: C:\WINDOWS\System32\pmnkjji.dll
      [03/27/2008, 0:58:32] - Renaming C:\WINDOWS\System32\pmnkjji.dll -> C:\WINDOWS\System32\pmnkjji.dll.vir
      [03/27/2008, 0:58:32] - File successfully renamed!
      [03/27/2008, 0:58:32] - Removing HKLM\...\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
      [03/27/2008, 0:58:32] - Removing HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
      [03/27/2008, 0:58:32] - Adding Kill Bit for ActiveX for GUID: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
      [03/27/2008, 0:58:32] - Deleting ATLEvents/MSEvents Registry entries
      [03/27/2008, 0:58:32] - Removing HKLM\...\Winlogon\Notify\pmnkjji
      [03/27/2008, 0:58:32] - Searching for Browser Helper Objects:
      [03/27/2008, 0:58:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [03/27/2008, 0:58:32] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
      [03/27/2008, 0:58:32] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/27/2008, 0:58:32] - BHO 4: {811C2D3B-7AB4-4C89-BB24-DFF845EA3D94} ()
      [03/27/2008, 0:58:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/27/2008, 0:58:32] - Checking for HKLM\...\Winlogon\Notify\jkklj
      [03/27/2008, 0:58:32] - Key not found: HKLM\...\Winlogon\Notify\jkklj, continuing.
      [03/27/2008, 0:58:32] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [03/27/2008, 0:58:32] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [03/27/2008, 0:58:32] - BHO 7: {b5dfe6a9-4855-432c-b1cb-440d04fcf500} ()
      [03/27/2008, 0:58:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/27/2008, 0:58:32] - Checking for HKLM\...\Winlogon\Notify\anwjocsj
      [03/27/2008, 0:58:32] - Key not found: HKLM\...\Winlogon\Notify\anwjocsj, continuing.
      [03/27/2008, 0:58:32] - Finished Searching Browser Helper Objects
      [03/27/2008, 0:58:32] - Finishing up...
      [03/27/2008, 0:58:32] - A restart is needed.
      [03/27/2008, 0:58:35] - Attempting to Restart via STOP error (Blue Screen!)



      RVAXO logje

      ---RVAXO.exe Updated: 2008-03-27---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\tasks\At1.job
      C:\WINDOWS\tasks\At2.job
      C:\WINDOWS\tasks\At3.job
      C:\WINDOWS\tasks\At4.job
      C:\WINDOWS\tasks\At5.job
      C:\WINDOWS\tasks\At6.job
      C:\WINDOWS\tasks\At7.job
      C:\WINDOWS\tasks\At8.job
      C:\WINDOWS\tasks\At9.job
      C:\WINDOWS\tasks\At10.job
      C:\WINDOWS\tasks\At11.job
      C:\WINDOWS\tasks\At12.job
      C:\WINDOWS\tasks\At13.job
      C:\WINDOWS\tasks\At14.job
      C:\WINDOWS\tasks\At15.job
      C:\WINDOWS\tasks\At16.job
      C:\WINDOWS\tasks\At17.job
      C:\WINDOWS\tasks\At18.job
      C:\WINDOWS\tasks\At19.job
      C:\WINDOWS\tasks\At20.job
      C:\WINDOWS\tasks\At21.job
      C:\WINDOWS\tasks\At22.job
      C:\WINDOWS\tasks\At23.job
      C:\WINDOWS\tasks\At24.job
      C:\WINDOWS\system32\pmnkjji.dll.vir
      C:\WINDOWS\system32\jlkkj.ini2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\system32\pac.txt

      Folders Found:
      C:\Documents and Settings\All Users\Application Data\SalesMon

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------







      hijachkthis log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:18:46, on 27-3-2008
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
      C:\Program Files\Microsoft LifeCam\MSCamS32.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\PC Auto Shutdown\ShutdownService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\System32\RunDll32.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\WINDOWS\vVX3000.exe
      C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\WINDOWS\System32\Rundll32.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlinesoccermanager.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {8269A3E4-1A17-4DA3-92CA-BCB1242E70FC} - C:\WINDOWS\System32\jkklj.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: {005fcf40-d044-bc1b-c234-55849a6efd5b} - {b5dfe6a9-4855-432c-b1cb-440d04fcf500} - C:\WINDOWS\System32\anwjocsj.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
      O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [7c3be17e] rundll32.exe "C:\WINDOWS\System32\oilucdun.dll",b
      O4 - HKLM\..\Run: [BM7f08d2e2] Rundll32.exe "C:\WINDOWS\System32\krtkpfdk.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199328621828
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
      O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

      --
      End of file - 7179 bytes

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        ren C:\WINDOWS\System32\oilucdun.dll oilucdun.bak
        ren C:\WINDOWS\System32\krtkpfdk.dll krtkpfdk.bak
        ren C:\WINDOWS\System32\anwjocsj.dll anwjocsj.bak
        ren C:\WINDOWS\System32\jkklj.dll jkklj.bak
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\System32\oilucdun.bak
        C:\WINDOWS\System32\krtkpfdk.bak
        C:\WINDOWS\System32\anwjocsj.bak
        C:\WINDOWS\System32\jkklj.bak
        C:\WINDOWS\BM7f08d2e2.xml
        C:\WINDOWS\BM7f08d2e2.txt
        C:\WINDOWS\System32\oilucdun.dll
        C:\WINDOWS\System32\krtkpfdk.dll
        C:\WINDOWS\System32\anwjocsj.dll
        C:\WINDOWS\System32\jkklj.dll
        C:\WINDOWS\system32\jlkkj.ini
        C:\WINDOWS\system32\jlkkj.ini2
        C:\WINDOWS\pskt.ini) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Herstart je computer en post dan ook een nieuw logje van Hijackthis

        Comment


        • #5
          Deleting files
          C:\WINDOWS\System32\oilucdun.bak not deleted
          C:\WINDOWS\System32\krtkpfdk.bak not deleted
          C:\WINDOWS\System32\anwjocsj.bak not deleted
          C:\WINDOWS\System32\jkklj.bak not found
          C:\WINDOWS\BM7f08d2e2.xml deleted
          C:\WINDOWS\BM7f08d2e2.txt deleted
          C:\WINDOWS\System32\oilucdun.dll not found
          C:\WINDOWS\System32\krtkpfdk.dll not found
          C:\WINDOWS\System32\anwjocsj.dll not found
          C:\WINDOWS\System32\jkklj.dll not deleted
          C:\WINDOWS\system32\jlkkj.ini deleted
          C:\WINDOWS\system32\jlkkj.ini2 deleted
          C:\WINDOWS\pskt.ini deleted









          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:11:28, on 27-3-2008
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\RunDll32.exe
          C:\WINDOWS\System32\RUNDLL32.EXE
          C:\WINDOWS\vVX3000.exe
          C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\WINDOWS\System32\rundll32.exe
          C:\Program Files\Softwin\BitDefender10\bdmcon.exe
          C:\Program Files\Softwin\BitDefender10\bdagent.exe
          C:\WINDOWS\System32\Rundll32.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
          C:\Program Files\Microsoft LifeCam\MSCamS32.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\PC Auto Shutdown\ShutdownService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Softwin\BitDefender10\vsserv.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlinesoccermanager.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R3 - URLSearchHook: (no name) - - (no file)
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {2EDEAEAA-568F-4D4C-BD9E-37DD58CFEE80} - C:\WINDOWS\System32\jkklj.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
          O2 - BHO: {005fcf40-d044-bc1b-c234-55849a6efd5b} - {b5dfe6a9-4855-432c-b1cb-440d04fcf500} - C:\WINDOWS\System32\anwjocsj.dll (file missing)
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
          O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
          O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [7c3be17e] rundll32.exe "C:\WINDOWS\System32\oilucdun.dll",b
          O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
          O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
          O4 - HKLM\..\Run: [BM7f08d2e2] Rundll32.exe "C:\WINDOWS\System32\krtkpfdk.dll",s
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199328621828
          O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
          O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
          O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
          O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

          --
          End of file - 7207 bytes

          Comment


          • #6
            Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
            Dubbelklik op KillAFile.exe om de tool te starten.
            In het keuzemenu kies je voor optie 1:
            1: Delete a file on reboot
            Wanneer deze melding verschijnt
            Code:
            Insert full path and filename to delete.
            and then press enter:
            tik je dit in: C:\WINDOWS\System32\jkklj.dll
            Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
            Sta dit toe.
            Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

            Dubbelklik daarna een keer opnieuw op del.bat en post dat logje ook.

            Comment


            • #7
              hai nu ik me computer opnieuw gestart krijg ik een error melding van oilucdun.dll kan opgegeven module niet vinden hoort dat eigenlijk zo?
              En ik heb ook een file die jkkll.dll me computer zegt dat het ook een trojan is moet ik die ook dan maar handmatig verwijderen?




              KILLAFILE - logfile


              Running from: "C:\Documents and Settings\Kendo\Bureaublad"

              Delete on reboot: C:\WINDOWS\System32\jkklj.dll

              --- Rebooting the computer ---

              C:\WINDOWS\System32\jkklj.dll deleted


              Finished!







              Deleting files
              C:\WINDOWS\System32\oilucdun.bak deleted
              C:\WINDOWS\System32\krtkpfdk.bak deleted
              C:\WINDOWS\System32\anwjocsj.bak deleted
              C:\WINDOWS\System32\jkklj.bak not found
              C:\WINDOWS\BM7f08d2e2.xml not found
              C:\WINDOWS\BM7f08d2e2.txt deleted
              C:\WINDOWS\System32\oilucdun.dll not found
              C:\WINDOWS\System32\krtkpfdk.dll not found
              C:\WINDOWS\System32\anwjocsj.dll not found
              C:\WINDOWS\System32\jkklj.dll not found
              C:\WINDOWS\system32\jlkkj.ini not found
              C:\WINDOWS\system32\jlkkj.ini2 not found
              C:\WINDOWS\pskt.ini not found

              Comment


              • #8
                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                O2 - BHO: (no name) - {2EDEAEAA-568F-4D4C-BD9E-37DD58CFEE80} - C:\WINDOWS\System32\jkklj.dll (file missing)
                O2 - BHO: {005fcf40-d044-bc1b-c234-55849a6efd5b} - {b5dfe6a9-4855-432c-b1cb-440d04fcf500} - C:\WINDOWS\System32\anwjocsj.dll (file missing)
                O4 - HKLM\..\Run: [7c3be17e] rundll32.exe "C:\WINDOWS\System32\oilucdun.dll",b
                O4 - HKLM\..\Run: [BM7f08d2e2] Rundll32.exe "C:\WINDOWS\System32\krtkpfdk.dll",s

                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Herstart je computer.

                Vertel na de herstart of er nog problemen zijn en post een logje van Hijackthis ter controle

                Comment


                • #9
                  gelukkig heb ik die melding niet meer en hoe zit het met die jkkll.dll want me virus scanner zegt dat het een trojan.vundo.EEN is gewoon handmatig verwijderen??



                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 22:41:46, on 27-3-2008
                  Platform: Windows XP SP1 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\System32\RunDll32.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\WINDOWS\System32\RUNDLL32.EXE
                  C:\WINDOWS\vVX3000.exe
                  C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\Softwin\BitDefender10\bdmcon.exe
                  C:\Program Files\Softwin\BitDefender10\bdagent.exe
                  C:\WINDOWS\System32\ctfmon.exe
                  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
                  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
                  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
                  C:\Program Files\Microsoft LifeCam\MSCamS32.exe
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\Program Files\PC Auto Shutdown\ShutdownService.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
                  C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
                  C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
                  C:\Program Files\Softwin\BitDefender10\vsserv.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\WINDOWS\System32\wuauclt.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlinesoccermanager.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                  R3 - URLSearchHook: (no name) - - (no file)
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
                  O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
                  O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
                  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
                  O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} (xpreload.xpreloader) - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199328621828
                  O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
                  O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
                  O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                  O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
                  O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
                  O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

                  --
                  End of file - 6697 bytes

                  Comment


                  • #10
                    Er kunnen inderdaad nog wat restantjes zijn

                    Download dit bestand: zoek.exe
                    Dubbelklik het, na een tijdje opent er een logje.
                    Post de inhoud van dit logje in je volgende bericht

                    Comment


                    • #11
                      ======C:\WINDOWS====
                      ----a-w 0 2008-03-27 21:38:51 C:\WINDOWS\0.log
                      --s-a-w 2,048 2008-03-27 21:38:31 C:\WINDOWS\bootstat.dat
                      ----a-w 116 2008-03-27 00:11:22 C:\WINDOWS\NeroDigital.ini
                      ----a-w 342,560 2008-03-27 00:13:02 C:\WINDOWS\ntbtlog.txt
                      ----a-w 32,498 2008-03-27 00:09:39 C:\WINDOWS\SchedLgU.Txt
                      ----a-w 159 2008-03-27 21:38:45 C:\WINDOWS\wiadebug.log
                      ----a-w 49 2008-03-27 21:38:45 C:\WINDOWS\wiaservc.log
                      ----a-w 741 2008-03-27 00:37:16 C:\WINDOWS\win.ini
                      ----a-w 1,821,928 2008-03-27 21:38:47 C:\WINDOWS\WindowsUpdate.log

                      Entries: 9 (8)
                      Directories: 0 Files: 9
                      Bytes: 2,200,099 Blocks: 4,302
                      ======C:\WINDOWS\system32=====
                      ----a-w 81,984 2008-03-27 22:18:44 C:\WINDOWS\System32\bdod.bin
                      ----a-w 0 2008-03-27 21:38:46 C:\WINDOWS\System32\bdss.log
                      ----a-w 315,536 2008-03-26 19:18:21 C:\WINDOWS\System32\ddcya.dll
                      ----a-w 315,536 2008-03-26 22:54:07 C:\WINDOWS\System32\jkkll.dll
                      --sh--w 1,587,054 2008-03-27 11:05:32 C:\WINDOWS\System32\nudculio.ini
                      ----a-w 40,836 2008-03-27 21:33:29 C:\WINDOWS\System32\perfc009.dat
                      ----a-w 54,262 2008-03-27 21:33:29 C:\WINDOWS\System32\perfc013.dat
                      ----a-w 314,508 2008-03-27 21:33:29 C:\WINDOWS\System32\perfh009.dat
                      ----a-w 367,234 2008-03-27 21:33:29 C:\WINDOWS\System32\perfh013.dat
                      ----a-w 777,840 2008-03-27 21:33:29 C:\WINDOWS\System32\PerfStringBackup.INI
                      ----a-w 315,536 2008-03-26 17:57:06 C:\WINDOWS\System32\pmkjg.dll
                      ----a-w 315,536 2008-03-26 20:43:53 C:\WINDOWS\System32\pmnnn.dll
                      ----a-w 53,248 2008-03-27 18:53:05 C:\WINDOWS\System32\process.exe
                      ----a-w 4,096 2008-03-27 18:53:05 C:\WINDOWS\System32\reboot.exe
                      ----a-w 90,112 2008-03-27 18:53:05 C:\WINDOWS\System32\regdacl.exe
                      ----a-w 16,384 2008-03-27 18:53:05 C:\WINDOWS\System32\restart.exe
                      ----a-w 760,356 2008-03-27 00:05:28 C:\WINDOWS\System32\RVAXO.bat
                      ----a-w 279,552 2008-03-27 18:53:05 C:\WINDOWS\System32\swreg.exe

                      Entries: 18 (17)
                      Directories: 0 Files: 18
                      Bytes: 5,689,610 Blocks: 11,120
                      =======C:\Program Files=====
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      =======C:=====
                      ----a-w 1,062 2008-03-27 00:12:34 C:\firstrun5.log
                      --sha-w 536,399,872 2008-03-27 21:38:30 C:\hiberfil.sys
                      ----a-w 230 2008-03-27 18:56:40 C:\kaflog.txt
                      --sha-w 805,306,368 2008-03-27 21:38:29 C:\pagefile.sys
                      ----a-w 1,197 2008-03-27 00:14:02 C:\RVAXO-results.log
                      ----a-w 99,871 2008-03-27 00:14:55 C:\RVAXO-Vfind.log

                      Entries: 6 (4)
                      Directories: 0 Files: 6
                      Bytes: 1,341,808,600 Blocks: 2,620,723
                      ======C:\Documents and Settings\Kendo\Application Data======
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      ======C:\Temp======
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      ======C:\Documents and Settings\Kendo======
                      ----a-w 5,505,024 2008-03-27 21:37:30 C:\Documents and Settings\Kendo\ntuser.dat
                      ---ha-w 1,196,032 2008-03-27 22:19:43 C:\Documents and Settings\Kendo\ntuser.dat.LOG
                      --sh--w 290 2008-03-27 21:37:30 C:\Documents and Settings\Kendo\ntuser.ini

                      Entries: 3 (1)
                      Directories: 0 Files: 3
                      Bytes: 6,701,346 Blocks: 13,089
                      =============

                      Comment


                      • #12
                        Open een kladblokbestand.
                        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                        @ECHO OFF
                        IF EXIST log.txt DEL log.txt
                        ECHO Deleting files>>log.txt
                        FOR %%g in (
                        C:\WINDOWS\System32\ddcya.dll
                        C:\WINDOWS\System32\jkkll.dll
                        C:\WINDOWS\System32\nudculio.ini
                        C:\WINDOWS\System32\pmkjg.dll
                        C:\WINDOWS\System32\pmnnn.dll) DO (
                        IF EXIST %%g (
                        ATTRIB -r -s -h %%g
                        DEL %%g
                        IF EXIST %%g (
                        ECHO %%g not deleted>>log.txt
                        ) ELSE (
                        ECHO %%g deleted>>log.txt)
                        ) ELSE (
                        ECHO %%g not found>>log.txt))
                        START NOTEPAD.EXE log.txt

                        Ga naar Bestand - Opslaan als.
                        Bij "Opslaan in" kies je: Bureaublad
                        Bij "Bestandsnaam" zet je: del.bat
                        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                        Klik op de knop Opslaan.

                        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                        Comment


                        • #13
                          Deleting files
                          C:\WINDOWS\System32\ddcya.dll not deleted
                          C:\WINDOWS\System32\jkkll.dll not deleted
                          C:\WINDOWS\System32\nudculio.ini deleted
                          C:\WINDOWS\System32\pmkjg.dll not deleted
                          C:\WINDOWS\System32\pmnnn.dll not deleted

                          Comment


                          • #14
                            Blijkbaar toch nog geladen, proberen we het overnieuw:

                            Open een kladblokbestand.
                            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                            @ECHO OFF
                            ren C:\WINDOWS\System32\ddcya.dll ddcya.bak
                            ren C:\WINDOWS\System32\jkkll.dll jkkll.bak
                            ren C:\WINDOWS\System32\pmkjg.dll pmkjg.bak
                            ren C:\WINDOWS\System32\pmnnn.dll pmnnn.bak
                            IF EXIST log.txt DEL log.txt
                            ECHO Deleting files>>log.txt
                            FOR %%g in (
                            C:\WINDOWS\System32\ddcya.bak
                            C:\WINDOWS\System32\jkkll.bak
                            C:\WINDOWS\System32\pmkjg.bak
                            C:\WINDOWS\System32\pmnnn.bak
                            C:\WINDOWS\System32\ddcya.dll
                            C:\WINDOWS\System32\jkkll.dll
                            C:\WINDOWS\System32\pmkjg.dll
                            C:\WINDOWS\System32\pmnnn.dll) DO (
                            IF EXIST %%g (
                            ATTRIB -r -s -h %%g
                            DEL %%g
                            IF EXIST %%g (
                            ECHO %%g not deleted>>log.txt
                            ) ELSE (
                            ECHO %%g deleted>>log.txt)
                            ) ELSE (
                            ECHO %%g not found>>log.txt))
                            START NOTEPAD.EXE log.txt

                            Ga naar Bestand - Opslaan als.
                            Bij "Opslaan in" kies je: Bureaublad
                            Bij "Bestandsnaam" zet je: del.bat
                            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                            Klik op de knop Opslaan.

                            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                            Last edited by smeenk; 28-03-08, 00:35.

                            Comment


                            • #15
                              Deleting files
                              ren not found
                              C:\WINDOWS\System32\ddcya.bak not found
                              ren not found
                              C:\WINDOWS\System32\jkkll.bak not found
                              ren not found
                              C:\WINDOWS\System32\pmkjg.bak not found
                              ren not found
                              C:\WINDOWS\System32\pmnnn.bak not found
                              C:\WINDOWS\System32\ddcya.dll not deleted
                              C:\WINDOWS\System32\jkkll.dll not deleted
                              C:\WINDOWS\System32\pmkjg.dll not deleted
                              C:\WINDOWS\System32\pmnnn.dll not deleted

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X