Mededeling

Collapse
No announcement yet.

Logfile

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Logfile

    Zou iemand deze logfile eens willen controleren, de computer is erg traag en heeft last van irritante popups (reklame).

    alvast bedankt

    groeten

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\PAStiSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\system32\winlogon.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [flag loud mp3 bore] C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Regs hole.exe

    O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-21-1801674531-1004336348-725345543-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Job')

    O4 - HKUS\S-1-5-21-1801674531-1004336348-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Job')

    O4 - HKUS\S-1-5-21-1801674531-1004336348-725345543-1005\..\Run: [idol flaw] C:\DOCUME~1\Job\APPLIC~1\INTERN~1\Warn test grey.exe (User 'Job')

    O4 - HKUS\S-1-5-21-1801674531-1004336348-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Serra')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


    ps. computer heeft wel meerdere accounts.
    Last edited by Wood; 25-03-08, 13:21.

  • #2
    Probeer dit programma eens: LOP-uninstall.exe
    Voer bij “Uninstall verification“ de zevencijferige code in en klik “Uninstall“
    Klik bij “Legal notice” OK
    Sluit alle vensters en klik OK
    Wacht .......en klik bij “Uninstall complete for all users“ OK.

    Doe daarna dit:
    Download dit bestand: Deljob.exe (mirror)
    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen.
    Post de inhoud van logit.txt in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      LOP-uninstall.exe??

      Bedankt voor de snelle reactie, ik kan alleen het eerste programmaatje niet vinden (LOP-uninstall.exe) link werkt niet "The page cannot be found".

      groet

      Comment


      • #4
        Ik heb hem als bijlage aan deze post gedaan.

        Bijgevoegde Bestanden

        Comment


        • #5
          nieuwe logfile

          --------------------------------------------------------

          No LOP job-files found

          --------------------------------------------------------

          Files in Windows Tasks folder



          rpc.job

          --------------------------------------------------------

          Export App Data folders

          --------------------------------------------------------

          Het volume in station C heeft geen naam.

          Het volumenummer is A45F-2D8B



          Map van C:\Documents and Settings\Paul en Esther\Application Data



          29-02-2008 13:53 <DIR> .

          29-02-2008 13:53 <DIR> ..

          27-11-2007 16:07 <DIR> Adobe

          28-11-2007 09:05 <DIR> Ahead

          26-11-2007 21:46 <DIR> Hulabee

          16-11-2007 22:26 <DIR> IDENTI~1 Identities

          24-03-2008 21:58 <DIR> LIMEWI~1 LimeWirePlus

          27-11-2007 13:37 <DIR> MACROM~1 Macromedia

          04-03-2008 14:45 <DIR> MICROS~1 Microsoft

          29-02-2008 13:53 <DIR> SHOPPI~1 ShoppingReport

          25-11-2007 11:52 <DIR> Sun

          20-11-2007 20:00 <DIR> Vso

          0 bestand(en) 0 bytes

          12 map(pen) 87.125.614.592 bytes beschikbaar

          Het volume in station C heeft geen naam.

          Het volumenummer is A45F-2D8B



          Map van C:\Documents and Settings\All Users\Application Data



          10-03-2008 14:30 <DIR> .

          10-03-2008 14:30 <DIR> ..

          25-11-2007 11:42 <DIR> Adobe

          24-11-2007 21:42 <DIR> HEWLET~1 Hewlett-Packard

          26-11-2007 21:46 <DIR> Hulabee

          01-03-2008 12:35 <DIR> Lavasoft

          20-11-2007 20:27 <DIR> McAfee

          22-01-2008 20:53 <DIR> MICROS~1 Microsoft

          17-01-2008 20:05 <DIR> MSN6

          25-02-2008 19:25 <DIR> PHONES~1 Phone store flag loud

          26-11-2007 19:52 <DIR> QUICKT~1 QuickTime

          10-03-2008 14:05 <DIR> SPYBOT~1 Spybot - Search & Destroy

          10-03-2008 21:58 <DIR> TEMP

          17-11-2007 21:19 <DIR> WINDOW~1 Windows Genuine Advantage

          29-02-2008 17:28 <DIR> Winferno

          16-01-2008 20:14 <DIR> WLINST~1 WLInstaller

          0 bestand(en) 0 bytes

          16 map(pen) 87.125.614.592 bytes beschikbaar

          --------------------------------------------------------

          All User Accounts

          --------------------------------------------------------

































          Logfile of Trend Micro HijackThis v2.0.2

          Scan saved at 20:29:14, on 26-3-2008

          Platform: Windows XP SP2 (WinNT 5.01.2600)

          MSIE: Internet Explorer v7.00 (7.00.6000.16608)

          Boot mode: Normal



          Running processes:

          C:\WINDOWS\System32\smss.exe

          C:\WINDOWS\system32\winlogon.exe

          C:\WINDOWS\system32\services.exe

          C:\WINDOWS\system32\lsass.exe

          C:\WINDOWS\system32\svchost.exe

          C:\WINDOWS\System32\svchost.exe

          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

          C:\WINDOWS\system32\spoolsv.exe

          C:\Program Files\McAfee\Common Framework\FrameworkService.exe

          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

          C:\WINDOWS\System32\PAStiSvc.exe

          C:\WINDOWS\System32\svchost.exe

          C:\Program Files\Windows Live\Messenger\usnsvc.exe

          C:\WINDOWS\system32\winlogon.exe

          C:\Program Files\McAfee\Common Framework\UdaterUI.exe

          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

          C:\Program Files\QuickTime\qttask.exe

          C:\WINDOWS\system32\ctfmon.exe

          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

          C:\Program Files\McAfee\Common Framework\McTray.exe

          C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

          C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

          C:\WINDOWS\explorer.exe

          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

          R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

          O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

          O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

          O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

          O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

          O4 - HKUS\S-1-5-21-1801674531-1004336348-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Serra')

          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

          O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



          --

          End of file - 7376 bytes

          Comment


          • #6
            Ga naar Start - Uitvoeren en tik in: notepad.exe
            Klik op OK.
            Ga in Kladblok naar Opmaak, en haal het vinkje weg voor "Automatische terugloop".
            Sluit Kladblok terug af.

            Download: RVAXO.exe
            • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
            • Start de computer in veilige modus.
            • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
              Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
            • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
            • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
            • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
            • Post de inhoud van de logfile in je volgende bericht.
            Post ook een nieuw logje van Hijackthis

            Comment


            • #7
              nieuwe log

              RVAXO result:





              ---RVAXO.exe Updated: 2008-03-28---first run---

              Uninstallers:



              Files found:



              Folders Found:

              C:\Documents and Settings\Paul en Esther\Application Data\ShoppingReport

              C:\Program Files\OneStepSearch



              Hosts-file was reset, If you use a custom hosts file please replace it...



              --------------RVAXO.exe last run---------------

              Not deleted items:



              --------------RVAXO.exe finished----------------





              Hijack This result:







              Logfile of Trend Micro HijackThis v2.0.2

              Scan saved at 14:24:11, on 28-3-2008

              Platform: Windows XP SP2 (WinNT 5.01.2600)

              MSIE: Internet Explorer v7.00 (7.00.6000.16608)

              Boot mode: Normal



              Running processes:

              C:\WINDOWS\System32\smss.exe

              C:\WINDOWS\system32\winlogon.exe

              C:\WINDOWS\system32\services.exe

              C:\WINDOWS\system32\lsass.exe

              C:\WINDOWS\system32\svchost.exe

              C:\WINDOWS\System32\svchost.exe

              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

              C:\WINDOWS\system32\spoolsv.exe

              C:\Program Files\McAfee\Common Framework\FrameworkService.exe

              C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

              C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

              C:\WINDOWS\System32\PAStiSvc.exe

              C:\WINDOWS\System32\svchost.exe

              C:\WINDOWS\Explorer.EXE

              C:\WINDOWS\system32\wuauclt.exe

              C:\Program Files\McAfee\Common Framework\UdaterUI.exe

              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

              C:\Program Files\McAfee\Common Framework\McTray.exe

              C:\Program Files\QuickTime\qttask.exe

              C:\WINDOWS\system32\ctfmon.exe

              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

              R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

              O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

              O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

              O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

              O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

              O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

              O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

              O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

              O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

              O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

              O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



              --

              End of file - 7087 bytes

              Comment


              • #8
                Verwijder de volgende map:
                C:\Documents and Settings\All Users\Application Data\Phone store flag loud

                Maak dan je prullenbak leeg.

                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Ondervind je nog problemen?

                Comment


                • #9
                  Bedankt

                  Hartstikke bedankt voor alle moeite Smeenk, alles draait nu weer goed.



                  groeten

                  Marcel

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X