Mededeling

Collapse
No announcement yet.

Internet Explorer gehackt?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Internet Explorer gehackt?

    Ik heb een probleem met IE. De internet opties zijn niet benaderbaar en sommige functies werken niet in webpagina's, zoals vooruit en achteruit lopen door fotos's op Marktplaats.nl

    Hier volgt de HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:31:37, on 15-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    D:\Software\NMSAccess.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\VMware\VMware Player\vmplayer.exe
    C:\Program Files\VMware\VMware Player\bin\vmware-vmx.exe
    C:\Documents and Settings\Maurice\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {72456F24-52F0-4E4E-B739-B955E7A59A82} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: TBSB04703 - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barungo Bar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Barungo Bar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170529273296
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D50AE5-C180-4577-8CE1-4DD8632887DB}: NameServer = 192.168.2.1
    O20 - Winlogon Notify: khfcbcb - khfcbcb.dll (file missing)
    O20 - Winlogon Notify: qomlmkk - qomlmkk.dll (file missing)
    O20 - Winlogon Notify: vtuvwuv - vtuvwuv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NetOp Helper ver. 9.00 (2006348) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
    O23 - Service: NMSAccess - Unknown owner - D:\Software\NMSAccess.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    --
    End of file - 12543 bytes

    Bij voorbaat dank voor uw hulp.

  • #2
    zelf al wat gebruikt tegen vundo ?



    Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
    Als de computer schoon is, kun je TeaTimer weer aan zetten



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    R3 - URLSearchHook: (no name) - {72456F24-52F0-4E4E-B739-B955E7A59A82} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: TBSB04703 - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O20 - Winlogon Notify: khfcbcb - khfcbcb.dll (file missing)
    O20 - Winlogon Notify: qomlmkk - qomlmkk.dll (file missing)
    O20 - Winlogon Notify: vtuvwuv - vtuvwuv.dll (file missing)

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht.

    start sowieso opnieuw op en plaats de uitslag van mbam en een nieuw HJT logje aub.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Dank voor de aanwijzingen. Vanwege afwezigheid in het weekend, kon ik nu pas reageren.
      Het bat bestand voor teatimer geeft een foutmelding op getpath.vbs.
      Deze is niet aanwezig.
      Verder wel doorgegaan en later alle wijzigingen geaccepteerd.

      Hier komen de logfiles:
      Malwarebytes' Anti-Malware 1.11
      Database versie: 666

      Scan type: Volledige Scan (C:\|D:\|E:\|)
      Objecten gescand: 125123
      Verstreken tijd: 53 minute(s), 18 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 0
      Registersleutels geïnfecteerd: 11
      Registerwaarden geïnfecteerd: 0
      Registerdata bestanden geïnfecteerd: 0
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 1

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Softomate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\toolbar3.tbsb04703 (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\toolbar3.tbsb04703.1 (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{8ebbb49a-997b-455b-8295-15fdb86ae905} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{d95cc0ae-2cb0-42c3-baa7-baf0085c4363} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\TBSB04703.IEToolbar (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\TBSB04703.TBSB04703 (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB04703.TBSB04703Toolbar (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\TBSB04703 (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registerdata bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

      En de nieuwe HDT log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:31:18, on 21-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      D:\Software\NMSAccess.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\VMware\VMware Player\vmware-authd.exe
      C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
      C:\WINDOWS\system32\vmnat.exe
      C:\WINDOWS\system32\vmnetdhcp.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
      C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      D:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Documents and Settings\Maurice\Bureaublad\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
      O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170529273296
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D50AE5-C180-4577-8CE1-4DD8632887DB}: NameServer = 192.168.2.1
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
      O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NetOp Helper ver. 9.00 (2006348) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
      O23 - Service: NMSAccess - Unknown owner - D:\Software\NMSAccess.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
      O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
      O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
      O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

      --
      End of file - 11659 bytes

      Ter info: De Internetopties in IE zijn nog niet benaderbaar.

      Dinsdag ben ik niet aanwezig. Het kan even duren voor ik weer kan reageren, maar ik stel uw hulp heel erg op prijs.
      Bij voorbaat dank.

      Met vriendelijke groet,
      Maurice.

      Comment


      • #4
        Download eens IEFix:
        iefix

        Open het programma en voer het uit.
        Bij de vraag over het internet-protocol kies je "Ja".
        Herstart daarna het systeem eens.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Ik heb IEfix gedraaid. De protocolvraag gaat, zo lijkt het, alleen over het forceren van DHCP. Die heb ik met "nee" beantwoord, omdat de computer achter een router zit met vaste poortforwarding voor remote control.

          Alle door Spybot S&D gemelde wijzigingen in de registry heb ik uiteraard toegestaan tijdens de uitvoering van Iefix.
          De internetopties zijn nog niet benaderbaar, ook niet na een herstart.

          Een nieuwe HJT log heb ik ook gemaakt:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:44:50, on 24-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\D-Tools\daemon.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\WINDOWS\mHotkey.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
          C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
          C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          D:\Program Files\TomTom HOME 2\HOMERunner.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
          C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
          C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          D:\Software\NMSAccess.exe
          C:\Program Files\SPAMfighter\sfus.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          C:\Program Files\VMware\VMware Player\vmware-authd.exe
          C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
          C:\WINDOWS\system32\vmnat.exe
          C:\WINDOWS\system32\vmnetdhcp.exe
          C:\WINDOWS\system32\msiexec.exe
          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Documents and Settings\Maurice\Bureaublad\HiJackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R3 - URLSearchHook: (no name) - - (no file)
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
          O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
          O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
          O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170529273296
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D50AE5-C180-4577-8CE1-4DD8632887DB}: NameServer = 192.168.2.1
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
          O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
          O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NetOp Helper ver. 9.00 (2006348) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
          O23 - Service: NMSAccess - Unknown owner - D:\Software\NMSAccess.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
          O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
          O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
          O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
          O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

          --
          End of file - 10632 bytes

          Comment


          • #6
            Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
            - Start Spybot
            - Ga naar Mode > selecteer Advanced Mode
            - Ga naar Tools en klik op het Resident-icoon in de lijst
            - Haal het vinkje weg bij Resident TeaTimer en klik OK
            - Herstart de computer

            Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
            Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
            Als de computer schoon is, kun je TeaTimer weer aan zetten



            Start Hijackthis op en kies voor 'Do a system scan only'
            Selecteer alleen de items die hieronder zijn genoemd:

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            R3 - URLSearchHook: (no name) - - (no file)
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

            Sluit alle vensters behalve Hijackthis
            Klik op 'Fix checked' om de items te verwijderen.

            start opnieuw op aub.

            Ga naar,
            start > uitvoeren type daar sfc /scannow (denk om de spatie). cd van XP bij de hand houden, als er om gevraagd word in de speler stoppen en laten draaien.

            Laat even weten of het geholpen heeft.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Beste Juisterr,

              Als kennis van Maurice begeleid ik dit probleem.
              Ik heb zojuist vernomen dat hij een week op vakantie is.
              Ik kan daarom pas vanaf 5 mei bij zijn computer om de laatste aanwijzigen uit te voeren. Ik laat dan uiteraard weten of het geholpen heeft.

              Bert.

              Comment


              • #8
                Dat is prima, ik zal azrael even uitzetten.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  De instructies zijn uitgevoerd en het bladeren in foto's op bijv. Marktplaats werkt weer. De internet opties zijn nog steeds niet toegankelijk.
                  Ik heb een nieuwe HJT log gemaakt.

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 15:56:30, on 7-5-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                  C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
                  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\WINDOWS\Explorer.EXE
                  D:\Software\NMSAccess.exe
                  C:\Program Files\SPAMfighter\sfus.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  C:\Program Files\VMware\VMware Player\vmware-authd.exe
                  C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
                  C:\Program Files\D-Tools\daemon.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\WINDOWS\mHotkey.exe
                  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                  C:\Program Files\SPAMfighter\SFAgent.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
                  C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
                  C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
                  C:\WINDOWS\system32\vmnat.exe
                  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\system32\vmnetdhcp.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                  D:\Program Files\TomTom HOME 2\HOMERunner.exe
                  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                  C:\WINDOWS\system32\msiexec.exe
                  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\WINDOWS\system32\rundll32.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Documents and Settings\Maurice\Bureaublad\HiJackThis.exe

                  R3 - URLSearchHook: (no name) - - (no file)
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                  O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
                  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
                  O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
                  O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
                  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                  O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
                  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                  O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170529273296
                  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D50AE5-C180-4577-8CE1-4DD8632887DB}: NameServer = 192.168.2.1
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
                  O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
                  O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
                  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                  O23 - Service: NetOp Helper ver. 9.00 (2006348) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
                  O23 - Service: NMSAccess - Unknown owner - D:\Software\NMSAccess.exe
                  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                  O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
                  O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
                  O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
                  O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
                  O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

                  --
                  End of file - 10522 bytes

                  Comment


                  • #10
                    Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
                    - Start Spybot
                    - Ga naar Mode > selecteer Advanced Mode
                    - Ga naar Tools en klik op het Resident-icoon in de lijst
                    - Haal het vinkje weg bij Resident TeaTimer en klik OK
                    - Herstart de computer

                    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
                    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
                    Als de computer schoon is, kun je TeaTimer weer aan zetten


                    Start Hijackthis op en kies voor 'Do a system scan only'
                    Selecteer alleen de items die hieronder zijn genoemd:

                    R3 - URLSearchHook: (no name) - - (no file)
                    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

                    Sluit alle vensters behalve Hijackthis
                    Klik op 'Fix checked' om de items te verwijderen.



                    Download dit bestand, iefix
                    Dubbelklik op iefix.exe en voer het programma uit.

                    Herstel je webinstellingen: ga naar Configuratiescherm –- Internetopties –- tabblad Programma’s. Klik op de knop "Webinstellingen herstellen".

                    Ga naar Configuratiescherm --> Internetopties --> kies voor de tab "Beveiliging" --> stel voor de internet zone het "Standaardniveau" opnieuw in(knop "Standaardniveau" aanklikken en bevestigen met OK)

                    Ga naar: Configuratiescherm --> Internetopties --> Privacy en zet de schuifregelaar voor de instellingen met betrekking tot het toestaan van Cookies op "Normaal".

                    Herstart de computer en kijk of er verbetering is

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Ik heb beide regels in HJT verwijderd en IEfix gedraaid bij Maurice. De internetinstellingen benaderen via het configuratiescherm gaat niet. Het icoontje is er wel, maar er staat geen tekst "Internet opties" onder. Het wordt ook weergegeven als eerste icoon in dit scherm. Dat zal door de sortering van de lege naam komen.
                      Na een herstart in IE7 nog geen verbetering, d.w.z. de Opties zijn nog niet te benaderen.
                      Ik heb wel een nieuwe log gemaakt.

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 21:21:00, on 8-5-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                      C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
                      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\WINDOWS\Explorer.EXE
                      D:\Software\NMSAccess.exe
                      C:\Program Files\SPAMfighter\sfus.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      C:\Program Files\VMware\VMware Player\vmware-authd.exe
                      C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
                      C:\WINDOWS\system32\vmnat.exe
                      C:\WINDOWS\system32\vmnetdhcp.exe
                      C:\Program Files\D-Tools\daemon.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                      C:\WINDOWS\mHotkey.exe
                      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                      C:\Program Files\SPAMfighter\SFAgent.exe
                      C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
                      C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
                      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                      D:\Program Files\TomTom HOME 2\HOMERunner.exe
                      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                      C:\WINDOWS\system32\msiexec.exe
                      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                      C:\WINDOWS\system32\rundll32.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Documents and Settings\Maurice\Bureaublad\HiJackThis.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                      R3 - URLSearchHook: (no name) - - (no file)
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                      O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
                      O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
                      O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
                      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                      O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                      O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
                      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170529273296
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
                      O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D50AE5-C180-4577-8CE1-4DD8632887DB}: NameServer = 192.168.2.1
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
                      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
                      O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
                      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                      O23 - Service: NetOp Helper ver. 9.00 (2006348) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
                      O23 - Service: NMSAccess - Unknown owner - D:\Software\NMSAccess.exe
                      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
                      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
                      O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
                      O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
                      O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

                      --
                      End of file - 10706 bytes

                      Met vriendelijke groet,
                      Bert.

                      Comment


                      • #12
                        Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
                        - Start Spybot
                        - Ga naar Mode > selecteer Advanced Mode
                        - Ga naar Tools en klik op het Resident-icoon in de lijst
                        - Haal het vinkje weg bij Resident TeaTimer en klik OK
                        - Herstart de computer

                        Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
                        Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
                        Als de computer schoon is, kun je TeaTimer weer aan zetten

                        Installeer hijackthis.exe bijv. in C:\Program Files\Hijackthis
                        Dit in verband met de backups die dit programma maakt.

                        Start Hijackthis op en kies voor 'Do a system scan only'
                        Selecteer alleen de items die hieronder zijn genoemd:

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                        R3 - URLSearchHook: (no name) - - (no file)

                        Klik op 'Fix checked' om de items te verwijderen.


                        Misschien proberen IE7 opnieuw te installeren.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Sorry voor de late reactie, maar door drukte (bij mij) en een verblijf op een camping vanwege het mooie weer (bij Maurice) kon ik pas vanavond de laatste instructies uitvoeren.

                          Ik heb de 3 regels middels HJT verwijderd. Dat gaf geen verbetering. Het opnieuw downloaden en installeren van IE7 wel.
                          Maurice kan nu weer bij z'n internet opties en alles lijkt weer normaal.

                          Mede namens Maurice zeer veel dank voor de adviezen en assistentie.

                          Met vriendelijke groet,
                          Bert.

                          Comment


                          • #14
                            Prima Bert, IE7 geeft soms wel eens problemen inderdaad.

                            Windows 10 opstarten in Veilige Modus

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X