Mededeling

Collapse
No announcement yet.

PC problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • PC problemen

    Hallo, een collega van mij heeft wat probleempjes met zijn PC, hieronder staat aangegeven wat zijn problemen zijn plus een hijackthis logfile:

    Als ik via google een zoekopdracht doe, loopt internet explorer vast! Sites die ik in mijn favorieten heb staan opent hij wel gewoon welliswaar erg traag!

    Krijg ook regelmatig een site van media2.mediofileshost.com die automatisch opstart.

    Bij de accounts krijg ik een Rundll foutmelding; er is een fout opgetreden tijdens het laden van C:/documents en settings/…./locals/ temp/…..dll

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no
    file)
    O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common
    Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
    Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
    Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
    Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog
    Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D
    Dolphins\trioService.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
    Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BMa76c1eb8] Rundll32.exe
    "C:\WINDOWS\system32\clakogda.dll",s
    O4 - HKLM\..\Run: [a45f2d24] rundll32.exe
    "C:\WINDOWS\system32\gskhqvns.dll",b
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot -
    Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User
    'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu
    web_site.cab?1195329992734
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
    - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
    Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. -
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
    Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. -
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
    BackItUp\NBService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
    Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: STI Simulator - Unknown owner -
    C:\WINDOWS\System32\PAStiSvc.exe

    Alvast bedankt voor de moeite,

    vr.gr. Marcel

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      bedankt

      Das pas snel, bedankt ik heb je antwoord ff doorgemail naar mijn collega.

      vr.gr. Marcel

      Comment


      • #4
        Graag gedaan hoor

        P.S. laat je collega wel volledige logjes posten, het eerste logje was ook niet volledig, het bovenste deel ontbreekt namelijk

        Comment


        • #5
          bovenste deel

          Dat was mijn fout hier nog het ontbrekende bovenste deel:

          logfile of Trend Micro HijackThis v2.0.2

          Scan saved at 18:48:09, on 5-5-2008

          Platform: Windows XP SP2 (WinNT 5.01.2600)

          MSIE: Internet Explorer v7.00 (7.00.6000.16640)

          Boot mode: Normal



          Running processes:


          vr.gr. Marcel

          Comment


          • #6
            Ah, dat kan natuurlijk ook

            Comment


            • #7
              nieuwe log

              Hoi Smeenk,

              Mijn collega heeft gedaan wat je aangegeven had hieronder zijn reactie:


              Na de scan krijg ik nog steeds de volgende foutmelding bij het opstarten:

              Er is een fout opgetreden tijdens het laden van c:\windows\system32\tcnoyxlt.dll , kan opgegeven module niet vinden.


              Hierbij de Malware logfile:



              Malwarebytes' Anti-Malware 1.12

              Database versie: 731



              Scan type: Snelle Scan

              Objecten gescand: 67760

              Verstreken tijd: 21 minute(s), 23 second(s)



              Geheugenprocessen geïnfecteerd: 0

              Geheugenmodulen geïnfecteerd: 1

              Registersleutels geïnfecteerd: 14

              Registerwaarden geïnfecteerd: 2

              Registerdata bestanden geïnfecteerd: 2

              Mappen geïnfecteerd: 6

              Bestanden geïnfecteerd: 31



              Geheugenprocessen geïnfecteerd:

              (Geen kwaadaardige items gevonden)



              Geheugenmodulen geïnfecteerd:

              C:\WINDOWS\system32\opnlIAQH.dll (Trojan.Vundo) -> Unloaded module successfully.



              Registersleutels geïnfecteerd:

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bb32774-2709-4dff-929b-bbf3cb7fab92} (Trojan.Vundo) -> Delete on reboot.

              HKEY_CLASSES_ROOT\CLSID\{8bb32774-2709-4dff-929b-bbf3cb7fab92} (Trojan.Vundo) -> Delete on reboot.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2376fb3-3d0d-414d-83aa-3ad6ad6b111f} (Trojan.Vundo) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

              HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

              HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

              HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

              HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.



              Registerwaarden geïnfecteerd:

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a45f2d24 (Trojan.Agent) -> Quarantined and deleted successfully.

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMa76c1eb8 (Trojan.Agent) -> Delete on reboot.



              Registerdata bestanden geïnfecteerd:

              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnliaqh -> Delete on reboot.

              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnliaqh -> Delete on reboot.



              Mappen geïnfecteerd:

              C:\Documents and Settings\Arne\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.



              Bestanden geïnfecteerd:

              C:\WINDOWS\system32\bskntwsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\gswtnksb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\byXpmmNF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\FNmmpXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\efcdARif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\fiRAdcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\mkvkvwmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\jmwvkvkm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\opnlIAQH.dll (Trojan.Vundo) -> Delete on reboot.

              C:\WINDOWS\system32\HQAIlnpo.ini (Trojan.Vundo) -> Delete on reboot.

              C:\WINDOWS\system32\HQAIlnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\vfcglyjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\sjylgcfv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\wvUnOeEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\wEeOnUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\xuapybwn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\nwbypaux.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Local Settings\Temp\efcAQjjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Serra\Local Settings\Temp\ssqnoPGy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Serra\Local Settings\Temporary Internet Files\Content.IE5\86P43SFU\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Paul en Esther\Local Settings\Temporary Internet Files\Content.IE5\J93DENUW\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Local Settings\Temporary Internet Files\Content.IE5\OLODDTJX\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\Documents and Settings\Arne\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

              C:\WINDOWS\system32\tcnoyxlt.dll (Trojan.Agent) -> Delete on reboot.

              C:\Documents and Settings\Job\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.





              Hierbij die van Hijackthis:



              Logfile of Trend Micro HijackThis v2.0.2

              Scan saved at 18:42:59, on 8-5-2008

              Platform: Windows XP SP2 (WinNT 5.01.2600)

              MSIE: Internet Explorer v7.00 (7.00.6000.16640)

              Boot mode: Normal



              Running processes:

              C:\WINDOWS\System32\smss.exe

              C:\WINDOWS\system32\winlogon.exe

              C:\WINDOWS\system32\services.exe

              C:\WINDOWS\system32\lsass.exe

              C:\WINDOWS\system32\svchost.exe

              C:\WINDOWS\System32\svchost.exe

              C:\WINDOWS\system32\svchost.exe

              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

              C:\WINDOWS\system32\spoolsv.exe

              C:\Program Files\McAfee\Common Framework\FrameworkService.exe

              C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

              C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

              C:\WINDOWS\System32\PAStiSvc.exe

              C:\WINDOWS\System32\svchost.exe

              C:\WINDOWS\Explorer.EXE

              C:\Program Files\McAfee\Common Framework\UdaterUI.exe

              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

              C:\Program Files\McAfee\Common Framework\McTray.exe

              C:\Program Files\QuickTime\qttask.exe

              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

              C:\WINDOWS\system32\ctfmon.exe

              C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

              C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

              R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

              O2 - BHO: (no name) - {1252B39F-3957-4C94-8AC7-142C9017595B} - (no file)

              O2 - BHO: (no name) - {4EC3CA8D-40CE-4979-9CD3-3F51B5E0B85B} - (no file)

              O2 - BHO: (no name) - {58E42792-B903-4C91-9A41-238F9F495DC2} - (no file)

              O2 - BHO: (no name) - {6344589C-FBD6-47E9-9CCB-8CE2BC379130} - (no file)

              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

              O2 - BHO: {7e2a5362-f8c9-a078-1ae4-5a1c7fbd779a} - {a977dbf7-c1a5-4ea1-870a-9c8f2635a2e7} - C:\WINDOWS\system32\mebijkrs.dll

              O2 - BHO: (no name) - {c2a07ab4-c125-4fb3-91f4-dd54fbb05564} - (no file)

              O2 - BHO: (no name) - {FC46C03C-EBDF-4E9A-9F88-3777ADB92400} - (no file)

              O2 - BHO: (no name) - {FDB666CD-8FFB-446E-BB7A-EAC92959F06A} - (no file)

              O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)

              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

              O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

              O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

              O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

              O20 - Winlogon Notify: pmnolJDU - pmnolJDU.dll (file missing)

              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

              O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

              O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

              O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

              O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



              --

              End of file - 6928 bytes

              Comment


              • #8
                Start Hijackthis en vink alleen de volgende regels aan:
                R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
                O2 - BHO: (no name) - {1252B39F-3957-4C94-8AC7-142C9017595B} - (no file)
                O2 - BHO: (no name) - {4EC3CA8D-40CE-4979-9CD3-3F51B5E0B85B} - (no file)
                O2 - BHO: (no name) - {58E42792-B903-4C91-9A41-238F9F495DC2} - (no file)
                O2 - BHO: (no name) - {6344589C-FBD6-47E9-9CCB-8CE2BC379130} - (no file)
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O2 - BHO: {7e2a5362-f8c9-a078-1ae4-5a1c7fbd779a} - {a977dbf7-c1a5-4ea1-870a-9c8f2635a2e7} - C:\WINDOWS\system32\mebijkrs.dll
                O2 - BHO: (no name) - {c2a07ab4-c125-4fb3-91f4-dd54fbb05564} - (no file)
                O2 - BHO: (no name) - {FC46C03C-EBDF-4E9A-9F88-3777ADB92400} - (no file)
                O2 - BHO: (no name) - {FDB666CD-8FFB-446E-BB7A-EAC92959F06A} - (no file)
                O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
                O20 - Winlogon Notify: pmnolJDU - pmnolJDU.dll (file missing)

                Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                Herstart je computer.

                Post na de herstart een nieuw logje van Hijackthis

                Comment


                • #9
                  nieuwe log

                  Logfile of Trend Micro HijackThis v2.0.2

                  Scan saved at 19:51:40, on 8-5-2008

                  Platform: Windows XP SP2 (WinNT 5.01.2600)

                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                  Boot mode: Normal



                  Running processes:

                  C:\WINDOWS\System32\smss.exe

                  C:\WINDOWS\system32\winlogon.exe

                  C:\WINDOWS\system32\services.exe

                  C:\WINDOWS\system32\lsass.exe

                  C:\WINDOWS\system32\svchost.exe

                  C:\WINDOWS\System32\svchost.exe

                  C:\WINDOWS\system32\svchost.exe

                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

                  C:\WINDOWS\system32\spoolsv.exe

                  C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                  C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                  C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                  C:\WINDOWS\System32\PAStiSvc.exe

                  C:\WINDOWS\System32\svchost.exe

                  C:\WINDOWS\Explorer.EXE

                  C:\Program Files\McAfee\Common Framework\UdaterUI.exe

                  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

                  C:\Program Files\QuickTime\qttask.exe

                  C:\Program Files\McAfee\Common Framework\McTray.exe

                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

                  C:\WINDOWS\system32\ctfmon.exe

                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

                  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

                  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

                  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

                  O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

                  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

                  O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                  O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                  O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

                  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                  O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



                  --

                  End of file - 5873 bytes

                  Comment


                  • #10
                    Zijn er nog problemen?

                    Comment


                    • #11
                      foutmeldingen

                      Via de account van mijn collega heeft hij geen problemen meer, maar op de account van zijn zoontje krijgt hij de volgende foutmeldingen en een of ander bestand wat gevraagd word uit te voeren. Zie bijlage

                      groeten

                      Marcel
                      Bijgevoegde Bestanden

                      Comment


                      • #12
                        Laat hem vanaf dat account een logje van Hijackthis maken en post dat logje hier.

                        Comment


                        • #13
                          nieuwe log

                          Logfile of Trend Micro HijackThis v2.0.2

                          Scan saved at 9:48:00, on 9-5-2008

                          Platform: Windows XP SP2 (WinNT 5.01.2600)

                          MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                          Boot mode: Normal



                          Running processes:

                          C:\WINDOWS\Explorer.EXE

                          C:\Program Files\McAfee\Common Framework\UdaterUI.exe

                          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

                          C:\Program Files\QuickTime\qttask.exe

                          C:\Program Files\McAfee\Common Framework\McTray.exe

                          C:\WINDOWS\system32\ctfmon.exe

                          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

                          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

                          C:\Documents and Settings\Arne\HijackThis.exe



                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spele.nl/

                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

                          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

                          R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

                          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

                          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

                          O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

                          O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

                          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

                          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

                          O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Arne\LOCALS~1\Temp\pgmvkeoi.dll",run

                          O4 - HKCU\..\Run: [a45f2d24] rundll32.exe "C:\DOCUME~1\Arne\LOCALS~1\Temp\xxfmtglp.dll",b

                          O4 - HKCU\..\Run: [BMa76c1eb8] Rundll32.exe "C:\DOCUME~1\Arne\LOCALS~1\Temp\ljuefjxo.dll",s

                          O4 - HKCU\..\Run: [SBI] C:\Documents and Settings\Arne\Local Settings\Temporary Internet Files\Content.IE5\DVQPBLX8\install_sbd_nl[1].exe

                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

                          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

                          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

                          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

                          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

                          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

                          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                          O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



                          --

                          End of file - 5855 bytes

                          Comment


                          • #14
                            Start Hijackthis en vink alleen de volgende regels aan:
                            R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
                            O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Arne\LOCALS~1\Temp\pgmvkeoi.dll",run
                            O4 - HKCU\..\Run: [a45f2d24] rundll32.exe "C:\DOCUME~1\Arne\LOCALS~1\Temp\xxfmtglp.dll",b
                            O4 - HKCU\..\Run: [BMa76c1eb8] Rundll32.exe "C:\DOCUME~1\Arne\LOCALS~1\Temp\ljuefjxo.dll",s
                            O4 - HKCU\..\Run: [SBI] C:\Documents and Settings\Arne\Local Settings\Temporary Internet Files\Content.IE5\DVQPBLX8\install_sbd_nl[1].exe

                            Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                            Herstart je computer.

                            Post na de herstart een nieuw logje ter controle en vertel of er nog problemen zijn

                            Comment


                            • #15
                              nieuwe log en problemen zijn opgelost

                              Logfile of Trend Micro HijackThis v2.0.2

                              Scan saved at 17:43:19, on 9-5-2008

                              Platform: Windows XP SP2 (WinNT 5.01.2600)

                              MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                              Boot mode: Normal



                              Running processes:

                              C:\WINDOWS\System32\smss.exe

                              C:\WINDOWS\system32\winlogon.exe

                              C:\WINDOWS\system32\services.exe

                              C:\WINDOWS\system32\lsass.exe

                              C:\WINDOWS\system32\svchost.exe

                              C:\WINDOWS\System32\svchost.exe

                              C:\WINDOWS\system32\svchost.exe

                              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

                              C:\WINDOWS\system32\spoolsv.exe

                              C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                              C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                              C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                              C:\WINDOWS\System32\PAStiSvc.exe

                              C:\WINDOWS\System32\svchost.exe

                              C:\WINDOWS\Explorer.EXE

                              C:\Program Files\McAfee\Common Framework\UdaterUI.exe

                              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

                              C:\Program Files\McAfee\Common Framework\McTray.exe

                              C:\Program Files\QuickTime\qttask.exe

                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

                              C:\WINDOWS\system32\ctfmon.exe

                              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

                              C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

                              C:\Documents and Settings\Arne\HijackThis.exe

                              C:\WINDOWS\system32\wuauclt.exe



                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spele.nl/

                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

                              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

                              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

                              O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

                              O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

                              O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "

                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

                              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

                              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

                              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195329992734

                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

                              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

                              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

                              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

                              O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                              O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                              O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

                              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                              O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe



                              --

                              End of file - 6256 bytes



                              Smeenk bedankt voor al je moeite en tijd ook namens mijn collega de problemen zijn opgelost.

                              vr.gr. Marcel

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X