Mededeling

Collapse
No announcement yet.

Hulp gevraagd bij ongewenste pop-ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hulp gevraagd bij ongewenste pop-ups

    Beste mensen,

    Had een logje geplaatst op bendeboy, maar begrijp dat die nu even niet werkt.

    Heb ongewenste pop-ups via de browser. Heb inmiddels nanoscan gedraaid (haalde o.a. een sbot er uit), adaware, spybot AGV virus scan en spyware. Cureit van Dr. Web wil express scan draaien (komt niks uit), maar klapt er uit bij de total scan. (???)

    Tweede totalscan van nanoscan haalde een NaviPro er uit, maar kon hem niet desinfecteren. Deze zou in de windowsmediaspeler zitten. (Heb logje van Nanoscan eventueel beschikbaar).

    Hierbij de HijackThis-log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:41:19 PM, on 1/7/2008
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\system32\Brmfrmps.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Caplio Software\RGateL.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webstats4u.com/s?tab=1&link=1&id=1382022
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe
    O2 - BHO: (no name) - {03F0CEA5-DF3C-BB10-208F-A4FE48CDCFA1} - (no file)
    O2 - BHO: (no name) - {05F2B58C-72F8-78ED-7C61-61BD10976DFB} - (no file)
    O2 - BHO: (no name) - {05F51C6D-2EB0-3DDA-37AC-BFE0F9FC37A0} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CD3BAF4-1736-4ED7-A1CB-0CBC51C31C71} - C:\Program Files\Windows Media Player\mezone.dll (file missing)
    O2 - BHO: (no name) - {24EE2E2A-54AE-A1EF-E24C-2C1402FC01F4} - (no file)
    O2 - BHO: (no name) - {2B89B450-BDCF-7C23-0BCE-21BAC69C82D3} - (no file)
    O2 - BHO: (no name) - {2CFF74DE-EF5B-30E0-3DFD-DFC89C055103} - (no file)
    O2 - BHO: (no name) - {30D2EFE9-DACC-AC9F-26DF-F6860CF3B994} - (no file)
    O2 - BHO: (no name) - {312FE8C7-7E5D-44EB-73CC-3D24B584075C} - (no file)
    O2 - BHO: (no name) - {37ACD5DE-34EE-097E-6314-08BC4FB0BFC7} - (no file)
    O2 - BHO: (no name) - {388F0C22-E0AC-EB28-E293-041BDEBC7CAF} - (no file)
    O2 - BHO: (no name) - {3A3A7F6B-4A55-A5AC-11B5-A1DD4FAE6CEB} - (no file)
    O2 - BHO: (no name) - {3A5E645A-B1E4-80AC-D7F1-F96828A375F7} - (no file)
    O2 - BHO: (no name) - {3B38EAF8-AE0C-F2FA-46EB-31F22E5D8CC2} - (no file)
    O2 - BHO: (no name) - {3BCE9B5C-C53D-B7AF-505C-BD4F5CDC3E86} - (no file)
    O2 - BHO: (no name) - {3E85F827-5873-A64C-EBD3-2A39DDC4AA0D} - (no file)
    O2 - BHO: (no name) - {4A4C2D3E-08FD-BF58-0C8C-04D3D004C296} - (no file)
    O2 - BHO: (no name) - {4E29C71B-48B7-5CF1-24A7-8D9EDDDC6E0F} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5BDF17C5-4F8A-1ED7-615F-FDE64F7D0DA8} - (no file)
    O2 - BHO: (no name) - {616E4574-63C9-FBAE-3D1D-17EC1A07A3E1} - (no file)
    O2 - BHO: (no name) - {64CB3F12-AAFB-A83E-6361-76593CF19C30} - (no file)
    O2 - BHO: (no name) - {735922DF-B8D2-DF5C-E0AB-30C7AF6E3103} - (no file)
    O2 - BHO: (no name) - {737DFD9B-23BC-AB7B-0CD2-44CE57FD2AD3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {773DA40C-AC2D-062C-7F47-2A26FF30B14B} - (no file)
    O2 - BHO: (no name) - {7ED29702-D517-4DF8-DDF2-B99D3EECB8DD} - (no file)
    O2 - BHO: (no name) - {812BCD24-8CA6-DE46-4D73-C6640816FAA0} - (no file)
    O2 - BHO: (no name) - {8BEE9A72-C9B2-DFFD-564C-77F9AA37CFCB} - (no file)
    O2 - BHO: (no name) - {9129BD49-62CC-C4EC-BE03-FE0EBF7815A7} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {9D8AF4F8-FF29-FCEF-5A7B-24A3EB06DF8E} - (no file)
    O2 - BHO: (no name) - {9DBAE642-BA50-519A-EE7A-D93CB0A51139} - (no file)
    O2 - BHO: (no name) - {9DF34062-D743-221C-0B4B-ADFEA3777AB0} - (no file)
    O2 - BHO: (no name) - {A0EE57BC-6E97-C95D-FC38-EADC0FBA17F4} - (no file)
    O2 - BHO: (no name) - {A4DFF1C4-98FB-C9E6-5A34-42F6F9F29946} - (no file)
    O2 - BHO: (no name) - {A756A3B3-14C9-8E2D-CCE5-1C679D54BC9A} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {AB0B4C53-CEA8-83EC-2C8A-CC6ADEC84C0C} - (no file)
    O2 - BHO: (no name) - {ACF6C3C9-12EA-7FF4-1AD4-FE6F2D3FBF0E} - (no file)
    O2 - BHO: (no name) - {AF8D7D5A-DD6C-CBD7-A38B-02C0017EFE8B} - (no file)
    O2 - BHO: (no name) - {AF983FC9-CB2E-F9A8-54CE-798CD86D3D03} - (no file)
    O2 - BHO: (no name) - {B0EFBBAA-9E53-2423-E50F-3319DCC4E778} - (no file)
    O2 - BHO: (no name) - {B23D0939-BC69-D6D6-C1A8-14D31EB2EBB5} - (no file)
    O2 - BHO: (no name) - {B2F02BCA-58A2-6FFD-ACDD-ACEE8D9DA004} - (no file)
    O2 - BHO: (no name) - {B6FCCB3D-2566-6803-C605-432ECE6B6BEA} - (no file)
    O2 - BHO: (no name) - {B8E8C3CD-1C6A-6E84-B0BC-939FEDDFFB7D} - (no file)
    O2 - BHO: (no name) - {BB45BFC1-FC85-B0D3-B0CC-DFE4C30CDEE5} - (no file)
    O2 - BHO: (no name) - {BB94B9B1-AEBF-8688-1AA7-ED0DC8633A39} - (no file)
    O2 - BHO: (no name) - {BC8F5AAA-0CA9-BE6D-C3D4-9FCECF559B2F} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O2 - BHO: (no name) - {C04BDE82-9255-B8A9-5DFD-E648BDD99485} - (no file)
    O2 - BHO: (no name) - {C40317C0-7BA6-E10C-D8ED-B4C401D402AB} - (no file)
    O2 - BHO: (no name) - {C8177FF8-C9B9-B28D-8DC6-DD976800B9C0} - (no file)
    O2 - BHO: (no name) - {C9E36BC8-6E39-7BC7-1DF0-57CCBA509A9B} - (no file)
    O2 - BHO: (no name) - {CA076BA3-915F-DCDF-8FFA-CDEAB6FF9B2F} - (no file)
    O2 - BHO: (no name) - {CA9426A8-79DB-BFAF-C34E-C50ABDB673A9} - (no file)
    O2 - BHO: (no name) - {CEE9F42E-43D1-CB7B-C2C7-BC31DE6F40C8} - (no file)
    O2 - BHO: (no name) - {D96A59CA-550C-640D-AA2B-C250D79F8EEE} - (no file)
    O2 - BHO: (no name) - {DA66DDA6-84FB-B963-3A2B-65F0F5089E1C} - (no file)
    O2 - BHO: (no name) - {DDB67DC3-4FC4-DB3D-AF52-67892F6EAF63} - (no file)
    O2 - BHO: (no name) - {DFEB4B05-F1AF-A6B6-3D80-30EBB7920F93} - (no file)
    O2 - BHO: (no name) - {E004CA13-707C-444D-F634-05AAAFDBBEBE} - (no file)
    O2 - BHO: (no name) - {E29E6E3B-49DE-8A89-8CCE-2FDACF6C0D43} - (no file)
    O2 - BHO: (no name) - {EBEAF623-DFAD-E29C-2FF9-DB6F4AAFABBE} - (no file)
    O2 - BHO: (no name) - {F4AFDEE2-6A51-62BF-50B3-1CCA65AAD96A} - (no file)
    O2 - BHO: (no name) - {FEEA9BFE-A092-97CA-D450-FECEF5A1A5FA} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
    O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
    O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe
    O4 - HKUS\.DEFAULT\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RICOH Gate La.lnk = C:\Program Files\Caplio Software\RGateL.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157029816843
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\mefexo.html

    --
    End of file - 12596 bytes

    Ben benieuwd of jullie kunnen helpen. Ik weet het even niet meer

    Lavendel

  • #2
    Print deze intructies uit, of plaatst ze in een kladblokbestandje op je bureaublad.



    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe
    O2 - BHO: (no name) - {03F0CEA5-DF3C-BB10-208F-A4FE48CDCFA1} - (no file)
    O2 - BHO: (no name) - {05F2B58C-72F8-78ED-7C61-61BD10976DFB} - (no file)
    O2 - BHO: (no name) - {05F51C6D-2EB0-3DDA-37AC-BFE0F9FC37A0} - (no file)
    O2 - BHO: (no name) - {24EE2E2A-54AE-A1EF-E24C-2C1402FC01F4} - (no file)
    O2 - BHO: (no name) - {2B89B450-BDCF-7C23-0BCE-21BAC69C82D3} - (no file)
    O2 - BHO: (no name) - {2CFF74DE-EF5B-30E0-3DFD-DFC89C055103} - (no file)
    O2 - BHO: (no name) - {30D2EFE9-DACC-AC9F-26DF-F6860CF3B994} - (no file)
    O2 - BHO: (no name) - {312FE8C7-7E5D-44EB-73CC-3D24B584075C} - (no file)
    O2 - BHO: (no name) - {37ACD5DE-34EE-097E-6314-08BC4FB0BFC7} - (no file)
    O2 - BHO: (no name) - {388F0C22-E0AC-EB28-E293-041BDEBC7CAF} - (no file)
    O2 - BHO: (no name) - {3A3A7F6B-4A55-A5AC-11B5-A1DD4FAE6CEB} - (no file)
    O2 - BHO: (no name) - {3A5E645A-B1E4-80AC-D7F1-F96828A375F7} - (no file)
    O2 - BHO: (no name) - {3B38EAF8-AE0C-F2FA-46EB-31F22E5D8CC2} - (no file)
    O2 - BHO: (no name) - {3BCE9B5C-C53D-B7AF-505C-BD4F5CDC3E86} - (no file)
    O2 - BHO: (no name) - {3E85F827-5873-A64C-EBD3-2A39DDC4AA0D} - (no file)
    O2 - BHO: (no name) - {4A4C2D3E-08FD-BF58-0C8C-04D3D004C296} - (no file)
    O2 - BHO: (no name) - {4E29C71B-48B7-5CF1-24A7-8D9EDDDC6E0F} - (no file)
    O2 - BHO: (no name) - {5BDF17C5-4F8A-1ED7-615F-FDE64F7D0DA8} - (no file)
    O2 - BHO: (no name) - {616E4574-63C9-FBAE-3D1D-17EC1A07A3E1} - (no file)
    O2 - BHO: (no name) - {64CB3F12-AAFB-A83E-6361-76593CF19C30} - (no file)
    O2 - BHO: (no name) - {735922DF-B8D2-DF5C-E0AB-30C7AF6E3103} - (no file)
    O2 - BHO: (no name) - {737DFD9B-23BC-AB7B-0CD2-44CE57FD2AD3} - (no file)
    O2 - BHO: (no name) - {773DA40C-AC2D-062C-7F47-2A26FF30B14B} - (no file)
    O2 - BHO: (no name) - {7ED29702-D517-4DF8-DDF2-B99D3EECB8DD} - (no file)
    O2 - BHO: (no name) - {812BCD24-8CA6-DE46-4D73-C6640816FAA0} - (no file)
    O2 - BHO: (no name) - {8BEE9A72-C9B2-DFFD-564C-77F9AA37CFCB} - (no file)
    O2 - BHO: (no name) - {9129BD49-62CC-C4EC-BE03-FE0EBF7815A7} - (no file)
    O2 - BHO: (no name) - {9D8AF4F8-FF29-FCEF-5A7B-24A3EB06DF8E} - (no file)
    O2 - BHO: (no name) - {9DBAE642-BA50-519A-EE7A-D93CB0A51139} - (no file)
    O2 - BHO: (no name) - {9DF34062-D743-221C-0B4B-ADFEA3777AB0} - (no file)
    O2 - BHO: (no name) - {A0EE57BC-6E97-C95D-FC38-EADC0FBA17F4} - (no file)
    O2 - BHO: (no name) - {A4DFF1C4-98FB-C9E6-5A34-42F6F9F29946} - (no file)
    O2 - BHO: (no name) - {A756A3B3-14C9-8E2D-CCE5-1C679D54BC9A} - (no file)
    O2 - BHO: (no name) - {AB0B4C53-CEA8-83EC-2C8A-CC6ADEC84C0C} - (no file)
    O2 - BHO: (no name) - {ACF6C3C9-12EA-7FF4-1AD4-FE6F2D3FBF0E} - (no file)
    O2 - BHO: (no name) - {AF8D7D5A-DD6C-CBD7-A38B-02C0017EFE8B} - (no file)
    O2 - BHO: (no name) - {AF983FC9-CB2E-F9A8-54CE-798CD86D3D03} - (no file)
    O2 - BHO: (no name) - {B0EFBBAA-9E53-2423-E50F-3319DCC4E778} - (no file)
    O2 - BHO: (no name) - {B23D0939-BC69-D6D6-C1A8-14D31EB2EBB5} - (no file)
    O2 - BHO: (no name) - {B2F02BCA-58A2-6FFD-ACDD-ACEE8D9DA004} - (no file)
    O2 - BHO: (no name) - {B6FCCB3D-2566-6803-C605-432ECE6B6BEA} - (no file)
    O2 - BHO: (no name) - {B8E8C3CD-1C6A-6E84-B0BC-939FEDDFFB7D} - (no file)
    O2 - BHO: (no name) - {BB45BFC1-FC85-B0D3-B0CC-DFE4C30CDEE5} - (no file)
    O2 - BHO: (no name) - {BB94B9B1-AEBF-8688-1AA7-ED0DC8633A39} - (no file)
    O2 - BHO: (no name) - {BC8F5AAA-0CA9-BE6D-C3D4-9FCECF559B2F} - (no file)
    O2 - BHO: (no name) - {C04BDE82-9255-B8A9-5DFD-E648BDD99485} - (no file)
    O2 - BHO: (no name) - {C40317C0-7BA6-E10C-D8ED-B4C401D402AB} - (no file)
    O2 - BHO: (no name) - {C8177FF8-C9B9-B28D-8DC6-DD976800B9C0} - (no file)
    O2 - BHO: (no name) - {C9E36BC8-6E39-7BC7-1DF0-57CCBA509A9B} - (no file)
    O2 - BHO: (no name) - {CA076BA3-915F-DCDF-8FFA-CDEAB6FF9B2F} - (no file)
    O2 - BHO: (no name) - {CA9426A8-79DB-BFAF-C34E-C50ABDB673A9} - (no file)
    O2 - BHO: (no name) - {CEE9F42E-43D1-CB7B-C2C7-BC31DE6F40C8} - (no file)
    O2 - BHO: (no name) - {D96A59CA-550C-640D-AA2B-C250D79F8EEE} - (no file)
    O2 - BHO: (no name) - {DA66DDA6-84FB-B963-3A2B-65F0F5089E1C} - (no file)
    O2 - BHO: (no name) - {DDB67DC3-4FC4-DB3D-AF52-67892F6EAF63} - (no file)
    O2 - BHO: (no name) - {DFEB4B05-F1AF-A6B6-3D80-30EBB7920F93} - (no file)
    O2 - BHO: (no name) - {E004CA13-707C-444D-F634-05AAAFDBBEBE} - (no file)
    O2 - BHO: (no name) - {E29E6E3B-49DE-8A89-8CCE-2FDACF6C0D43} - (no file)
    O2 - BHO: (no name) - {EBEAF623-DFAD-E29C-2FF9-DB6F4AAFABBE} - (no file)
    O2 - BHO: (no name) - {F4AFDEE2-6A51-62BF-50B3-1CCA65AAD96A} - (no file)
    O2 - BHO: (no name) - {FEEA9BFE-A092-97CA-D450-FECEF5A1A5FA} - (no file)
    O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
    O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
    O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
    O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe
    O4 - HKUS\.DEFAULT\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe (User 'Default user')
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...reeInstall.cab
    O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\mefexo.html


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download SDFix: http://downloads.andymanchesta.com/R...ools/SDFix.exe
    Plaats het op je bureaublad en dubbelklik erop om de bestanden uit te pakken. (meestal C:\SDFix)
    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Open de map c:\SDFix en dubbelklik op RunThis.bat om de tool te starten.
    In het scherm dat verschijnt druk je op Y om verwijderprocedure te starten.
    Wanneer je de vraag krijgt om een toets in te drukken om de computer te herstarten doe je dit.
    Na herstart krijg loopt het tweede deel van het cleaningsprocess. Wanneer je de melding krijgt FINISHED, druk je op een toets. Er opent dan een kladblokbestandje. Post de inhoud van dit bestandje.

    Comment


    • #3
      sdfixlogfile

      Ha Marckie,

      Fijn dat je reageert!

      Direct aan de slag gegaan. Hoop dat alles nu in orde is (laat dat nog even weten na wat meer tests gedaan te hebben). In ieder geval komt er nu geen pop-up omhoog bij het openen van deze site en dat gebeurde steeds wel. Zie hier de logfile van de sdfix.

      Hij vond twee Trojans. Verder snap ik zelf niet wat hidden atributes betekent.

      SDFix: Version 1.125

      Run by Administrator on Wed 01/09/2008 at 4:25p

      Microsoft Windows 2000 [Version 5.00.2195]

      Running From: C:\SDFix

      Safe Mode:
      Checking Services:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting...


      Normal Mode:
      Checking Files:

      Trojan Files Found:

      C:\WINNT\SYSTEM32\24050_~1.EXE - Deleted
      C:\WINNT\system32\24050_netapi.exe - Deleted




      Removing Temp Files...

      ADS Check:

      C:\WINNT
      No streams found.

      C:\WINNT\system32
      No streams found.

      C:\WINNT\system32\svchost.exe
      No streams found.

      C:\WINNT\system32\ntoskrnl.exe
      No streams found.



      Final Check:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by

      Gmer, http://www.gmer.net
      Rootkit scan 2008-01-09 16:35:04
      Windows 5.0.2195 Service Pack 4 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      Remaining Services:
      ------------------



      Remaining Files:
      ---------------

      File Backups: - C:\SDFix\backups\backups.zip

      Files with Hidden Attributes:

      Tue 13 Sep 2005 19,968 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL0003.tmp"
      Mon 15 May 2006 22,016 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL0004.tmp"
      Sat 3 Mar 2007 24,576 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL0005.tmp"
      Sat 3 Mar 2007 28,160 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL0045.tmp"
      Fri 16 Nov 2007 22,016 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL0160.tmp"
      Tue 13 Sep 2005 23,552 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL0214.tmp"
      Sun 26 Feb 2006 30,208 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL1111.tmp"
      Sun 26 Feb 2006 27,136 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL3015.tmp"
      Sun 26 Feb 2006 27,136 ...H. --- "C:\Documents and

      Settings\Administrator\Application Data\Microsoft\Word\~WRL3840.tmp"

      Finished!

      Comment


      • #4
        Post nog even een nieuwe hijackthislog Lavendel.

        Comment


        • #5
          Hijack-log

          komt ie!

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 5:07:49 PM, on 1/9/2008
          Platform: Windows 2000 SP4 (WinNT 5.00.2195)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
          Boot mode: Normal

          Running processes:
          C:\WINNT\System32\smss.exe
          C:\WINNT\system32\winlogon.exe
          C:\WINNT\system32\services.exe
          C:\WINNT\system32\lsass.exe
          C:\WINNT\system32\svchost.exe
          C:\WINNT\System32\svchost.exe
          C:\WINNT\system32\spoolsv.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\WINNT\system32\Brmfrmps.exe
          C:\Program Files\ewido anti-spyware 4.0\guard.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINNT\system32\regsvc.exe
          C:\WINNT\system32\MSTask.exe
          C:\Program Files\SPAMfighter\sfus.exe
          C:\WINNT\system32\stisvc.exe
          C:\WINNT\System32\WBEM\WinMgmt.exe
          C:\WINNT\system32\svchost.exe
          C:\WINNT\Explorer.EXE
          C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
          C:\Program Files\Brother\ControlCenter2\brctrcen.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\Program Files\ewido anti-spyware 4.0\ewido.exe
          C:\Program Files\Eset\nod32kui.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Caplio Software\RGateL.exe
          C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webstats4u.com/s?tab=1&link=1&id=1382022
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {1CD3BAF4-1736-4ED7-A1CB-0CBC51C31C71} - C:\Program Files\Windows Media Player\mezone.dll (file missing)
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
          O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
          O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
          O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
          O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
          O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
          O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: RICOH Gate La.lnk = C:\Program Files\Caplio Software\RGateL.exe
          O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
          O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
          O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157029816843
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
          O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
          O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

          --
          End of file - 7194 bytes

          Comment


          • #6
            Sluit alle open vensters.
            Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

            O2 - BHO: (no name) - {1CD3BAF4-1736-4ED7-A1CB-0CBC51C31C71} - C:\Program Files\Windows Media Player\mezone.dll (file missing)

            Klik daarna op "Fix checked" en sluit HijackThis af.


            Update je virusscanner.
            Laat deze verwijderen wat het vindt aan geïnfecteerde bestanden.

            Meldt of er nog problemen optreden.

            Comment


            • #7
              Mmmmm... helaas

              Helaas probleem niet opgelost. Heb het volgende allemaal gedaan

              AVG virus scan gedraaid: vond niets
              Cureit gedraaid: express scan vond niks: full scan klapt er uit (door het virus?)
              nanoscan gedraaid: zie log hieronder
              Nod32 gedraaid: vind niks, een aantal bestanden zijn ontoegankelijk; beveiligd?? heb een log: wil je dat ik die stuur ? (kon nu niet in het bericht, wordt te lang)
              Adaware gedraaid: haalt er 14 tracking cookies uit
              Spybot en direct achteraan gedraaid: haalde er 32 uit (gek hoor zo vlak na adaware), waaronder deze steeds weer terugkerende: statcounter, mailskinner, adrevolver en anderen
              Aan het eind van dit bericht stuur ik weer eeh Hijack log

              Wat nu? Hoop dat je nog verder kan proberen te helpen

              nanoscan:

              ANALYSIS: 2008-01-09 21:11:40
              PROTECTIONS: 2
              MALWARE: 17
              SUSPECTS: 1
              ;*************************************************************************************************** ********************************************************************************
              PROTECTIONS
              Description Version Active Updated
              ;=================================================================================================== ================================================================================
              NOD32 Antivirus 2.70.39 No No
              Windows Defender 1.1.1904.0 No No
              ;=================================================================================================== ================================================================================
              MALWARE
              Id Description Type Active Severity Disinfectable Disinfected Location
              ;=================================================================================================== ================================================================================
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139060 Cookie/Casalemedia TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.casalemedia.com/]
              00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
              00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Administrator\Desktop\SDFix.exe.part[SDFix\apps\Process.exe]
              00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Administrator\Desktop\SDFix(2).exe[SDFix\apps\Process.exe]
              00167642 Cookie/Com.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.com.com/]
              00167704 Cookie/Xiti TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.xiti.com/]
              00167704 Cookie/Xiti TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Cookies\admin[email protected][1].txt
              00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[fe.lea.lycos.fr/]
              00167753 Cookie/Statcounter TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.statcounter.com/]
              00167753 Cookie/Statcounter TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.statcounter.com/]
              00167753 Cookie/Statcounter TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.statcounter.com/]
              00167753 Cookie/Statcounter TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.statcounter.com/]
              00167753 Cookie/Statcounter TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.statcounter.com/]
              00167753 Cookie/Statcounter TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.statcounter.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[ad.yieldmanager.com/]
              00168061 Cookie/Apmebf TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.apmebf.com/]
              00168061 Cookie/Apmebf TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.apmebf.com/]
              00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.serving-sys.com/]
              00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.serving-sys.com/]
              00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.serving-sys.com/]
              00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.serving-sys.com/]
              00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.serving-sys.com/]
              00168090 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.serving-sys.com/]
              00168093 Cookie/Serving-sys TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.bs.serving-sys.com/]
              00168106 Cookie/Weborama TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.weborama.fr/]
              00168106 Cookie/Weborama TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.weborama.fr/]
              00168106 Cookie/Weborama TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.weborama.fr/]
              00168106 Cookie/Weborama TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
              00168109 Cookie/Adtech TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[stat.onestat.com/]
              00168114 Cookie/onestat.com TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
              00172221 Cookie/Zedo TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.zedo.com/]
              00172221 Cookie/Zedo TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.zedo.com/]
              00172221 Cookie/Zedo TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.zedo.com/]
              00172449 Cookie/MetriWeb TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.metriweb.be/]
              00184846 Cookie/Adrevolver TrackingCookie No 0 Yes Yes C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iw892l28.default\cookies.txt[.adrevolver.com/]
              02885385 Adware/NaviPromo Adware No 1 No No C:\Documents and Settings\Administrator\My Documents\WebMediaPlayer\uninst.exe[²ÜÇ\NSUtils.dll]
              ;=================================================================================================== ================================================================================
              SUSPECTS
              Location
              ;=================================================================================================== ================================================================================
              C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\ELXJAW.EXE
              ;=================================================================================================== ================================================================================


              hijacklog

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 8:14:43 PM, on 1/10/2008
              Platform: Windows 2000 SP4 (WinNT 5.00.2195)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
              Boot mode: Normal

              Running processes:
              C:\WINNT\System32\smss.exe
              C:\WINNT\system32\winlogon.exe
              C:\WINNT\system32\services.exe
              C:\WINNT\system32\lsass.exe
              C:\WINNT\system32\svchost.exe
              C:\WINNT\System32\svchost.exe
              C:\WINNT\system32\spoolsv.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\WINNT\system32\Brmfrmps.exe
              C:\Program Files\ewido anti-spyware 4.0\guard.exe
              C:\Program Files\Eset\nod32krn.exe
              C:\WINNT\system32\regsvc.exe
              C:\WINNT\system32\MSTask.exe
              C:\Program Files\SPAMfighter\sfus.exe
              C:\WINNT\system32\stisvc.exe
              C:\WINNT\System32\WBEM\WinMgmt.exe
              C:\WINNT\system32\svchost.exe
              C:\WINNT\Explorer.EXE
              C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
              C:\Program Files\Brother\ControlCenter2\brctrcen.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\Adobe\Photoshop Album Starter

              Edition\3.0\Apps\apdproxy.exe
              C:\Program Files\SPAMfighter\SFAgent.exe
              C:\Program Files\Eset\nod32kui.exe
              C:\Program Files\Caplio Software\RGateL.exe
              c:\documents and settings\administrator\local settings\application

              data\tbibtql.exe
              C:\Program Files\Eset\nod32.exe
              C:\Program Files\SPAMfighter\SPAMCFG.EXE
              C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

              http://g.msn.nl/0SENLNL/SAOS01
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

              = http://home.free.fr/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

              http://www.webstats4u.com/s?tab=1&link=1&id=1382022
              O2 - BHO: Adobe PDF Reader Link Helper -

              {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

              Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

              C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

              C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program

              Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
              O2 - BHO: Google Toolbar Helper -

              {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

              files\google\googletoolbar4.dll
              O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

              C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

              C:\WINNT\system32\msdxm.ocx
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

              c:\program files\google\googletoolbar4.dll
              O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
              O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common

              Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
              O4 - HKLM\..\Run: [PaperPort PTD] C:\Program

              Files\ScanSoft\PaperPort\pptd40nt.exe
              O4 - HKLM\..\Run: [IndexSearch] C:\Program

              Files\ScanSoft\PaperPort\IndexSearch.exe
              O4 - HKLM\..\Run: [SetDefPrt] C:\Program

              Files\Brother\Brmfl04a\BrStDvPt.exe
              O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program

              Files\Brother\ControlCenter2\brctrcen.exe /autorun
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

              Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

              Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

              /STARTUP
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

              Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

              Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
              O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program

              Files\SPAMfighter\SFAgent.exe" update delay 60
              O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware

              4.0\ewido.exe" /minimized
              O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe"

              /WAITSERVICE
              O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program

              Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
              O4 - HKCU\..\Run: [swg] C:\Program

              Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier

              .exe
              O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

              C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
              O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program

              Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User

              'Default user')
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

              Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: RICOH Gate La.lnk = C:\Program Files\Caplio

              Software\RGateL.exe
              O4 - Global Startup: Status Monitor.lnk = C:\Program

              Files\Brother\Brmfcmon\BrMfcWnd.exe
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

              - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console -

              {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

              Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

              - C:\WINNT\system32\Shdocvw.dll
              O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
              O16 - DPF: Yahoo! Chess -

              http://download.games.yahoo.com/games/clients/y/ct4_x.cab
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

              http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

              http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

              Class) -

              http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie

              nt/muweb_site.cab?1157029816843
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

              (MessengerStatsClient Class) -

              http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.ca

              b
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

              (MessengerStatsClient Class) -

              http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.

              cab
              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

              Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.

              - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: Brother Popup Suspend service for Resource manager

              (brmfrmps) - Brother Industries, Ltd. -

              C:\WINNT\system32\Brmfrmps.exe
              O23 - Service: Logical Disk Manager Administrative Service (dmadmin)

              - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
              O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware

              Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

              Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program

              Files\Eset\nod32krn.exe
              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS -

              C:\Program Files\SPAMfighter\sfus.exe

              --
              End of file - 7260 bytes

              Comment


              • #8
                Wat hoofdzakelijk gevonden wordt zijn cookies, die zullen altijd wel blijven terugkomen.
                Verwijder dit bestand: C:\Documents and Settings\Administrator\My Documents\WebMediaPlayer\uninst.exe

                De hijackthislog is nauwelijks leesbaar zo.
                Ga naar Start - Uitvoeren en tik in: notepad.exe
                Klik op OK.
                Ga in Kladblok naar Opmaak, en haal het vinkje weg voor "Automatische terugloop".
                Sluit Kladblok terug af.
                Maak een nieuwe HijackThislog en post deze.

                Comment


                • #9
                  komt ie

                  OK bestand verwijderd

                  Hierbij nieuwe log ( zo wel te lezen?
                  :
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 9:06:02 PM, on 1/10/2008
                  Platform: Windows 2000 SP4 (WinNT 5.00.2195)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                  Boot mode: Normal

                  Running processes:
                  C:\WINNT\System32\smss.exe
                  C:\WINNT\system32\winlogon.exe
                  C:\WINNT\system32\services.exe
                  C:\WINNT\system32\lsass.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\System32\svchost.exe
                  C:\WINNT\system32\spoolsv.exe
                  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\WINNT\system32\Brmfrmps.exe
                  C:\Program Files\ewido anti-spyware 4.0\guard.exe
                  C:\Program Files\Eset\nod32krn.exe
                  C:\WINNT\system32\regsvc.exe
                  C:\WINNT\system32\MSTask.exe
                  C:\Program Files\SPAMfighter\sfus.exe
                  C:\WINNT\system32\stisvc.exe
                  C:\WINNT\System32\WBEM\WinMgmt.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\Explorer.EXE
                  C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                  C:\Program Files\Brother\ControlCenter2\brctrcen.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                  C:\Program Files\SPAMfighter\SFAgent.exe
                  C:\Program Files\Eset\nod32kui.exe
                  C:\Program Files\Caplio Software\RGateL.exe
                  c:\documents and settings\administrator\local settings\application data\tbibtql.exe
                  C:\Program Files\Eset\nod32.exe
                  C:\Program Files\SPAMfighter\SPAMCFG.EXE
                  C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\Program Files\Ludiclub\LCTarot\LCTarot.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webstats4u.com/s?tab=1&link=1&id=1382022
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
                  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
                  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
                  O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                  O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                  O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
                  O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
                  O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
                  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                  O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
                  O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                  O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: RICOH Gate La.lnk = C:\Program Files\Caplio Software\RGateL.exe
                  O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
                  O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
                  O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157029816843
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
                  O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
                  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

                  --
                  End of file - 7307 bytes

                  Comment


                  • #10
                    Mooi.
                    Zijn er nog problemen?

                    Comment


                    • #11
                      opgelost?

                      Het ziet er naar uit dat het opgelost is. Zou geweldig zijn. Blijf voorzichtig, want ben al een paar keer te voorbarig geweest. Doe morgen nog een paar extra tests en laat van me horen

                      Thanx

                      Comment


                      • #12
                        Ik hoor wel van je.
                        Het ziet er allemaal wel goed uit.

                        Comment


                        • #13
                          Verdorie het is weer terug. Bij het openen van websites, maar nu ook bij het aanmaken van deze laatste HijackThis log. Het lijkt wel dat het bij een nieuwe opstart van de computer weer terug komt.

                          Hierbij de log:

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 9:46:40 AM, on 1/11/2008
                          Platform: Windows 2000 SP4 (WinNT 5.00.2195)
                          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                          Boot mode: Normal

                          Running processes:
                          C:\WINNT\System32\smss.exe
                          C:\WINNT\system32\winlogon.exe
                          C:\WINNT\system32\services.exe
                          C:\WINNT\system32\lsass.exe
                          C:\WINNT\system32\svchost.exe
                          C:\WINNT\System32\svchost.exe
                          C:\WINNT\system32\spoolsv.exe
                          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          C:\WINNT\system32\Brmfrmps.exe
                          C:\Program Files\ewido anti-spyware 4.0\guard.exe
                          C:\Program Files\Eset\nod32krn.exe
                          C:\WINNT\system32\regsvc.exe
                          C:\WINNT\system32\MSTask.exe
                          C:\Program Files\SPAMfighter\sfus.exe
                          C:\WINNT\system32\stisvc.exe
                          C:\WINNT\System32\WBEM\WinMgmt.exe
                          C:\WINNT\system32\svchost.exe
                          C:\WINNT\Explorer.EXE
                          C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                          C:\Program Files\Brother\ControlCenter2\brctrcen.exe
                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                          C:\Program Files\SPAMfighter\SFAgent.exe
                          C:\Program Files\ewido anti-spyware 4.0\ewido.exe
                          C:\Program Files\Eset\nod32kui.exe
                          C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
                          C:\Program Files\Caplio Software\RGateL.exe
                          C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
                          C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webstats4u.com/s?tab=1&link=1&id=1382022
                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
                          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
                          O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
                          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                          O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                          O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
                          O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
                          O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                          O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
                          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
                          O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                          O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
                          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O4 - Global Startup: RICOH Gate La.lnk = C:\Program Files\Caplio Software\RGateL.exe
                          O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
                          O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
                          O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab
                          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157029816843
                          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
                          O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
                          O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

                          --
                          End of file - 7083 bytes

                          Comment


                          • #14
                            Wacht even. unstall.exe stond nog in de prullebak. Heb die nu geleegd. Misschien helpt het. Laat weer van me horen.

                            Comment


                            • #15
                              Helaas mocht niet baten. Wat nu, heb je nog een idee?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X