Mededeling

Collapse
No announcement yet.

Irritante pop-up's

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Irritante pop-up's

    Sinds kort krijgt ik veel pop-up's via IE terwijl ik geen IE gebruik. In mijn taakbeheer staat soms wel 5x IE en als ik die dan wegklik, komen ze gewoon weer terug.

    Hier even mijn logje :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:17:07, on 11-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Verbakel\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Sponserd By Keviiin!!!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\Joy seek.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [memoplan] C:\DOCUME~1\Verbakel\APPLIC~1\POLLVC~1\thisaxis.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add a new emoticon - C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixCE.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Set as My Display Picture - C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixDP.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

    --
    End of file - 8209 bytes
    Labels: Geen
    • Citaat
  • #2
    Hallo,

    Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\Joy seek.exe
    O4 - HKCU\..\Run: [memoplan] C:\DOCUME~1\Verbakel\APPLIC~1\POLLVC~1\thisaxis.exe

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
    Controleer onder Weergave de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Druk daarna op Toepassen gevolgd door Ok.

    Verwijder de volgende directories:
    C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\
    C:\Documents and Settings\Verbakel\Application Data\POLLVC~1\

    Download Java Runtime Environment (JRE) 6u5.
    • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
    • Klik op de "Download" knop aan de rechterkant.
    • Vink aan: "Accept License Agreement", en klik op Continue.
    • De pagina zal herladen.
    • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


    Download dit bestand:
    Deljob.exe(mirror)

    Plaats het op je bureaublad.

    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
    Post de inhoud van logit.txt in je volgende bericht.

    plaats ook een nieuw HJT logje aub
    Last edited by Juisterr; 14-03-08, 21:00.

    Windows 10 opstarten in Veilige Modus
    • Citaat

    Comment

    • #3
      --------------------------------------------------------
      Backups created in C:\deljob

      AFF3F78A918468CA.job
      --------------------------------------------------------
      Files in Windows Tasks folder

      AppleSoftwareUpdate.job
      Norton Security Scan.job
      --------------------------------------------------------
      Export App Data folders
      --------------------------------------------------------
      Het volume in station C heeft geen naam.
      Het volumenummer is 8482-AB47

      Map van C:\Documents and Settings\Verbakel\Application Data

      27-02-2008 16:44 <DIR> .
      27-02-2008 16:44 <DIR> ..
      12-03-2008 21:33 <DIR> Adobe
      09-03-2007 16:35 <DIR> ATI
      17-02-2008 20:09 <DIR> DAEMON~1 DAEMON Tools
      16-10-2007 15:09 <DIR> DMCache
      04-09-2007 17:16 <DIR> Google
      13-11-2007 13:26 <DIR> Hamachi
      08-03-2007 18:44 <DIR> IDENTI~1 Identities
      27-02-2008 16:44 <DIR> INSTAL~1 InstallShield
      05-07-2007 17:08 <DIR> MACROM~1 Macromedia
      14-09-2007 14:38 <DIR> MICROS~1 Microsoft
      04-03-2008 16:09 <DIR> mIRC
      02-06-2007 14:52 <DIR> Mozilla
      15-03-2008 16:35 <DIR> POLLVC~1 pollvcdefy
      13-11-2007 17:38 <DIR> Real
      13-09-2007 14:33 <DIR> REGETS~1 ReGet Software
      26-06-2007 17:26 <DIR> Skype
      13-08-2007 13:52 <DIR> Sun
      09-12-2007 15:16 <DIR> SYSTEM~1 SystemRequirementsLab
      17-02-2008 19:49 <DIR> TEAMSP~1 teamspeak2
      13-12-2007 18:07 <DIR> uTorrent
      12-03-2008 16:17 <DIR> Xfire
      0 bestand(en) 0 bytes
      23 map(pen) 55.504.416.768 bytes beschikbaar
      Het volume in station C heeft geen naam.
      Het volumenummer is 8482-AB47

      Map van C:\Documents and Settings\All Users\Application Data

      15-03-2008 16:36 <DIR> .
      15-03-2008 16:36 <DIR> ..
      11-03-2008 18:08 <DIR> Adobe
      08-09-2007 15:01 <DIR> Apple
      08-09-2007 15:02 <DIR> APPLEC~1 Apple Computer
      13-03-2008 14:40 <DIR> FLEXnet
      12-07-2007 09:36 <DIR> Google
      15-03-2008 16:33 <DIR> GRIDBL~1 Grid Blue Memo Site
      11-11-2007 12:05 <DIR> Grisoft
      26-02-2008 19:44 <DIR> Lavasoft
      24-01-2008 16:09 <DIR> MESSEN~1 Messenger Plus!
      01-03-2008 15:59 <DIR> MICROS~1 Microsoft
      27-09-2007 14:24 <DIR> Skype
      26-01-2008 10:18 <DIR> SPYBOT~1 Spybot - Search & Destroy
      21-01-2008 14:46 <DIR> TEMP
      09-03-2007 17:27 <DIR> WINDOW~1 Windows Genuine Advantage
      01-03-2008 15:58 <DIR> WLINST~1 WLInstaller
      0 bestand(en) 0 bytes
      17 map(pen) 55.504.416.768 bytes beschikbaar
      --------------------------------------------------------
      All User Accounts
      --------------------------------------------------------
      All Users
      Verbakel
      --------------------------------------------------------



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:56:26, on 15-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\ATKKBService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Sponserd By Keviiin!!!
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [memoplan] C:\DOCUME~1\Verbakel\APPLIC~1\POLLVC~1\thisaxis.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Add a new emoticon - C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixCE.htm
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Set as My Display Picture - C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixDP.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

      --
      End of file - 7036 bytes
      • Citaat

      Comment

      • #4
        Start Hijackthis op en kies voor 'Do a system scan only'
        Selecteer alleen de items die hieronder zijn genoemd:

        O4 - HKCU\..\Run: [memoplan] C:\DOCUME~1\Verbakel\APPLIC~1\POLLVC~1\thisaxis.exe

        Klik op 'Fix checked' om de items te verwijderen.

        Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
        Controleer onder Weergave de volgende instellingen:

        Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
        Uitzetten: Extensies voor bekende bestandstypen verbergen

        Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
        Selecteer: Verborgen bestanden en mappen weergeven

        Druk daarna op Toepassen gevolgd door Ok.

        Verwijder de volgende directories: ( dikgedrukte deel )

        C:\Documents and Settings\Verbakel\Application Data\ pollvcdefy\thisaxis.exe

        Run de deljob nogmaals.

        plaats de uitslag samen met een nieuw HJT logje aub.
        Last edited by Juisterr; 15-03-08, 18:59.

        Windows 10 opstarten in Veilige Modus
        • Citaat

        Comment

        • #5
          --------------------------------------------------------
          Backups created in C:\deljob

          AFF3F78A918468CA.job
          --------------------------------------------------------
          Files in Windows Tasks folder

          AppleSoftwareUpdate.job
          Norton Security Scan.job
          --------------------------------------------------------
          Export App Data folders
          --------------------------------------------------------
          Het volume in station C heeft geen naam.
          Het volumenummer is 8482-AB47

          Map van C:\Documents and Settings\Verbakel\Application Data

          15-03-2008 17:18 <DIR> .
          15-03-2008 17:18 <DIR> ..
          12-03-2008 21:33 <DIR> Adobe
          09-03-2007 16:35 <DIR> ATI
          17-02-2008 20:09 <DIR> DAEMON~1 DAEMON Tools
          16-10-2007 15:09 <DIR> DMCache
          04-09-2007 17:16 <DIR> Google
          13-11-2007 13:26 <DIR> Hamachi
          08-03-2007 18:44 <DIR> IDENTI~1 Identities
          27-02-2008 16:44 <DIR> INSTAL~1 InstallShield
          05-07-2007 17:08 <DIR> MACROM~1 Macromedia
          14-09-2007 14:38 <DIR> MICROS~1 Microsoft
          04-03-2008 16:09 <DIR> mIRC
          02-06-2007 14:52 <DIR> Mozilla
          13-11-2007 17:38 <DIR> Real
          13-09-2007 14:33 <DIR> REGETS~1 ReGet Software
          26-06-2007 17:26 <DIR> Skype
          13-08-2007 13:52 <DIR> Sun
          09-12-2007 15:16 <DIR> SYSTEM~1 SystemRequirementsLab
          17-02-2008 19:49 <DIR> TEAMSP~1 teamspeak2
          13-12-2007 18:07 <DIR> uTorrent
          12-03-2008 16:17 <DIR> Xfire
          0 bestand(en) 0 bytes
          22 map(pen) 55.497.830.400 bytes beschikbaar
          Het volume in station C heeft geen naam.
          Het volumenummer is 8482-AB47

          Map van C:\Documents and Settings\All Users\Application Data

          15-03-2008 16:36 <DIR> .
          15-03-2008 16:36 <DIR> ..
          11-03-2008 18:08 <DIR> Adobe
          08-09-2007 15:01 <DIR> Apple
          08-09-2007 15:02 <DIR> APPLEC~1 Apple Computer
          13-03-2008 14:40 <DIR> FLEXnet
          12-07-2007 09:36 <DIR> Google
          15-03-2008 16:33 <DIR> GRIDBL~1 Grid Blue Memo Site
          11-11-2007 12:05 <DIR> Grisoft
          26-02-2008 19:44 <DIR> Lavasoft
          24-01-2008 16:09 <DIR> MESSEN~1 Messenger Plus!
          01-03-2008 15:59 <DIR> MICROS~1 Microsoft
          27-09-2007 14:24 <DIR> Skype
          26-01-2008 10:18 <DIR> SPYBOT~1 Spybot - Search & Destroy
          21-01-2008 14:46 <DIR> TEMP
          09-03-2007 17:27 <DIR> WINDOW~1 Windows Genuine Advantage
          01-03-2008 15:58 <DIR> WLINST~1 WLInstaller
          0 bestand(en) 0 bytes
          17 map(pen) 55.497.830.400 bytes beschikbaar
          --------------------------------------------------------
          All User Accounts
          --------------------------------------------------------
          All Users
          Verbakel
          --------------------------------------------------------


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 17:19:39, on 15-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\ATKKBService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\Windows Live\Messenger\usnsvc.exe
          C:\Program Files\Windows Media Player\wmplayer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

          http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Sponserd By

          Keviiin!!!
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

          *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

          C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

          Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

          -Delay
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"

          /background
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale

          service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

          'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default

          user')
          O8 - Extra context menu item: Add a new emoticon -

          C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixCE.htm
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel -

          res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Set as My Display Picture -

          C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixDP.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

          Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

          C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

          C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

          C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

          {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

          Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

          - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program

          Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -

          C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

          Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

          C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

          http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

          http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) -

          http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

          http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -

          http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

          http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program

          Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. -

          C:\WINDOWS\ATKKBService.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) -

          Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

          Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

          C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -

          Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner -

          C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

          C:\Program Files\WinPcap\rpcapd.exe

          --
          End of file - 6979 bytes
          • Citaat

          Comment

          • #6
            Een rommellogje.


            Ga naar Start - Uitvoeren en tik in: notepad.exe
            Klik op OK.
            Ga in Kladblok naar Opmaak, en haal het vinkje weg voor "Automatische terugloop".
            Sluit Kladblok terug af.

            maak even een nieuw HJT logje aub

            Windows 10 opstarten in Veilige Modus
            • Citaat

            Comment

            • #7
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 18:05:59, on 15-3-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\ATKKBService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
              C:\WINDOWS\RTHDCPL.EXE
              C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
              C:\Program Files\Windows Live\Messenger\usnsvc.exe
              C:\Program Files\Windows Live\Messenger\msnmsgr.exe
              C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
              C:\Program Files\LimeWire\LimeWire.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Sponserd By Keviiin!!!
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O8 - Extra context menu item: Add a new emoticon - C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixCE.htm
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Set as My Display Picture - C:\DOCUME~1\Verbakel\LOCALS~1\Temp\Rar$EX06.828\MessengerMixLive_1.1\MixDP.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
              O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
              O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

              --
              End of file - 7098 bytes
              • Citaat

              Comment

              • #8
                De besmetting is weg zo te zien.

                Deze kan je nog wel even fixen.
                Start Hijackthis op en kies voor 'Do a system scan only'
                Selecteer alleen de items die hieronder zijn genoemd:

                O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
                O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

                Klik op 'Fix checked' om de items te verwijderen.

                Je kan de deljob verwijderen.


                Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


                - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
                - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
                - Zet een vinkje voor "Systeemherstel uitschakelen".
                - Klik "Toepassen".
                - Windows vraagt of je dat zeker weet.
                - Klik "Ja".
                - Klik "OK".
                - Start de pc opnieuw op.
                - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
                - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
                - Klik "Ja".
                - Verwijder het vinkje voor "Systeemherstel uitschakelen".
                - Klik "Toepassen".
                - Klik "OK".
                - Start de pc opnieuw op
                - Er is nu een nieuw schoon herstel punt aangemaakt

                Hier nog wat tips. Beveiligings Tips

                Alles goed zo ?

                Windows 10 opstarten in Veilige Modus
                • Citaat

                Comment

                • #9
                  Ja tot nu toe geen last meer ervan en me pc start weer iets sneller op want daar zat ikj eigelijk ook mee dat het lang duurde maar dat is nu ook verholpen
                  • Citaat

                  Comment

                  Vorige template Volgende
                  Sorry, you are not authorized to view this page
                  Working...
                  X