Mededeling

Collapse
No announcement yet.

vervelende popup

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    vervelende popup

    Hallo, elke keer als ik mijn IE opstart krijg ik een popup met namen zoals
    securepccleaner.com advancedcleaner.com erin. Hier springt dan weer een nieuw popupje bovenop met de vraag of ik mijn pc wil scannen.
    Het gebeurd alleen bij de eerste keer als ik IE opstart, daarna niet meer.

    Hier is mijn hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:29:37, on 20-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyflock.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BA123AC2-1A28-43D2-AECB-8B0FF31C9BBE} - C:\WINDOWS\system32\cryptsv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120w.bay120.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9506 bytes
    Labels: Geen
    • Citaat
  • #2
    Laten we eens wat proberen:

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      Hier volgen de 2 logs:




      ---RVAXO.exe Updated: 2008-03-19---first run---
      Uninstallers:

      Files found:
      C:\Autorun.inf

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:
      C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn ontvangen bestanden\Fenix Jumping time 21 april 2007.zip
      C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn ontvangen bestanden\Nieuwe map.zip
      C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn ontvangen bestanden\Overdosed.zip

      --------------RVAXO.exe finished----------------



      Deckard's System Scanner v20071014.68
      Run by Eigenaar on 2008-03-20 17:04:23
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      43: 2008-03-20 16:04:35 UTC - RP510 - Deckard's System Scanner Restore Point
      42: 2008-03-19 11:15:27 UTC - RP509 - Software Distribution Service 3.0
      41: 2008-03-18 12:34:13 UTC - RP508 - Removed innotek VirtualBox
      40: 2008-03-17 15:58:12 UTC - RP507 - Controlepunt van systeem
      39: 2008-03-16 12:48:29 UTC - RP506 - Controlepunt van systeem


      -- First Restore Point --
      1: 2008-02-11 12:34:49 UTC - RP468 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.

      Total Physical Memory: 510 MiB (512 MiB recommended).


      -- HijackThis (run as Eigenaar.exe) --------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:07:42, on 20-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\UGZGGC8F\dss[1].exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Eigenaar.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyflock.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {BA123AC2-1A28-43D2-AECB-8B0FF31C9BBE} - C:\WINDOWS\system32\cryptsv.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
      O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120w.bay120.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

      --
      End of file - 9724 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080319-120324-369 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      backup-20080319-120324-464 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      backup-20080319-120324-577 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      backup-20080319-120324-859 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      backup-20080319-120441-895 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

      -- File Associations -----------------------------------------------------------

      .js - jsfile - DefaultIcon - unable to read value
      .reg - regfile - shell\open\command - "regedit.exe" "%1"


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
      R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
      R3 SoC PC-Camera Service (CANYON CN-WCAM21 PC-Camera) - c:\windows\system32\drivers\pfc027.sys

      S3 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
      S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

      S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Scheduled Tasks -------------------------------------------------------------

      2008-03-20 17:00:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
      2008-03-12 20:21:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


      -- Files created between 2008-02-20 and 2008-03-20 -----------------------------

      2008-03-20 16:57:24 0 d-------- C:\RVAXO
      2008-03-20 16:55:59 747838 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-20 16:55:59 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-20 16:52:52 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-03-20 16:52:52 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
      2008-03-20 16:52:52 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-03-20 16:52:52 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
      2008-03-20 16:52:52 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-03-20 16:52:52 0 d--h----- C:\Documents and Settings\Administrator\NetHood
      2008-03-20 16:52:52 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-03-20 16:52:52 0 dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-03-20 16:52:52 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
      2008-03-20 16:52:52 0 d-------- C:\Documents and Settings\Administrator\Favorieten
      2008-03-20 16:52:52 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
      2008-03-20 16:52:52 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-03-20 16:52:52 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
      2008-03-20 16:52:52 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
      2008-03-20 16:50:03 0 d-------- C:\WINDOWS\pss
      2008-03-18 13:38:20 0 d-------- C:\Program Files\Trend Micro
      2008-03-17 16:11:25 164 --a------ C:\install.dat
      2008-03-12 12:05:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-03-11 17:04:12 1097 --a------ C:\led.bat
      2008-03-11 16:56:07 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
      2008-03-11 16:55:55 0 d-------- C:\Documents and Settings\Eigenaar\WINDOWS
      2008-03-11 16:52:05 0 d-------- C:\Documents and Settings\Eigenaar\.VirtualBox
      2008-03-11 14:04:31 88064 --a------ C:\WINDOWS\system32\cryptsv.dll
      2008-03-09 21:09:10 0 d-------- C:\WINDOWS\system32\js
      2008-03-09 21:09:10 0 d-------- C:\WINDOWS\system32\images
      2008-03-09 21:09:10 0 d-------- C:\WINDOWS\system32\html
      2008-03-09 21:09:10 0 d-------- C:\WINDOWS\system32\css
      2008-03-09 21:09:10 0 d-------- C:\Program Files\Business Objects
      2008-03-09 20:52:04 0 d-------- C:\Program Files\Microsoft SQL Server
      2008-03-09 20:50:50 0 d-------- C:\Program Files\Microsoft Device Emulator
      2008-03-09 20:48:51 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
      2008-03-09 20:46:52 0 d-------- C:\Program Files\Microsoft Synchronization Services
      2008-03-09 20:46:51 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
      2008-03-09 20:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
      2008-03-09 20:21:48 0 d-------- C:\WINDOWS\symbols
      2008-03-09 20:17:44 0 d-------- C:\Program Files\Microsoft SDKs
      2008-03-09 20:17:44 0 d-------- C:\Program Files\HTML Help Workshop
      2008-03-09 20:17:44 0 d-------- C:\Program Files\Common Files\Merge Modules
      2008-03-09 20:17:43 0 d-------- C:\Program Files\CE Remote Tools
      2008-03-09 20:17:42 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
      2008-03-09 20:15:22 0 d-------- C:\Program Files\Microsoft Web Designer Tools
      2008-03-09 18:58:35 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\Download Manager
      2008-03-04 16:21:28 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-03-04 16:21:15 0 d-------- C:\Program Files\Windows Live
      2008-03-04 16:20:52 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-20 13:22:49 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


      -- Find3M Report ---------------------------------------------------------------

      2008-03-17 16:06:11 0 d-------- C:\Program Files\LimeWire
      2008-03-16 15:04:12 0 d-------- C:\Program Files\Spyware Doctor
      2008-03-16 13:04:02 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\LimeWire
      2008-03-10 15:49:13 0 d-------- C:\Program Files\Windows Live Safety Center
      2008-03-09 21:05:48 560454 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-03-09 21:05:48 110466 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-03-09 21:01:07 0 d-------- C:\Program Files\Microsoft.NET
      2008-03-09 20:22:39 0 d-------- C:\Program Files\MSBuild
      2008-03-09 20:17:44 0 d-------- C:\Program Files\Common Files
      2008-03-09 15:58:48 0 d-------- C:\Program Files\Java
      2008-02-28 15:06:30 0 d-------- C:\Program Files\InterPoker
      2008-02-19 14:54:07 27648 --a------ C:\WINDOWS\system32\Inpout32.dll
      2008-02-15 13:53:13 0 d-------- C:\Program Files\FTDv3.8
      2008-02-08 12:30:09 0 d--h----- C:\Program Files\InstallShield Installation Information
      2007-12-23 22:39:39 219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA123AC2-1A28-43D2-AECB-8B0FF31C9BBE}]
      13-09-2004 21:01 88064 --a------ C:\WINDOWS\system32\cryptsv.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14-10-2004 14:42]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [14-09-2006 14:46]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20-09-2005 08:35]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20-09-2005 08:32]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20-09-2005 08:36]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 16:40]
      "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14-12-2004 02:12]
      "RegistryMechanic"=""
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 18:20]
      "@"=""
      "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [03-03-2007 14:12]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11-12-2007 10:56]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11-12-2007 12:10]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [13-09-2004 21:01]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [8-12-2006 14:31:40]
      Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 20:16:50]
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 20:05:26]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "AllowLegacyWebView"=1 (0x1)
      "AllowUnhashedWebView"=1 (0x1)




      -- End of Deckard's System Scanner: finished at 2008-03-20 17:08:57 ------------
      Last edited by kevinboos; 20-03-08, 18:12.
      • Citaat

      Comment

      • #4
        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
        O2 - BHO: (no name) - {BA123AC2-1A28-43D2-AECB-8B0FF31C9BBE} - C:\WINDOWS\system32\cryptsv.dll
        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Herstart je computer.

        Post na de herstart een nieuw logje van Hijackthis
        • Citaat

        Comment

        • #5
          volgens mij is de popup nu verdwenen, thanks!

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:16:57, on 20-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Analog Devices\Core\smax4pnp.exe
          C:\Program Files\Eset\nod32kui.exe
          C:\WINDOWS\system32\hkcmd.exe
          C:\WINDOWS\system32\igfxpers.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
          C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\Program Files\Spyware Doctor\sdhelp.exe
          c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\Program Files\Windows Live\Messenger\usnsvc.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyflock.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
          O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
          O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
          O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
          O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
          O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120w.bay120.mail.live.com/mail/resources/MsnPUpld.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

          --
          End of file - 9565 bytes
          • Citaat

          Comment

          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Download DAFT naar je Bureaublad
            • Dubbelklik op het groene daft.exe icoon.
            • Lees de disclaimer en klik op OK.
            • Klik op de Scan knop.
            • Vink (indien foutieve associaties worden aangetroffen) alle weergegeven items aan.
            • Klik op de Fix knop.
            • Herhaal de scan en klik op "Save log".
              Standaard wordt dit op je Bureaublad opgeslagen als daft.txt.
            Post ook een nieuw logje van Deckard's System Scanner en vertel of er nog problemen zijn
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X