Mededeling

Collapse
No announcement yet.

Adserver5 Pop-UPS

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Adserver5 Pop-UPS

    Hallo allemaal..

    Ik ben een nieuwe lid van deze website en ben via google hiernaartoe gekomen en hopelijk is hier iemand die mij van me lijden wilt verlossen!

    Sinds een tijdje heb ik last van pop-ups van ADSERVER5 en mediaclick etc. IK heb letterlijk alle programma's gebruikt die er maar zijn, spyware doctor, Spybot, Hitmanpro, AD AWARE PRO... EN niks lijkt me te helpen, ze blijven maar komen die pop-ups. Ik begon het op te geven en ben op deze site terechtgekomen.. Ik heb waargenomen dat ik een Log moet plaatsen, hier is ie dan!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:03:07, on 27-3-2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    D:\Windows\System32\smss.exe
    D:\Windows\system32\csrss.exe
    D:\Windows\system32\csrss.exe
    D:\Windows\system32\wininit.exe
    D:\Windows\system32\services.exe
    D:\Windows\system32\lsass.exe
    D:\Windows\system32\lsm.exe
    D:\Windows\system32\winlogon.exe
    D:\Windows\system32\svchost.exe
    D:\Windows\system32\svchost.exe
    D:\Windows\System32\svchost.exe
    D:\Windows\System32\svchost.exe
    D:\Windows\System32\svchost.exe
    D:\Windows\system32\svchost.exe
    D:\Windows\system32\AUDIODG.EXE
    D:\Windows\system32\SLsvc.exe
    D:\Windows\system32\svchost.exe
    D:\Windows\system32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Windows\system32\Dwm.exe
    D:\Windows\Explorer.EXE
    D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    D:\Windows\System32\spoolsv.exe
    D:\Windows\system32\svchost.exe
    D:\Windows\system32\taskeng.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
    D:\Windows\system32\taskeng.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Windows\System32\rundll32.exe
    D:\Windows\System32\rundll32.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Windows\system32\svchost.exe
    D:\Program Files\Spyware Doctor\pctsAuxs.exe
    D:\Windows\ehome\ehtray.exe
    D:\Program Files\Windows Media Player\wmpnscfg.exe
    H:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    D:\Program Files\Spyware Doctor\pctsSvc.exe
    D:\Windows\system32\svchost.exe
    D:\Windows\System32\svchost.exe
    D:\Windows\system32\SearchIndexer.exe
    D:\Program Files\Spyware Doctor\pctsTray.exe
    D:\Windows\ehome\ehmsas.exe
    D:\Windows\system32\WUDFHost.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Windows Media Player\wmpnetwk.exe
    D:\Windows\System32\mobsync.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Internet Explorer\IEUser.exe
    H:\Program Files\IEPro\MiniDM.exe
    D:\Windows\system32\conime.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Azureus\Azureus.exe
    D:\Windows\system32\SearchProtocolHost.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    D:\Windows\keyg.exe
    H:\Program Files\Neoact\Carom3D\carom.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\Windows\system32\SearchFilterHost.exe
    D:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - H:\Program Files\IEPro\iepro.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - D:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HDAudDeck] "D:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" 1
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" D:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [dumb proxy] "D:\ProgramData\frag amok amok.9n98p"
    O4 - HKCU\..\Run: [CAMP SHIM EXIT HECK] "D:\ProgramData\Axis Third Eggs.0fs23f"
    O4 - HKCU\..\Run: [ehTray.exe] D:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] "D:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "H:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - H:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - H:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O15 - Trusted Zone: *.hyves.nl
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - H:\Program Files\Norton\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 10879 bytes

    Dank bij voorbaat!

  • #2
    Rechtsklik Hijackthis.exe en kies voor "Run as administrator"
    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    O4 - HKCU\..\Run: [dumb proxy] "D:\ProgramData\frag amok amok.9n98p"
    O4 - HKCU\..\Run: [CAMP SHIM EXIT HECK] "D:\ProgramData\Axis Third Eggs.0fs23f"
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart even je computer.

    Download dit bestand: Deljob.exe
    Plaats het op je bureaublad.
    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
    Post de inhoud van logit.txt in je volgende bericht.
    Post ook een nieuw logje van HijackThis

    Groeten smeenk

    Comment


    • #3
      Hartelijk dank voor de snelle reactie!
      Hier komen de Logs waarop werd verzocht:

      Deljob Logit:

      --------------------------------------------------------
      No LOP job-files found
      --------------------------------------------------------
      Files in Windows Tasks folder

      Norton AntiVirus - Run Full System Scan - FaiQ.job
      RegCure Program Check.job
      RegCure.job
      --------------------------------------------------------
      Export App Data folders
      --------------------------------------------------------
      Volume in drive D has no label.
      Volume Serial Number is 9C68-DF78

      Directory of D:\ProgramData

      02-03-2008 14:21 <DIR> Adobe
      26-03-2008 20:35 14 ANWBLO~1.CFG anwblog2008.cfg
      26-02-2008 14:04 299.024 AXISTH~1.0FS Axis Third Eggs.0fs23f
      26-02-2008 10:49 <DIR> Azureus
      26-02-2008 14:04 49.168 FRAGAM~1.7YV frag amok amok.7yvzk9
      26-02-2008 14:04 98.320 FRAGAM~1.9N9 frag amok amok.9n98p
      26-02-2008 11:05 <DIR> Google
      10-03-2008 09:31 <DIR> INSTAL~1 Installations
      26-02-2008 14:04 <DIR> LONGBI~1 Long Bits Base
      05-03-2008 18:05 <DIR> MESSEN~1 Messenger Plus!
      12-03-2008 09:40 <DIR> MICROS~2 Microsoft Help
      10-03-2008 09:32 <DIR> Nokia
      28-02-2008 17:00 <DIR> NVIDIA
      10-03-2008 08:43 <DIR> PCSUIT~1 PC Suite
      24-03-2008 12:41 <DIR> Prevx
      19-03-2008 07:36 <DIR> SITEGU~1 SITEguard
      27-03-2008 09:51 <DIR> SPYBOT~1 Spybot - Search & Destroy
      19-03-2008 07:56 <DIR> STOPZI~1 STOPzilla!
      25-03-2008 07:42 <DIR> Symantec
      27-03-2008 09:51 <DIR> TEMP
      26-02-2008 14:04 <DIR> THATFA~1 That Face Camp Shim
      26-02-2008 10:32 <DIR> WLINST~1 WLInstaller
      4 File(s) 446.526 bytes
      18 Dir(s) 4.190.867.456 bytes free
      --------------------------------------------------------
      All User Accounts
      --------------------------------------------------------
      FaiQ
      Public
      --------------------------------------------------------


      EN HIER de HIJACKTHIS Log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 9:56:36, on 27-3-2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      D:\Windows\System32\smss.exe
      D:\Windows\system32\csrss.exe
      D:\Windows\system32\csrss.exe
      D:\Windows\system32\wininit.exe
      D:\Windows\system32\services.exe
      D:\Windows\system32\lsass.exe
      D:\Windows\system32\lsm.exe
      D:\Windows\system32\svchost.exe
      D:\Windows\system32\winlogon.exe
      D:\Windows\system32\svchost.exe
      D:\Windows\System32\svchost.exe
      D:\Windows\System32\svchost.exe
      D:\Windows\System32\svchost.exe
      D:\Windows\system32\svchost.exe
      D:\Windows\system32\AUDIODG.EXE
      D:\Windows\system32\SLsvc.exe
      D:\Windows\system32\svchost.exe
      D:\Windows\system32\svchost.exe
      D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      D:\Windows\system32\Dwm.exe
      D:\Windows\Explorer.EXE
      D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      D:\Windows\System32\spoolsv.exe
      D:\Windows\system32\svchost.exe
      D:\Windows\system32\taskeng.exe
      D:\Program Files\Windows Defender\MSASCui.exe
      D:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
      D:\Windows\system32\taskeng.exe
      D:\Windows\system32\taskeng.exe
      D:\Program Files\Common Files\Symantec Shared\ccApp.exe
      D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      D:\Windows\System32\rundll32.exe
      D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      D:\Windows\system32\svchost.exe
      D:\Program Files\Spyware Doctor\pctsAuxs.exe
      D:\Program Files\Spyware Doctor\pctsSvc.exe
      D:\Program Files\Windows Live\Messenger\msnmsgr.exe
      D:\Windows\ehome\ehtray.exe
      D:\Program Files\Windows Media Player\wmpnscfg.exe
      H:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
      D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      D:\Windows\system32\svchost.exe
      D:\Windows\System32\svchost.exe
      D:\Windows\system32\SearchIndexer.exe
      D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      D:\Windows\system32\WUDFHost.exe
      D:\Windows\ehome\ehmsas.exe
      D:\Program Files\Spyware Doctor\pctsTray.exe
      D:\Windows\System32\rundll32.exe
      D:\Windows\system32\wbem\wmiprvse.exe
      D:\Program Files\Windows Media Player\wmpnetwk.exe
      D:\Windows\System32\mobsync.exe
      D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      D:\Program Files\Windows Live\Messenger\usnsvc.exe
      D:\Program Files\Internet Explorer\IEUser.exe
      D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      D:\Program Files\Internet Explorer\iexplore.exe
      D:\Windows\system32\conime.exe
      D:\Windows\system32\notepad.exe
      D:\Windows\system32\wbem\wmiprvse.exe
      D:\Windows\servicing\TrustedInstaller.exe
      D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - H:\Program Files\IEPro\iepro.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - D:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [HDAudDeck] "D:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" 1
      O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" D:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] D:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] "D:\Program Files\Windows Media Player\WMPNSCFG.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
      O4 - HKCU\..\Run: [PC Suite Tray] "H:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - H:\Program Files\IEPro\iepro.dll
      O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - H:\Program Files\IEPro\iepro.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O15 - Trusted Zone: http://asia.msi.com.tw
      O15 - Trusted Zone: http://global.msi.com.tw
      O15 - Trusted Zone: http://www.msi.com.tw
      O15 - Trusted Zone: *.hyves.nl
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - H:\Program Files\Norton\isPwdSvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

      --
      End of file - 10355 bytes

      Dank bij voorbaat!

      FaiQ

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        "D:\ProgramData\Axis Third Eggs.0fs23f"
        "D:\ProgramData\frag amok amok.7yvzk9"
        "D:\ProgramData\frag amok amok.9n98p") DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        >>log.txt (
        ECHO.
        ECHO Deleting folders)
        FOR %%I in (
        "D:\ProgramData\That Face Camp Shim"
        "D:\ProgramData\Long Bits Base") DO (
        IF EXIST %%I (
        RD /S /Q %%I
        IF EXIST %%I (
        ECHO %%I not deleted>>log.txt
        ) ELSE (
        ECHO %%I deleted>>log.txt)
        ) ELSE (
        ECHO %%I not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          Ok heb de stappen gevolgd en ik kreeg deze LOG:

          Deleting files
          "D:\ProgramData\Axis Third Eggs.0fs23f" deleted
          "D:\ProgramData\frag amok amok.7yvzk9" deleted
          "D:\ProgramData\frag amok amok.9n98p" deleted

          Deleting folders
          "D:\ProgramData\That Face Camp Shim" deleted
          "D:\ProgramData\Long Bits Base" deleted

          Grtz FaiQ

          Comment


          • #6
            Mooi zo

            Doe dit nog:

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Zijn alle problemen nu voorbij?

            Comment


            • #7
              Heb de verzochte stappen opgevolgd en ze zijn nu verdwenen...
              Ik ga niet te vroeg juichen haha..
              IK zal over 2 uur een post verplaatsen om te vermelden of ik nog last van heb.

              Heel erg bedankt voor de genomen tijd om te helpen!!

              Groetjes FaiQ

              Comment


              • #8
                Thanks!! Ik heb er geen last meer van!

                Echt super bedankt!!!!

                Groetjes FaiQ

                Comment


                • #9
                  Graag gedaan hoor

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X