Mededeling

Collapse
No announcement yet.

mt50.nl pop ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • mt50.nl pop ups

    Hoi,
    ook ik word geplaagd met vervelende mt50.nl pop-ups. Blijkbaar is dit de plaats om er eindelijk van verlost te raken. Alvast bedankt om het volgende HJT-logje te bekijken.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:30:05, on 27/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 7682 bytes

  • #2
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hoi, hier het resultaat. Bedankt voor de snelle reactie.

      Deckard's System Scanner v20071014.68
      Run by francis on 2008-03-27 18:57:51
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      39: 2008-03-27 17:57:59 UTC - RP76 - Deckard's System Scanner Restore Point
      38: 2008-03-24 15:20:33 UTC - RP75 - ComboFix created restore point
      37: 2008-03-15 09:54:01 UTC - RP74 - Software Distribution Service 3.0
      36: 2008-03-08 16:00:47 UTC - RP73 - Controlepunt van systeem
      35: 2008-02-23 08:29:54 UTC - RP72 - Controlepunt van systeem


      -- First Restore Point --
      1: 2007-06-30 14:37:08 UTC - RP38 - Installed AVG 7.5


      Backed up registry hives.
      Performed disk cleanup.

      Total Physical Memory: 447 MiB (512 MiB recommended).


      -- HijackThis (run as francis.exe) ---------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:59:03, on 27/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Acer\eManager\anbmServ.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Arcade\PCMService.exe
      C:\Program Files\Launch Manager\QtZgAcer.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
      C:\Program Files\acer\eRecovery\Monitor.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Documents and Settings\francis\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\francis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
      O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

      --
      End of file - 7674 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080308-160233-547 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
      backup-20080323-203706-998 O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-3.dll

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
      R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
      R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows (R) Server 2003 DDK driver>
      R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
      R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
      R3 int15.sys - c:\program files\acer\erecovery\int15.sys
      R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
      R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

      S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
      S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
      S3 ssm_mdm (Samsung Mobile USB Port II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>

      S2 Planner voor Automatische LiveUpdate - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-02-27 and 2008-03-27 -----------------------------

      2008-03-24 17:39:44 0 d-------- C:\Documents and Settings\francis\DoctorWeb
      2008-03-24 16:20:16 68096 --a------ C:\WINDOWS\system32\zip.exe
      2008-03-24 16:20:16 98816 --a------ C:\WINDOWS\system32\sed.exe
      2008-03-24 16:20:16 80412 --a------ C:\WINDOWS\system32\grep.exe
      2008-03-24 16:20:16 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
      2008-03-24 16:17:41 0 d-------- C:\RVAXO
      2008-03-24 16:15:43 756484 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-24 16:15:43 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-08 15:02:52 0 d-------- C:\Program Files\Trend Micro
      2008-03-08 13:59:20 691545 --a------ C:\WINDOWS\unins000.exe
      2008-03-08 13:59:20 2552 --a------ C:\WINDOWS\unins000.dat


      -- Find3M Report ---------------------------------------------------------------

      2008-02-02 10:36:56 444074 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-02-02 10:36:56 70744 --a------ C:\WINDOWS\system32\perfc013.dat


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LaunchApp"="Alaunch"
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/10/2004 23:44]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/10/2004 23:43]
      "SoundMan"="SOUNDMAN.EXE" [23/02/2005 18:13 C:\WINDOWS\SOUNDMAN.EXE]
      "AGRSMMSG"="AGRSMMSG.exe" [07/10/2004 19:50 C:\WINDOWS\AGRSMMSG.exe]
      "SiSPower"="SiSPower.dll" [25/02/2005 19:35 C:\WINDOWS\system32\SiSPower.dll]
      "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [04/03/2005 13:13]
      "PCMService"="C:\Program Files\Arcade\PCMService.exe" [09/03/2005 18:59]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
      "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [23/02/2005 11:04]
      "eRecoveryService"="C:\Windows\System32\Check.exe" [24/11/2004 17:34]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/02/2004 13:38]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 15:18]
      "CamMonitor"="C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe" [07/10/2002 00:23]
      "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [17/04/2002 10:42]
      "Motive SmartBridge"="C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe" [21/04/2006 15:41]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/12/2007 14:33]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27/07/2007 11:07]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [7/03/2005 18:35:47]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [28/05/2004 22:31:38]
      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [28/05/2004 23:06:36]
      Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [20/03/2007 11:34:46]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"=0 (0x0)
      "HideLegacyLogonScripts"=0 (0x0)
      "HideLogoffScripts"=0 (0x0)
      "RunLogonScriptSync"=1 (0x1)
      "RunStartupScriptSync"=1 (0x1)
      "HideStartupScripts"=0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "HideLegacyLogonScripts"=0 (0x0)
      "HideLogoffScripts"=0 (0x0)
      "RunLogonScriptSync"=1 (0x1)
      "RunStartupScriptSync"=1 (0x1)
      "HideStartupScripts"=0 (0x0)




      -- End of Deckard's System Scanner: finished at 2008-03-27 18:59:43 ------------

      Comment


      • #4
        Probeer dit eens:

        Download Malwarebytes' Anti-Malware op je bureaublad.
        Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
        Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
        Druk daarna op "Finish".
        Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
        Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
        Druk dan op de knop "Start Scan".
        Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
        Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
        Als het programma je computer wil laten herstarten, sta je dit toe.
        Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
        Post deze log in je volgende bericht

        Comment


        • #5
          Het resultaat :

          Malwarebytes' Anti-Malware 1.09
          Database versie: 556

          Scan type: Volledige Scan (C:\|D:\|E:\|)
          Objecten gescand: 74736
          Verstreken tijd: 14 minute(s), 24 second(s)

          Geheugenprocessen geïnfecteerd: 0
          Geheugenmodulen geïnfecteerd: 0
          Registersleutels geïnfecteerd: 25
          Registerwaarden geïnfecteerd: 1
          Registerdata bestanden geïnfecteerd: 0
          Mappen geïnfecteerd: 0
          Bestanden geïnfecteerd: 6

          Geheugenprocessen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Geheugenmodulen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Registersleutels geïnfecteerd:
          HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\browsingtool.browserwatcher (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\browsingtool.browserwatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{0daee015-a728-c212-9b8f-298391b8328e} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{aaf21892-e4d8-e8ed-e36a-3a91e3b2db29} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\browsingtool.pornpro_bho (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\browsingtool.pornpro_bho.1 (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\BrowsingTool (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BrowsingTool.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.BrowserWatcher (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.BrowserWatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PornPro_BHO (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PornPro_BHO.1 (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PrecacheBrowserHost (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingTool.PrecacheBrowserHost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

          Registerwaarden geïnfecteerd:
          HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

          Registerdata bestanden geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Mappen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Bestanden geïnfecteerd:
          C:\Documents and Settings\francis\DoctorWeb\Quarantine\A0028557.dll (Adware.Mirar) -> Quarantined and deleted successfully.
          C:\Program Files\Trend Micro\HijackThis\backups\backup-20080323-203706-998.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{EC3A6270-4A59-4CE4-9575-1A5D7FFE1946}\RP74\A0028894.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{EC3A6270-4A59-4CE4-9575-1A5D7FFE1946}\RP74\A0028987.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{EC3A6270-4A59-4CE4-9575-1A5D7FFE1946}\RP74\A0028988.exe (Adware.Agent) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{EC3A6270-4A59-4CE4-9575-1A5D7FFE1946}\RP74\A0028990.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

          Comment


          • #6
            Zijn de problemen nu voorbij?

            Comment


            • #7
              Hopelijk wel. Ik moet dit eerste enkele dagen testen, aangezien deze pop-ups niet elke internetsessie/dag verschenen.

              Alleszins bedankt voor uw hulp. Ik zal binnen enkele dagen het definitieve resultaat meedelen.

              Comment


              • #8
                OK ik hoor het dan wel

                Comment


                • #9
                  Hoi,

                  slecht nieuws :

                  pc zonet gestart en ne enige minuten surfen volgende pop-up gekregen :

                  http://be(dot)sso(dot)dada(dot)net/mobi/specialoffer_be14(dot)html

                  mvg

                  Comment


                  • #10
                    Krijg je die popup met Internet Explorer of met FireFox?

                    Comment


                    • #11
                      Internet Explorer...

                      en ik kreeg hem bij het openen van www.frugalsworld.com.

                      Zonet kreeg ik bij het openen (via intypen in de IE adresbalk) van dezelfde site opnieuw een pop-up :
                      http://www(dot)mt50(dot)nl/acties/BE/zdvwintersport/index(dot)php?afid=79&zanpid=8164150C2024928888
                      Last edited by bengo; 28-03-08, 17:15.

                      Comment


                      • #12
                        Je krijgt hem alleen bij die website, of krijg je hen ook bij het bekijken van het Nucia forum?

                        Comment


                        • #13
                          Nee, alleen bij die website. Maar bij navraag blijkt dat de hoofdpage van die site inderdaad gesponsord is dmv ads. Zal dus normaal wel geen kwaad kunnen neem ik aan. Wel raar dat ie voorbij de google toolbar en IE-pop-up-blokker raakt.

                          Comment


                          • #14
                            Oorspronkelijk geplaatst door bengo Bekijk Berichten
                            Wel raar dat ie voorbij de google toolbar en IE-pop-up-blokker raakt.
                            Daar hebben ze speciale scripts voor, ik zag bij mij met FireFox geen popups, maar in de broncode van die website kwam ik inderdaad scripts tegen die popups moeten laten verschijnen

                            Als je deze regel:
                            Code:
                            127.0.0.1 media.fastclick.net
                            aan je hosts-bestand zou toevoegen, dan worden ze waarschijnlijk wel geblokkeerd

                            Comment


                            • #15
                              Prettig weekend gewenst en nog bedankt voor de hulp.

                              Groetjes.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X