Weergegeven resultaten: 1 t/m 10 van 10

Discussie: Allerlei pop-ups

  1. #1
    Up-to-date   Natazja's schermafbeelding
    Geregistreerd
    10 May 2005
    Berichten
    70
    Bedankjes
    105
    Bedankt
    39 keer in 12 posts

    Allerlei pop-ups

    Hai zouden jullie eens willen kijken. Ik heb last van pop-ups die zomaar komen opzetten.
    Ik heb gescant met Norton & Kasperski.
    Tevens een adaware ronde van : Spybot - Adaware - Pestpatrol & Microsoft Antispyware.
    Maar dat heeft allemaal niet mogen baten om die pop-ups te verwijderen.
    Dank jullie voor de moeite .

    Logfile of HijackThis v1.99.1
    Scan saved at 0:53:57, on 26-10-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\Config2500.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\Proggies\Hijack this\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dynamicclan.com/index.php?
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - Global Startup: Config2500.lnk = C:\WINDOWS\system32\Config2500.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\aza0097me.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

  2. #2
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts

    Re: Allerlei pop-ups

    Laat volgende bestandje eens scannen op Jotti: C:\WINDOWS\system32\aza0097me.dll

    Meldt het resultaat.
    Kan je me ook vertellen welke popups je krijgt? Voor welke sites en dergelijke?
    Killing the beasts inside your paradise since 2004


  3. #3
    Up-to-date   Natazja's schermafbeelding
    Geregistreerd
    10 May 2005
    Berichten
    70
    Bedankjes
    105
    Bedankt
    39 keer in 12 posts

    Re: Allerlei pop-ups

    Laatst gewijzigd door Natazja; 26 October 2005 om 08:23

  4. #4
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts

    Re: Allerlei pop-ups

    Download en installeer CCleaner.
    Gebruik het programma nog niet.
    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven..
    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:
    O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\aza0097me.dll
    Klik daarna op "Fix checked" en sluit HijackThis af.
    Start de computer in veilige modus.
    Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn:
    C:\WINDOWS\system32\aza0097me.dll
    Start Ccleaner en klik op de knop "Opschonen".(rechts beneden)
    Herstart de computer in normale modus.
    Download Silent Runners
    Unzip het naar een eigen map.
    Start SilentRunners.vbs
    Wanneer je antivirusprogramma een melding geeft, sta je toe om dit script uit te voeren.
    Er wordt een logje geplaatst in de map van waar je Silentrunners gestart hebt. Post de inhoud van dit logje, samen met een nieuw logje van hijackthis.
    Killing the beasts inside your paradise since 2004


  5. #5
    Up-to-date   Natazja's schermafbeelding
    Geregistreerd
    10 May 2005
    Berichten
    70
    Bedankjes
    105
    Bedankt
    39 keer in 12 posts

    Re: Allerlei pop-ups

    Deze gaf hijack nu niet aan : O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\aza0097me.dll

    Log Silent Runners :

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
    "SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
    "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
    "PestPatrol Control Center" = "C:\PROGRA~1\PESTPA~1\PPControl.exe" ["Computer Associates International"]
    "PPMemCheck" = "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [null data]
    "CookiePatrol" = "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" ["Computer Associates International"]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
    "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universele Plug en Play-apparaten"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
    "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1043\UNBIND.DLL" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
    "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{C4BAB0CF-C620-4A2A-B5B8-BF63DF71CA61}" = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\lhfil13n.dll" [null data]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
    INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    INFECTION WARNING! RunOnceEx\DLLName = "C:\WINDOWS\system32\m0ju0a19ed.dll" [null data]
    HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
    IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\INCRED~1\bin\ImShExt.dll" ["IncrediMail, Ltd."]
    LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
    RenameItMenu\(Default) = "{96CEE561-5882-11d2-A303-00C0DFE4FBC3}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Flores Software\Rename It\Rename It.dll" ["Flores Software"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
    LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Active Desktop and Wallpaper:
    -----------------------------
    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\natazja\Local Settings\Application Data\Microsoft\Wallpaper2.bmp"

    Startup items in "natazja" & "All Users" startup folders:
    ---------------------------------------------------------
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
    "Config2500" -> shortcut to: "C:\WINDOWS\system32\Config2500.exe" ["Ralink Technology, Corp."]

    Winsock2 Service Provider DLLs:
    -------------------------------
    Namespace Service Providers
    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    Transport Service Providers
    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------
    Toolbars
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    Extensions (Tools menu items, main toolbar menu buttons)
    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.ex e" [MS]

    HOSTS file
    ----------
    HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\
    HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------
    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Eenvoudige TCP/IP-services, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
    HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
    StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
    Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
    Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 44 seconds, including 18 seconds for message boxes)

    Nieuwe log Hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:32:53, on 26-10-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\Config2500.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Proggies\Hijack this\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dynamicclan.com/index.php?
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - Global Startup: Config2500.lnk = C:\WINDOWS\system32\Config2500.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\m0ju0a19ed.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

  6. #6
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts

    Re: Allerlei pop-ups

    *Download de trial versie van Spysweeper.
    Kies bij het ninstallatie voor "standaard installatie", en geef je emailadres in wanneer daar naar gevraagd wordt.
    Er zal gevraagd worden of je de nieuwste definities wil downloaden, sta dit dan toe (dit kan even duren)

    klik dan op Options > Sweep Options en vink het volgende aan: Sweep all Folders on Selected drives en Local Disc C.
    Bij "What to Sweep", vink je alles aan.

    klik op "Sweep" en laat het je systeem volledig scannen

    Na afloop van de scan, klik je op "Remove", en vervolgens klik je op "Select All" en daarna "Next".

    Klik op "Results" en vervolgens op het tabblad "Session Log".
    klik dan op "Save to File" en bewaar het logje op je bureaublad.

    Sluit Spysweeper af.

    Herstart je pc, en plaats dan een nieuw logje van hijackthis samen met het logje van spysweeper.
    Killing the beasts inside your paradise since 2004


  7. #7
    Up-to-date   Natazja's schermafbeelding
    Geregistreerd
    10 May 2005
    Berichten
    70
    Bedankjes
    105
    Bedankt
    39 keer in 12 posts

    Re: Allerlei pop-ups

    Log Spysweeper :

    ********
    15:53: | Start of Session, woensdag 26 oktober 2005 |
    15:53: Spy Sweeper started
    15:53: Sweep initiated using definitions version 561
    15:53: Starting Memory Sweep
    15:54: Found Adware: icannnews
    15:54: Detected running threat: C:\WINDOWS\system32\m0ju0a19ed.dll (ID = 83)
    15:54: Detected running threat: C:\WINDOWS\system32\lhfil13n.dll (ID = 83)
    15:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:55: Memory Sweep Complete, Elapsed Time: 00:01:51
    15:55: Starting Registry Sweep
    15:55: Found Adware: hotbar
    15:55: HKCR\asapcom.asapclass\ (5 subtraces) (ID = 127222)
    15:55: HKCR\asapcom.asapenvelope\ (5 subtraces) (ID = 127223)
    15:55: HKCR\asapcom.asapmain\ (5 subtraces) (ID = 127224)
    15:55: HKCR\asapcom.asapmessage\ (5 subtraces) (ID = 127225)
    15:55: HKCR\asapcom.asaprecipients\ (5 subtraces) (ID = 127226)
    15:55: HKCR\clsid\{8ac5bc54-b13b-4642-99f9-0baa2d116184}\ (11 subtraces) (ID = 127240)
    15:55: HKCR\clsid\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}\ (11 subtraces) (ID = 127251)
    15:55: HKCR\clsid\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}\ (11 subtraces) (ID = 127257)
    15:55: HKCR\clsid\{319260ab-be0c-4025-8569-7a27ed2faab9}\ (11 subtraces) (ID = 127259)
    15:55: HKCR\clsid\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}\ (11 subtraces) (ID = 127269)
    15:55: HKLM\software\classes\asapcom.asapclass.1\ (3 subtraces) (ID = 127385)
    15:55: HKLM\software\classes\asapcom.asapclass\ (5 subtraces) (ID = 127386)
    15:55: HKLM\software\classes\asapcom.asapenvelope\ (5 subtraces) (ID = 127387)
    15:55: HKLM\software\classes\asapcom.asapmain\ (5 subtraces) (ID = 127388)
    15:55: HKLM\software\classes\asapcom.asapmessage\ (5 subtraces) (ID = 127389)
    15:55: HKLM\software\classes\asapcom.asaprecipients\ (5 subtraces) (ID = 127390)
    15:55: HKLM\software\classes\clsid\{8ac5bc54-b13b-4642-99f9-0baa2d116184}\ (11 subtraces) (ID = 127403)
    15:55: HKLM\software\classes\clsid\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}\ (11 subtraces) (ID = 127414)
    15:55: HKLM\software\classes\clsid\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}\ (11 subtraces) (ID = 127421)
    15:55: HKLM\software\classes\clsid\{319260ab-be0c-4025-8569-7a27ed2faab9}\ (11 subtraces) (ID = 127423)
    15:55: HKLM\software\classes\clsid\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}\ (11 subtraces) (ID = 127433)
    15:55: HKLM\software\classes\typelib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}\ (9 subtraces) (ID = 127556)
    15:55: HKCR\typelib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}\ (9 subtraces) (ID = 127655)
    15:55: Found Adware: shopathomeselect
    15:55: HKLM\software\ || test (ID = 141678)
    15:55: Found Adware: winad
    15:55: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (1 subtraces) (ID = 763026)
    15:55: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
    15:55: Found Adware: switchdialer
    15:55: HKU\S-1-5-21-73586283-1482476501-682003330-1004\software\microsoft\internet explorer\new windows\allow\ || *.ffx23wl.nl (ID = 143490)
    15:55: Found Adware: targetsaver
    15:55: HKU\S-1-5-21-73586283-1482476501-682003330-1004\software\tsl2\ (1 subtraces) (ID = 143616)
    15:55: Registry Sweep Complete, Elapsed Time:00:00:08
    15:55: Starting Cookie Sweep
    15:55: Cookie Sweep Complete, Elapsed Time: 00:00:00
    15:55: Starting File Sweep
    15:55: Found Adware: azsearch toolbar
    15:55: azesearch.bmp (ID = 50322)
    15:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:57: ztmpz.reg (ID = 50321)
    15:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:04: hqrhil7kg.ini (ID = 75789)
    16:04: umqltg4cl.ini (ID = 75960)
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Unhandled Archive Type
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: Warning: Invalid file - not a PKZip file
    16:04: File Sweep Complete, Elapsed Time: 00:09:05
    16:04: Full Sweep has completed. Elapsed time 00:11:07
    16:04: Traces Found: 217
    16:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    16:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    16:05: Removal process initiated
    16:05: Quarantining All Traces: azsearch toolbar
    16:05: Quarantining All Traces: hotbar
    16:05: Quarantining All Traces: icannnews
    16:05: icannnews is in use. It will be removed on reboot.
    16:05: C:\WINDOWS\system32\m0ju0a19ed.dll is in use. It will be removed on reboot.
    16:05: C:\WINDOWS\system32\lhfil13n.dll is in use. It will be removed on reboot.
    16:05: Quarantining All Traces: shopathomeselect
    16:05: Quarantining All Traces: switchdialer
    16:05: Quarantining All Traces: targetsaver
    16:05: Quarantining All Traces: winad
    16:06: Removal process completed. Elapsed time 00:00:55
    ********
    15:50: | Start of Session, woensdag 26 oktober 2005 |
    15:50: Spy Sweeper started
    15:51: Your spyware definitions have been updated.
    15:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    15:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    15:53: | End of Session, woensdag 26 oktober 2005 |



    Log Hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:12:31, on 26-10-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Config2500.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Proggies\Hijack this\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dynamicclan.com/index.php?
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - Global Startup: Config2500.lnk = C:\WINDOWS\system32\Config2500.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

  8. #8
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts

    Re: Allerlei pop-ups

    Dit ziet er goed uit Spysweeper heeft zijn werk keurig gedaan

    Krijg je nu nog die popups?
    Killing the beasts inside your paradise since 2004


  9. #9
    Up-to-date   Natazja's schermafbeelding
    Geregistreerd
    10 May 2005
    Berichten
    70
    Bedankjes
    105
    Bedankt
    39 keer in 12 posts

    Re: Allerlei pop-ups

    Nee momenteel krijg ik idd geen popups meer te zien.
    Helemaal super ( wat een ellende die dingen).
    Dank je wel voor alle moeite

  10. #10
    Erelid/Spyware Slayer   Beamerke's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    Heppen
    Berichten
    1.193
    Bedankjes
    25
    Bedankt
    184 keer in 157 posts

    Re: Allerlei pop-ups

    Graag gedaan hoor

    Deze topic doe ik nu op slot. Als het terug geopend wil hebben, stuur dan een berichtje naar mij of een andere moderator/Admin.
    Killing the beasts inside your paradise since 2004


Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •