Heel veel pop ups door progje?....

[Nightshade]

Ik krijg laatste tijd heel veel pop ups zoals "zie bijlage" deze.

Ik denk dat een programmatje het veroorzaakt want ik ben niet op een website voordat die pop ups komen.
Alleen MSN.

Weet iemand wat ik hiertegen kan doen? welk progje of virus het zou kunnen zijn?
Ik kan wel screenie van m'n lopende progjes op dat moment maken als dat nodig is.

 

[mjvogd]

Scan je pc eens met ad-aware ofzo (zie tucows.nl) en installeer een firewall (bijv. zonealarm; www.zonelabs.com)

Martijn

 

[meelman]

heb je al op virussen gecontroleerd? En op spware?

 

[Bennie]

Dat is de Messenger Service van Windows. Die moet je disablen:
http://www.itc.virginia.edu/desktop/docs/messagepopup/

Groetjes,
Bennie

 

[Nightshade]

sommige mensen hebben verstand van Hijack this dus dit kan mischien helpen met het probleem op te lossen.

De pop ups zijn namelijk niet alleen van messenger service.
Ik had een hoop spyware maar alles verwijderd en nog steeds pop ups.

Hijack log:

Logfile of HijackThis v1.96.0
Scan saved at 0:57:58, on 3/08/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\SiS300_V1.02\utility\khooker.exe
C:\Program Files\SiS300_V1.02\utility\sistray.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\Program Files\Winamp\Winampa.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\uptodate.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\MemoryMeter\MemoryMeter.exe
C:\WINNT\TVTMD.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\ctfmon.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\wuauclt.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iMesh\Client\iMeshClient.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchandclick.com/metasearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL =

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\System32\msiefr40.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_20.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [khooker] C:\Program Files\SiS300_V1.02\utility\khooker.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Program Files\SiS300_V1.02\utility\sistray.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINNT\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [QTWZN] C:\WINNT\QTWZN.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\System32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [MemoryMeter] C:\Program Files\MemoryMeter\MemoryMeter.exe
O4 - HKLM\..\Run: [TVTMD] C:\WINNT\TVTMD.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Startup: SpeedTouch Dial-up.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Browser Pal Toolbar (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.fotovanjehuis.nl/vinden/foto.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://membersites.namezero.com/DOT-ANKE.US-827043/be/be/webinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37441.9138425926
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4240/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2601AC49-BAE4-4D83-8252-8C56F38C3BC3}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{2601AC49-BAE4-4D83-8252-8C56F38C3BC3}: NameServer = 195.238.2.22 195.238.2.21

 

[Bennie]

Laat Hijackthis de volgende items verwijderen. Sluit wel eerst je browser:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchandclick.com/metasearch.html
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\System32\msiefr40.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_20.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll (file missing)
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINNT\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [QTWZN] C:\WINNT\QTWZN.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\System32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [MemoryMeter] C:\Program Files\MemoryMeter\MemoryMeter.exe
O4 - HKLM\..\Run: [TVTMD] C:\WINNT\TVTMD.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.fotovanjehuis.nl/vinden/foto.exe
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2601AC49-BAE4-4D83-8252-8C56F38C3BC3}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{2601AC49-BAE4-4D83-8252-8C56F38C3BC3}: NameServer = 195.238.2.22 195.238.2.21

Reboot.

Laat daarna Spybot nog even erover heengaan:
http://security.kolla.de/index.php?lang=en&page=download

Wel eerst updaten.

Tip: deïnstalleer Imesh. Die zit vol Spyware.

Groetjes,
Bennie