ongewenste pagina's in iexplorer

Status
Niet open voor verdere reacties.

com1000

Nieuwe gebruiker
Lid geworden
20 aug 2003
Berichten
4
vraagje van een newbie
ik gebruik windows xp pro en als browser avant
maar als ik zit te netten of te gamen
komt tekens iexplorer met vervelende reclamepagina's
ik heb mijn systeem al gescand op spyware en alles wat er gevonden is eraf gegooid maar het probleem is er nog steeds
bvd voor de moeite

greetings
 
Hoi com1000,

Download HijackThis. Uitleg en link vind je hier: http://www.tomcoyote.org/hjt/
Unzip en run het. Klik op Scan > Save log en sla het log op als een .txt bestand.
Kopieer en plak de inhoud in je volgende post.

Groetjes,

Pieter
 
oke pieter bij deze gedaan
alvast heel erg bedankt

Logfile of HijackThis v1.96.1
Scan saved at 15:46:39, on 20-8-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\KaZaA Lite\Kazaa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Save\Save.exe
C:\Program Files\SuperBar\sbhc.exe
C:\PROGRA~1\KAZAAS~1\msbb.exe
C:\DOCUME~1\peter\APPLIC~1\outhhoch.exe
C:\WINDOWS\System32\arr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\WEATHE~1\Weather.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\DOCUME~1\peter\LOCALS~1\Temp\Jdl1.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Avant Browser\avant.exe
C:\DOCUME~1\peter\LOCALS~1\Temp\Rar$EX00.144\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SuperBar - {B7F6AB41-72EB-41B7-A85D-3DE2435ACEEB} - C:\Program Files\SuperBar\SuperBar.Dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [FILP] C:\WINDOWS\FILP.exe
O4 - HKLM\..\Run: [BIPWD] C:\WINDOWS\BIPWD.exe
O4 - HKLM\..\Run: [msbb] C:\PROGRA~1\KAZAAS~1\msbb.exe
O4 - HKLM\..\Run: [ecrkck] C:\DOCUME~1\peter\APPLIC~1\outhhoch.exe -QuieT
O4 - HKLM\..\Run: [MS-RunKey] C:\WINDOWS\System32\arr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.terra.es/personal9/centuryrules/wrn/mp3_plugin.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d5130.scrk.com
O17 - HKLM\Software\..\Telephony: DomainName = d5130.scrk.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DD3431C-9080-4925-8D58-223A43114B5D}: Domain = d5130.scrk.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d5130.scrk.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d5130.scrk.com
 
Hier kan je lezen dat NetPumper en het bijbehorende Save programma's bevatten dat reclame laat zien op je pc.



Verwijder in ieder geval alles dat met deze twee programma's te maken heeft.

Pieter helpt je vast en zeker met de rest. (toch?)
 
Hoi com1000,

Probeer eerst SaveNow aka WhenUSave aka Save! te verwijderen in Configuratiescherm > software.

Vink de onderstaande in HijackThis aan, sluit alle vensters behalve HijackThis en klik op Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/MS-Connect/Portal/portal.html

O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll

O3 - Toolbar: SuperBar - {B7F6AB41-72EB-41B7-A85D-3DE2435ACEEB} - C:\Program Files\SuperBar\SuperBar.Dll

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [FILP] C:\WINDOWS\FILP.exe
O4 - HKLM\..\Run: [BIPWD] C:\WINDOWS\BIPWD.exe
O4 - HKLM\..\Run: [msbb] C:\PROGRA~1\KAZAAS~1\msbb.exe
O4 - HKLM\..\Run: [ecrkck] C:\DOCUME~1\peter\APPLIC~1\outhhoch.exe -QuieT
O4 - HKLM\..\Run: [MS-RunKey] C:\WINDOWS\System32\arr.exe

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.terra.es/personal9/centu.../mp3_plugin.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d5130.scrk.com
O17 - HKLM\Software\..\Telephony: DomainName = d5130.scrk.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DD3431C-9080-4925-8D58-223A43114B5D}: Domain = d5130.scrk.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d5130.scrk.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d5130.scrk.com

Start dan opnieuw op, liefst in veilige modus en verwijder:
C:\Program Files\MS-Connect <= de hele map
C:\Program Files\SuperBar <= de hele map
C:\Program Files\ISTsvc C:\Program Files\Save
C:\WINDOWS\System32\stcloader.exe
C:\Program Files\Save C:\Program Files\Save
C:\PROGRAM FILES\KAZAA SHARED\msbb.exe
C:\DOCUMENTS AND SETTINGS\peter\APPLICATION DATA\outhhoch.exe
C:\WINDOWS\System32\arr.exe
C:\DOCUMENTS AND SETTINGS\peter\LOCAL SETTINGS\Temp\Jdl1.exe <= best gooi je die map helemaal leeg, dus niet de map zelf verwijderen,maar alleen de inhoud.

Download Ad-Aware van lavasoft.usa.com
Na het installeren eerst updaten (het wereldbolletje rechtsboven) Start daarna het programma opnieuw op. "Scan Now" > "Select drives\folders to scan" > selecteer C: > 'next', en laat Ad-Aware scannen.
Dan geeft het een aantal gevonden items aan ( een heleboel waarschijnlijk) klik Next. Rechtsklik in het scherm met de gevonden items > "select all" > 'next'. Je krijgt dan de vraag of je alles wil verwijderen, klik OK en Finish.

Start daarna nog eens opnieuw op en verbaas je over de snelheid van je computer. :)

Groetjes,

Pieter
 
pieter waanzinnig bedankt
ga het zo spoedig mogelijk doen
thanks
 
Geplaatst door com1000
pieter waanzinnig bedankt
ga het zo spoedig mogelijk doen
thanks


nog even ter informatie pieter
ad aware had 386 items gevonden
de andere leden natuurlijk ook bedankt
 
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan