• De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

pagina afsluiten dringend hulp gevraagd

Status
Niet open voor verdere reacties.

noelderks

Junior lid
Lid geworden
12 jun 2008
Berichten
39
Waarderingsscore
0
hallo
Telkens als ik een pagina van internet weg wil doen krijg ik een lege pagina kent iemand dit probleem en moet via taakbeheer deze lege pagina wegdoen
graag hulp gevraagd aub

gr
noel
 
Je krijgt steeds een aboutblank:
Het kan idd zijn dat er iets in je IE niet goed zit, maar het kan ook malware zijn.
Post voor de zekerheid een hijack this log i.v.m about buster virus.
 
hijack this van noel
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:59, on 2/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
G:\programmas noel\Systweak\Advanced Vista Optimizer 2008\AVO.exe
C:\Program Files (x86)\Telenet Security Pack\Common\FSM32.EXE
C:\Program Files (x86)\Cyberlink\PowerCinema\PCMService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Easy Computing\PC Cleaner 3.0\Shield.exe
C:\Program Files (x86)\Telenet Security Pack\FSGUI\fsguidll.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Telenet Security Pack\FSGUI\scanwizard.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~2\EASYCO~1\PCCLEA~1.0\Blocker.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Telenet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Telenet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Easy Computing Popup Blocker] RunDll32.exe C:\PROGRA~2\EASYCO~1\PCCLEA~1.0\Blocker.dll,Run
O4 - HKLM\..\Run: [SpyWare Shield] "C:\Program Files (x86)\Easy Computing\PC Cleaner 3.0\Shield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files (x86)\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [AVO Ram Optimizer] g:\programmas noel\systweak\advanced vista optimizer 2008\AVO.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Memeo AutoBackup Pro Launcher.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files (x86)\Telenet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files (x86)\Telenet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files (x86)\Telenet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PC Cleaner 3.0 Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~2\EASYCO~1\PCCLEA~1.0\Blocker.dll
O9 - Extra 'Tools' menuitem: Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~2\EASYCO~1\PCCLEA~1.0\Blocker.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\ORSP Client\fsorsp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 10477 bytes
 
Volgende keer zelf even door de hijack this kleurcoder halen :)

[hjt]
hijack this van noel
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:59, on 2/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
g:\programmas noel\systweak\advanced vista optimizer 2008\avo.exe
c:\program files (x86)\telenet security pack\common\fsm32.exe
c:\program files (x86)\cyberlink\powercinema\pcmservice.exe
c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe
c:\windows\syswow64\rundll32.exe
c:\program files (x86)\easy computing\pc cleaner 3.0\shield.exe
c:\program files (x86)\telenet security pack\fsgui\fsguidll.exe
c:\program files (x86)\windows live\messenger\msnmsgr.exe
c:\program files (x86)\windows live\contacts\wlcomm.exe
c:\program files (x86)\internet explorer\ieuser.exe
c:\program files (x86)\telenet security pack\fsgui\scanwizard.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\microsoft office\office12\onenotem.exe
c:\windows\syswow64\conime.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://google.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe
o1 - hosts: ::1 localhost
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: acronis popup blocker - {e24ad748-155e-4254-b674-4edf86e7e1df} - c:\progra~2\easyco~1\pcclea~1.0\blocker.dll
o4 - hklm\..\run: [f-secure manager] c:\program files (x86)\telenet security pack\common\fsm32.exe /splash
o4 - hklm\..\run: [f-secure tnb] c:\program files (x86)\telenet security pack\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hklm\..\run: [pcmservice] c:\program files (x86)\cyberlink\powercinema\pcmservice.exe
o4 - hklm\..\run: [groovemonitor] c:\program files (x86)\microsoft office\office12\groovemonitor.exe
o4 - hklm\..\run: [acronis scheduler2 service] c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe
o4 - hklm\..\run: [easy computing popup blocker] rundll32.exe c:\progra~2\easyco~1\pcclea~1.0\blocker.dll,run
o4 - hklm\..\run: [spyware shield] c:\program files (x86)\easy computing\pc cleaner 3.0\shield.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [driverupdaterpro] c:\program files (x86)\xpc tools\driver updater pro\driverupdaterpro.exe -t
o4 - hkcu\..\run: [avo ram optimizer] g:\programmas noel\systweak\advanced vista optimizer 2008\avo.exe -s
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - startup: memeo autobackup pro launcher.lnk = ?
o4 - startup: onenote 2007 screen clipper and launcher.lnk = c:\program files (x86)\microsoft office\office12\onenotem.exe
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~2\micros~2\office12\excel.exe/3000
o9 - extra button: ouderlijk... - {200db664-75b5-47c0-8b45-a44accf73c00} - c:\program files (x86)\telenet security pack\fspc\fspcmsie.dll
o9 - extra button: (no name) - {200db664-75b5-47c0-8b45-a44accf73f01} - c:\program files (x86)\telenet security pack\fspc\fspcmsie.dll
o9 - extra 'tools' menuitem: ouderlijk... - {200db664-75b5-47c0-8b45-a44accf73f01} - c:\program files (x86)\telenet security pack\fspc\fspcmsie.dll
o9 - extra button: send to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: s&end to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~2\office12\onbttnie.dll
o9 - extra button: pc cleaner 3.0 pop-ups blokkeren - {2e071adc-adf8-4b4b-8acb-edc49e6d45a2} - c:\progra~2\easyco~1\pcclea~1.0\blocker.dll
o9 - extra 'tools' menuitem: pop-ups blokkeren - {2e071adc-adf8-4b4b-8acb-edc49e6d45a2} - c:\progra~2\easyco~1\pcclea~1.0\blocker.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~2\office12\refiebar.dll
o13 - gopher prefix:
o16 - dpf: {1e54d648-b804-468d-bc78-4affed8e262e} (system requirements lab) - [noparse]http://www.nvidia.com/content/driver...sysreqlab3.cab[/noparse]
o16 - dpf: {74dbcb52-f298-4110-951d-ad2ff67bc8ab} (nvidia smart scan) - [noparse]http://www.nvidia.com/content/driver...asmartscan.cab[/noparse]
o16 - dpf: {cf40acc5-e1bb-4aff-ac72-04c2f616bca7} (get_atlcom class) - [noparse]http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/ge...sh/swflash.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files (x86)\microsoft office\office12\groovesystemservices.dll
o23 - service: acronis scheduler2 service (acrsch2svc) - acronis - c:\program files (x86)\common files\acronis\schedule2\schedul2.exe
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: cyberlink background capture service (cbcs) (clcapsvc) - unknown owner - c:\program files (x86)\cyberlink\powercinema\kernel\tv\clcapsvc.exe
o23 - service: cyberlink task scheduler (cts) (clsched) - unknown owner - c:\program files (x86)\cyberlink\powercinema\kernel\tv\clsched.exe
o23 - service: @dfsrres.dll,-101 (dfsr) - unknown owner - c:\windows\system32\dfsr.exe (file missing)
o23 - service: fsgkhs (f-secure gatekeeper handler starter) - f-secure corporation - c:\program files (x86)\telenet security pack\anti-virus\fsgk32st.exe
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: f-secure automatic update agent (fsaua) - f-secure corporation - c:\program files (x86)\telenet security pack\fsaua\program\fsaua.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files (x86)\telenet security pack\fwes\program\fsdfwd.exe
o23 - service: f-secure management agent (fsma) - f-secure corporation - c:\program files (x86)\telenet security pack\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files (x86)\telenet security pack\orsp client\fsorsp.exe
o23 - service: getplus(r) helper - nos microsystems ltd. - c:\program files (x86)\nos\bin\getplus_helpersvc.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nvidia display driver service (nvsvc) - unknown owner - c:\windows\system32\nvvsvc.exe (file missing)
o23 - service: process activity monitor (paamsrv) - unknown owner - c:\program files (x86)\common files\acronis\processactivitymonitor\paamsrv.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files (x86)\cyberlink\shared files\richvideo.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\slsvc.exe,-101 (slsvc) - unknown owner - c:\windows\system32\slsvc.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
o23 - service: marvell yukon service (yksvc) - unknown owner - rundll32.exe (file missing)
--
end of file - 10477 bytes
[/hjt]

Nu even wachten op de expers die dit kunnen lezen.
 
Hi,

Je log staat hier eigenlijk verkeerd, maar dat komt ook een beetje door mij.
We beginnen makkelijk.
Open IE en ga naar Extra > Internet opties > Tabblad Geavanceerd, dan onderaan de optie Opnieuw instellen....
Herstart IE en kijk of het weg is.
Zelf zie ik in je log niks van malware, maar ik ben ook geen expert.
 
dit helpt niets
toch bedankt
 
Door dat je een IE reset hebt gedaan weten we al dat het daar dus niet aan ligt.
Je kunt het standaard stappen plan doen.

Clean up met ATF link
Doe eens scan met malwarebytes link
Post het log je van malwarebytes in het hijack this link
 
krijg log file van malware daar niet geplaast

[hjt]
malwarebytes' anti-malware 1.31
database versie: 1596
windows 6.0.6001 service pack 1
2/01/2009 19:28:58
pc gegevens van nol.txt
scan type: volledige scan (c:\|d:\|g:\|)
objecten gescand: 524061
verstreken tijd: 1 hour(s), 33 minute(s), 44 second(s)
geheugenprocessen genfecteerd: 0
geheugenmodulen genfecteerd: 0
registersleutels genfecteerd: 0
registerwaarden genfecteerd: 0
registerdata bestanden genfecteerd: 1
mappen genfecteerd: 0
bestanden genfecteerd: 2
geheugenprocessen genfecteerd:
(geen kwaadaardige items gevonden)
geheugenmodulen genfecteerd:
(geen kwaadaardige items gevonden)
registersleutels genfecteerd:
(geen kwaadaardige items gevonden)
registerwaarden genfecteerd:
(geen kwaadaardige items gevonden)
registerdata bestanden genfecteerd:
hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\noactivedesktopchanges (hijack.displayproperties) -> bad: (1) good: (0) -> no action taken.
mappen genfecteerd:
(geen kwaadaardige items gevonden)
bestanden genfecteerd:
c:\backup-000\noel\appdata\local\microsoft\windows\temporary internet files\content.ie5\d3cbge3x\setupxv[1].exe (rogue.installer) -> no action taken.
g:\users\noel\documents\users\noel\appdata\local\microsoft\windows\temporary internet files\content.ie5\d3cbge3x\setupxv[1].exe (rogue.installer) -> no action taken.

[/hjt]
 
Hi,

Je bent vergeten om bij malwarebytes de optie verwijder geselecteerde te gebruiken.
Doe nog eens de scan en verwijder dan de geselecteerde.
 
[hjt]
malwarebytes' anti-malware 1.31
database versie: 1597
windows 6.0.6001 service pack 1
2/01/2009 20:35:22
mbam-log-2009-01-02 (20-35-22).txt
scan type: volledige scan (c:\|d:\|)
objecten gescand: 160411
verstreken tijd: 36 minute(s), 41 second(s)
geheugenprocessen genfecteerd: 0
geheugenmodulen genfecteerd: 0
registersleutels genfecteerd: 0
registerwaarden genfecteerd: 0
registerdata bestanden genfecteerd: 0
mappen genfecteerd: 0
bestanden genfecteerd: 0
geheugenprocessen genfecteerd:
(geen kwaadaardige items gevonden)
geheugenmodulen genfecteerd:
(geen kwaadaardige items gevonden)
registersleutels genfecteerd:
(geen kwaadaardige items gevonden)
registerwaarden genfecteerd:
(geen kwaadaardige items gevonden)
registerdata bestanden genfecteerd:
(geen kwaadaardige items gevonden)
mappen genfecteerd:
(geen kwaadaardige items gevonden)
bestanden genfecteerd:
(geen kwaadaardige items gevonden)

[/hjt]
 
Het probleem is er nog neem ik aan.
De blanco pagina is dat puur alleen als je de IE afsluit ?
Heb je verder nergens last van.
 
het schijnt opgelost te zijn
bedankt voor je goede hulp

groetjes
noel
 
Oke mooi dan.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan