Vraag & Antwoord

Beveiliging & privacy

Na fixen met Hijack this nog steeds verandering van homepage

Anoniem
None
11 antwoorden
 • Ondanks het runnen van adware, spybot, regsupreme etc. wordt iedere keer na het rebooten mijn homepage verandert.
  Ik heb Hijack this ook uitgevoerd en de bestanden die hiermee te maken kunnen hebben verwijderd. Nadat ik dit heb gedaan start IE 1 keer normaal en wordt vervolgens de homepage toch weer verandert. Als ik na het verwijderen hijack this nog een keer laat scannen geeft ie weer precies dezelfde dingen aan die ik de keer ervoor heb verwijdert. Raarrr en erg irritant, kan iemand mij helpen??

  Onderstaand de Log van Hijack this:

  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Norton Internet Security\NISUM.EXE
  C:\Program Files\Norton Internet Security\ccPxySvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\WINDOWS\explorer.exe
  C:\Documents and Settings\P.R. van Breemen\Bureaublad\Nieuwe map\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\PR464C~1.VAN\BUREAU~1\DOWNLO~1\NIEUWE~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://neherkade.zapto.org/kxhcm10.ocx
  O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{87A62DAE-C214-43B9-99CA-7A44DA8ABE55}: NameServer = 195.121.1.34 195.121.1.66

  Alvast bedankt
 • Hallo ThaBastard,

  Download de nieuwste versie van HijackThis.
  Maak een nieuwe log en post deze.
  Download dit bestandje. Unzip het op je buroblad. Dubbelklik op appinit.bat. Er verschijnt een 'dos'box en dan wordt er een bestand aangemaakt dat windows.txt noemt. Open dit bestand en plak deze inhoud ook in je volgende post.

  Marc
 • Dit is de log van de nieuwste HT:

  Logfile of HijackThis v1.98.0
  Scan saved at 12:48:19, on 10-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Norton Internet Security\NISUM.EXE
  C:\Program Files\Norton Internet Security\ccPxySvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Documents and Settings\P.R. van Breemen\Bureaublad\HT\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.nl
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.nl
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.nl
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
  O2 - BHO: (no name) - {AA9EBBB9-4204-455C-A6C1-D00CEDA06BE1} - C:\WINDOWS\System32\afn.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [SpybotSnD] "C:\Documents and Settings\P.R. van Breemen\Bureaublad\Downloaded Programs\Nieuwe map\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
  O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://neherkade.zapto.org/kxhcm10.ocx
  O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{87A62DAE-C214-43B9-99CA-7A44DA8ABE55}: NameServer = 195.121.1.34 195.121.1.66
  O18 - Filter: text/html - {59488914-6812-4E9C-9248-6F35CAE39490} - C:\WINDOWS\System32\afn.dll
  O18 - Filter: text/plain - {59488914-6812-4E9C-9248-6F35CAE39490} - C:\WINDOWS\System32\afn.dll

  De tekst in de file van appini.bat verandert steeds en bestaat uit hele vage tekens, dit is de laatste:

  regf   Pugf hbin ¨ÿÿÿnk, ´4§®DÄ ÿÿÿÿ ÿÿÿÿÿÿÿÿ ð x ÿÿÿÿ 0 : Windows ÿÿÿsk x x Ô „¸ È  ¤    ! € ! ?     ?        Øÿÿÿvk :   fùAppInit_DLLs֍æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ l o g j . d l l t h Ðÿÿÿvk   ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 € ðÿÿÿ9 0 V Ðÿÿÿvk €'  ŒóGDIProcessHandleQuota·øÏàÿÿÿvk x  Ì”Spooleråðÿÿÿy e s Øáöw h Ø ( X àÿÿÿvk €  R¿swapdiskÐÿÿÿvk   kâTransmissionRetryTimeoutàÿÿÿh Ø ( X À Ðÿÿÿvk €'  Z3USERProcessHandleQuotaZuÀ

  Ik heb ook gekeken of er dap is geinstalleerd maar dat staat niet tussen mn
  software…….
  Thnx
 • Hallo ThaBastard,

  Download CWShredder.
  Gebruik CWShredder nog niet.

  Dowload Sphjfix.
  Unzip het programma en start het.
  Na een automatische reboot run je CWShredder.
  Reboot de computer opnieuw.
  Run HijackThis opnieuw en laat volgende items repareren:
  [b:c294fc962c]
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PR464C~1.VAN\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

  O2 - BHO: (no name) - {AA9EBBB9-4204-455C-A6C1-D00CEDA06BE1} - C:\WINDOWS\System32\afn.dll

  O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://neherkade.zapto.org/kxhcm10.ocx
  O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab

  O18 - Filter: text/html - {59488914-6812-4E9C-9248-6F35CAE39490} - C:\WINDOWS\System32\afn.dll
  O18 - Filter: text/plain - {59488914-6812-4E9C-9248-6F35CAE39490} - C:\WINDOWS\System32\afn.dll
  [/b:c294fc962c]

  Reboot de computer opnieuw.
  Run HijackThis nog een keer en post een nieuwe log.

  Verwijder windows.txt van je buroblad.
  Start appinit.bat nog een keer en post ook deze nieuwe log.

  DAP heeft hier niks mee te maken. Je hebt last van de about:blank hijack.
  Deze maakt in jouw geval gebruik van de verborgen installler. (zie de log van windows.txt)


  groeten,
 • Ik heb de stappen gevolgd, dit is de nieuwe HT log:

  Logfile of HijackThis v1.98.0
  Scan saved at 14:04:03, on 10-7-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Norton Internet Security\NISUM.EXE
  C:\Program Files\Norton Internet Security\ccPxySvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Documents and Settings\P.R. van Breemen\Bureaublad\HT\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.nl
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.nl
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.nl
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{87A62DAE-C214-43B9-99CA-7A44DA8ABE55}: NameServer = 195.121.1.34 195.121.1.66


  Dit is de nieuwe appini.bat log:

  regf    Pugf hbin ÿÿÿnk, ì[jtfÄ ÿÿÿÿ ÿÿÿÿÿÿÿÿ ¸ € ÿÿÿÿ 0 : Windows_Hijackedÿÿÿsk € € Ô „¸ È  ¤    ! € ! ?     ?        Øÿÿÿvk €  fùAppInit_DLLs֍æG p Ðÿÿÿvk Ð  ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 € ðÿÿÿ9 0 V Ðÿÿÿvk €'  ŒóGDIProcessHandleQuota·øÏàÿÿÿvk @  Ì”Spooleråðÿÿÿy e s Øáöw p ð h àÿÿÿvk €  R¿swapdiskÐÿÿÿvk à  kâTransmissionRetryTimeoutàÿÿÿp ð h ˆ Ø Ðÿÿÿvk €'  Z3USERProcessHandleQuotaZuø
 • Hallo ThaBastard,

  Mooi zo. [img:87a9d99a26]http://users.pandora.be/marcvn/Iconen/icon_thumb.gif[/img:87a9d99a26]
  Logjes zien er goed uit.
  Je probleem lijkt me opgelost.

  Als je deze niet zelf ingesteld hebt (met Spybot search & destroy) dan kan je ze ook laten repareren door HijackThis:
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

  groeten,
  Marc
 • Ok perfect, bedankt. Ben benieuwd hoe lang mn homepage normaal blijft :D

  Groet
 • Indien je overstapt op Firefox héél lang. :wink:
 • Ok, wat is Firefox?
 • een alternatieve browser, zie ook de site van mozilla
 • gebruik je bij het immuniseer gedeelte van spybot wel onderin die opties om je startpagina vast te zetten?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.