google laadt niet, redirect naar findgala

beste mensen, hallo,

windows xp gebruiker. bij opstarten van internet pakt pc niet mijn startpagina (www.google.nl). Intoetsen google.com wordt geredirect naar findgala. en google wordt ook niet gevonden via altavista bijvoorbeeld. andere sites , volkskrant bijv., geven geen probleem. findgala is de boosdoener.

dus jullie stappenplan gevolgd, zoals hiervoor beschreven ( exclusief java-plug leegmaken, is niet geinstalleerd). punt 4, met housecall de on-line scan gemaakt..geen dingen gevonden..

punt 5 (Malwarebytes anti-Malware) en punt 6 (Hijack this) leveren de volgende resultaten (logsfiles) op.

hoe nu verder….yaow,….vast hartelijk dank,

Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:20:45, on 5-8-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 188.124.7.190 www.google.com

O1 - Hosts: 188.124.7.190 google.com

O1 - Hosts: 188.124.7.190 google.com.au

O1 - Hosts: 188.124.7.190 www.google.com.au

O1 - Hosts: 188.124.7.190 google.be

O1 - Hosts: 188.124.7.190 www.google.be

O1 - Hosts: 188.124.7.190 google.com.br

O1 - Hosts: 188.124.7.190 www.google.com.br

O1 - Hosts: 188.124.7.190 google.ca

O1 - Hosts: 188.124.7.190 www.google.ca

O1 - Hosts: 188.124.7.190 google.ch

O1 - Hosts: 188.124.7.190 www.google.ch

O1 - Hosts: 188.124.7.190 google.de

O1 - Hosts: 188.124.7.190 www.google.de

O1 - Hosts: 188.124.7.190 google.dk

O1 - Hosts: 188.124.7.190 www.google.dk

O1 - Hosts: 188.124.7.190 google.fr

O1 - Hosts: 188.124.7.190 www.google.fr

O1 - Hosts: 188.124.7.190 google.ie

O1 - Hosts: 188.124.7.190 www.google.ie

O1 - Hosts: 188.124.7.190 google.it

O1 - Hosts: 188.124.7.190 www.google.it

O1 - Hosts: 188.124.7.190 google.co.jp

O1 - Hosts: 188.124.7.190 www.google.co.jp

O1 - Hosts: 188.124.7.190 google.nl

O1 - Hosts: 188.124.7.190 www.google.nl

O1 - Hosts: 188.124.7.190 google.no

O1 - Hosts: 188.124.7.190 www.google.no

O1 - Hosts: 188.124.7.190 google.co.nz

O1 - Hosts: 188.124.7.190 www.google.co.nz

O1 - Hosts: 188.124.7.190 google.pl

O1 - Hosts: 188.124.7.190 www.google.pl

O1 - Hosts: 188.124.7.190 google.se

O1 - Hosts: 188.124.7.190 www.google.se

O1 - Hosts: 188.124.7.190 google.co.uk

O1 - Hosts: 188.124.7.190 www.google.co.uk

O1 - Hosts: 188.124.7.190 google.co.za

O1 - Hosts: 188.124.7.190 www.google.co.za

O1 - Hosts: 188.124.7.190 www.google-analytics.com

O1 - Hosts: 188.124.7.190 www.bing.com

O1 - Hosts: 188.124.7.190 search.yahoo.com

O1 - Hosts: 188.124.7.190 www.search.yahoo.com

O1 - Hosts: 188.124.7.190 uk.search.yahoo.com

O1 - Hosts: 188.124.7.190 ca.search.yahoo.com

O1 - Hosts: 188.124.7.190 de.search.yahoo.com

O1 - Hosts: 188.124.7.190 fr.search.yahoo.com

O1 - Hosts: 188.124.7.190 au.search.yahoo.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)

O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)

O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260890215328

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D029B70-1EA0-4575-91E0-8D691EDDCAAF}: NameServer = 192.168.1.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

–

End of file - 9001 bytes

Log Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.44

Database versie: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5-8-2010 23:15:32

mbam-log-2010-08-05 (23-15-32).txt

Scan type: Snelle Scan

Objecten gescand: 105636

Verstreken tijd: 6 minute(s), 35 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd: