Vraag & Antwoord

Beveiliging & privacy

Startportal verwijderen?

2 antwoorden
  • Hier is het dan, ik heb al gezien dat die code.exe dus toch nog aanwezig is. Logfile of HijackThis v1.97.3 Scan saved at 16:02:41, on 23-10-2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Program Files\NORTON\Norton AntiVirus\Norton.Antivirus.2004.PRO\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\NORTON\Norton AntiVirus\Norton.Antivirus.2004.PRO\SAVScan.exe E:\RECYCLER\S-1-5-21-1645522239-1580436667-854245398-500\De1\Photodex\ProShowGold\scsiaccess.exe C:\WINDOWS\system32\slserv.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Logitech\iTouch\iTouch\iTouch.exe E:\Logitech\Mouse\MouseWare\system\em_exec.exe E:\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe E:\Keytext\kt2k224\KeyText\KeyText.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\clipsrv.exe E:\Babylon\Babylon.exe E:\FlashGet\flashget.exe E:\TrayDay\trayd65\TrayDay\TrayDay.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe E:\Hijjackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jecomputerisjelot.nl/JeComputerIsJeLot/algemeen/default.aspx?edt=msg&id=reg_new R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SpyBot\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\NORTON\Norton AntiVirus\Norton.Antivirus.2004.PRO\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\NORTON\Norton AntiVirus\Norton.Antivirus.2004.PRO\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - G:\BACKUP~1\Linkman\lkmn65\Linkman\LINKMA~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: myfastaccess - {8C6685AB-43FF-4BF0-822C-03F03E0B47EA} - C:\WINDOWS\System32\myfastaccess.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BootWarn] C:\Program Files\NORTON\Norton AntiVirus\Norton.Antivirus.2004.PRO\BootWarn.exe /a O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Diskstart] C:\WINDOWS\System32\code.exe O4 - HKCU\..\Run: [Linkman] G:\BACKUP ZAAIJER default\Linkman\lkmn65\Linkman\Linkman.exe O4 - HKCU\..\Run: [LDM] E:\Logitech\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: KeyText.lnk = E:\Keytext\kt2k224\KeyText\KeyText.exe O4 - Startup: TrayDay.lnk = E:\TrayDay\trayd65\TrayDay\TrayDay.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html O8 - Extra context menu item: Ontvang alles met FlashGet - E:\FlashGet\jc_all.htm O8 - Extra context menu item: Ontvang met FlashGet - E:\FlashGet\jc_link.htm O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Launch Copernic 2001 (HKLM) O9 - Extra button: Copernic (HKLM) O9 - Extra button: Snippets (HKLM) O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {06EE5631-8B69-4BF6-A531-91BDDF785734} (chelloInstall.Install) - http://quickfix.chello.nl/esupport/asp/chelloInstall.CAB O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/dlaccell.CAB O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/dutch/TemplateGallery/msotd.cab O16 - DPF: {68529243-34D9-40B0-AD0C-68CA4471E153} (PowerWeb.Web_Power) - http://www.subitosex.com/cab/LM_sex/WebPower.CAB O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/deleon/1.1.62-deleon/GoogleNav.cab O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.e-leren.be/setup/tsccinst.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37587.0742939815 O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab O16 - DPF: {F264E777-7AB7-4BEB-8A42-5C37C8F4B6B4} - http://www.my-enotes.com/install/enotebar.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  • Msportal mag duidelijk zijn verder nog wat dialers en ander spyware rommel. Heb je al die toolbars bewust geinstalleerd? Sluit de browser en andere programma's af behave hijackthis en vink die regels aan die hier onderstaan beschreven en klik op fix checked en start daarna opnieuw op. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html O4 - HKLM\..\Run: [Diskstart] C:\WINDOWS\System32\code.exe O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/dlaccell.CAB O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab O16 - DPF: {68529243-34D9-40B0-AD0C-68CA4471E153} (PowerWeb.Web_Power) - http://www.subitosex.com/cab/LM_sex/WebPower.CAB O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab Verwijder na de herstart: C:/Program Files/Startportal <=de hele map C:\WINDOWS\System32\code.exe <= dit file Als je met Spybot bewust de immuniseer functie hebt gebruikt kun je deze laten staan, anders ook fixen door HJT O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present In de running processes zie een bestand dat dat vanuit de prullebak draait??? E:\RECYCLER\S-1-5-21-1645522239-1580436667-854245398-500\De1\Photodex\ProShowGold\scsiaccess.exe

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.