Vraag & Antwoord

Beveiliging & privacy

vervelende vreemde startpagina

7 antwoorden
  • Evenals een aantal voorgangers had ik opeens een andere startpagina, die zich niet laat verweideren. Ik heb het met adaware en spybot geprobeerd. Op het forum las ik dat het met Hijack wel zou lukken. Ik heb het prog. geinstallerd en uitgevoerd, maar nu??? Logfile of HijackThis v1.97.7 Scan saved at 17:41:16, on 26-2-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB01.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE C:\PROGRAM FILES\FAST DEFRAG\FAST2.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE C:\WINDOWS\SYSTEM\HPZSTC01.EXE C:\WINDOWS\SYSTEM\HPZSTATX.EXE C:\WINDOWS\DESKTOP\WERKMAP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nkvd.us/s.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nkvd.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nkvd.us/s.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html F1 - win.ini: run=fntldr.exe C:\WINDOWS\svcpack.exe O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Soundmx] \soundmx.exe O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcpack.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [Nuria] C:\PROGRAM FILES\IPING\NURIA\launch.exe O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O13 - WWW Prefix: http://www.nkvd.us/ O13 - Home Prefix: http://www.nkvd.us/ O13 - Mosaic Prefix: http://www.nkvd.us/ O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial/058361nl.exe O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM) Wie Helpt Bennie
  • Ik weet het niet zeker, maar volgens mij is die nkvd de oorzaak, ff wachten op de echte experts... Hansje
  • Repareer dit en start opnieuw op, maak een nieuwe LOG en plaats deze weer online. succes, NoNoAD R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nkvd.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nkvd.us/s.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nkvd.us/s.htm R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm O13 - WWW Prefix: http://www.nkvd.us/ O13 - Home Prefix: http://www.nkvd.us/ O13 - Mosaic Prefix: http://www.nkvd.us/ O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial/058361nl.exe
  • Bennie, Ik heb je log vlug even bekeken en stel vast dat je last hebt van een trojan en van CoolWebsearch. Daarom stel ik het volgende voor te doen: (de meeste rotzooi in de R0, R1, O13 en de O19 items zal dan wel weg zijn) 1. Download eerst [url=http://www.spywareinfo.com/~merijn/files/CWShredder.exe]CWShredder[/url]. Run het programma en klik op fix. 2. Run vervolgens HijackThis en laat het volgende eerst repareren: O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe (=trojan) O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE (=dialer) O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial/058361nl.exe 3. Zorg dat alle verborgen bestanden weergegeven worden. Reboot de pc in veilige modus en verwijder het volgende: het bestand dxsound.exe in de map C:\windows\ het bestand NsUpdate.exe in de map C:\WINDOWS 4. Reboot. Run HijackThis nog een keer en post een nieuwe log. Dan kan / gaan we zien wat er eventueel nog weg kan.
  • Ik sluit me helemaal aan mij marc het is een betere oplossing. gr, NoNoAD
  • Na heel wat huiswerk is het toch gelukt! Logfile of HijackThis v1.97.7 Scan saved at 16:31:50, on 1-3-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB01.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE C:\PROGRAM FILES\FAST DEFRAG\FAST2.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE C:\WINDOWS\DESKTOP\WERKMAP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = http://www.microsoft.com/Msoffice/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [Nuria] C:\PROGRAM FILES\IPING\NURIA\launch.exe O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Moet er nog meer gebeuren? Bennie
  • Probleem opgelost? Haal nog wel even de nieuwste update binnen voor je Internet explorer. (via windows update).

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.