Vraag & Antwoord

Beveiliging & privacy

Startpagina wijzigt steeds

4 antwoorden
  • Mijn startpagina in IE veranderd steeds naar greatsearch.biz. Hier een HijackThis-logje Logfile of HijackThis v1.97.7 Scan saved at 19:01:02, on 11/04/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\windows\redirect7.exe C:\WINDOWS\reg33.exe C:\WINDOWS\dl.exe C:\WINDOWS\dlm.exe C:\WINDOWS\sxchost.exe C:\PROGRA~1\TRUSTM~1\tonsbeep.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\STU7W9AN\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\ieqa\ieqa32.dll O2 - BHO: (no name) - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll (file missing) O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\ieqa\mssearch.dll O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\ieqa\msiesh.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg33.exe O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe O4 - HKLM\..\Run: [File Plus] C:\PROGRA~1\TRUSTM~1\tonsbeep.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dl/adv9/x.chm::/load.exe O16 - DPF: {11111111-1111-1111-1111-115866545289} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f10213.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37739.3769675926 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 195.238.2.22 195.238.2.21 O17 - HKLM\System\CS1\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 195.238.2.22 195.238.2.21 Greetz #ohno#
  • CoolwebSearch. Download [url=http://www.spywareinfo.com/~merijn/files/CWShredder.exe]CWShredder[/url]. Start het programma, klik op de Fix-knop. Reboot. Run HijackThis nog een keertje en post een nieuwe log.
  • Gescant en hier een nieuwe log. Logfile of HijackThis v1.97.7 Scan saved at 19:37:49, on 11/04/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\windows\redirect7.exe C:\WINDOWS\sxchost.exe C:\PROGRA~1\TRUSTM~1\tonsbeep.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NRFBKQPF\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe O4 - HKLM\..\Run: [File Plus] C:\PROGRA~1\TRUSTM~1\tonsbeep.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dl/adv9/x.chm::/load.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37739.3769675926 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 195.238.2.22 195.238.2.21 O17 - HKLM\System\CS1\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 195.238.2.22 195.238.2.21 C14D9E6BA9E8}: NameServer = 195.238.2.22 195.238.2.21
  • Hallo #ohno#, Toch even je hulp nodig. Dit kan ik niet thuisbrengen: O4 - HKLM\..\Run: [File Plus] C:\PROGRA~1\TRUSTM~1\tonsbeep.exe Wat is de map TRUSTM~1 in c: Program Files ??? Kan jij ze identificeren? Feedback hierover graag. Sla HijackThis op in een eigen map. [b:3237b001e3]Niet op je bureaublad of in je Temp-files.[/b:3237b001e3] HijackThis maak namelijk backups in de map waar het opgestart wordt. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:3237b001e3] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/ O2 - BHO: (no name) - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll (file missing) O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe O4 - HKLM\..\Run: [File Plus] C:\PROGRA~1\TRUSTM~1\tonsbeep.exe (enkel al je hem niet kent...) O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dl/adv9/x.chm::/load.exe O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab [/b:3237b001e3] Als je dit gedaan hebt [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: redirect7.exe in C:\windows\ sxchost.exe in C:\WINDOWS\ Reboot, run HijackThis nog een keer en post een nieuwe log. Marc

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.