Vraag & Antwoord

Beveiliging & privacy

Startpagina

31 antwoorden
  • Sinds kort krijg ik in IE een startpagina waar ik niet om gevraagt heb. Bij internet-opties in het Menu Extra kan ik wijzigen wat ik wil, maar elke keer komt diezelfde startpagina weer te voorschijn. Moet ik iets in het register wijzigen of zo ? (Draai met XP) Drifter
  • Wat is de naam van de startpagina?
  • Hij staat ingesteld op "about blank". maar er verschijnt in soort search pagina met allerlei zoekonderwerpen, alles in het Engels. Bovenin een boxje "search the web" Drifter
  • Download [url=http://www.spywareinfo.com/~merijn/files/HijackThis.exe]HijackThis[/url]. Run het programma. Klik op scan, save log en sla het log op als een .txt bestand. Kopieer en plak de inhoud in je volgende bericht. Dan halen wij de sleutels eruit voor je.
  • Bedankt. Kom zo bij je terug. (koffie!) Drifter
  • Hier het Log... Logfile of HijackThis v1.98.0 Scan saved at 10:57:31, on 10-7-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\BITWARE\NT\bwprnmon.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\FILTER~1\filtergate.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\ntvdm.exe C:\Corel\Graphics8\Programs\MFIndexer.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Hans\Mijn documenten\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Verkenner van Hans R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 255.255.255.255 www.casinoxo.com O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0E69F574-B04C-4AD6-A4B4-B49F54C6AC6E} - C:\WINDOWS\System32\iasprad.dll (file missing) O2 - BHO: (no name) - {4A37FB38-F0BE-4761-BC01-EE1197BF0A1D} - C:\WINDOWS\mrhop.dll O3 - Toolbar: (no name) - {1714AFC3-865D-4B58-9121-C1D904BFD5D5} - (no file) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [FilterGate] C:\PROGRA~1\FILTER~1\filtergate.exe /ASK O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Spam Buster.lnk = C:\Program Files\SpamBuster\spamBuster.exe O4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\TeleText\WebServer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Alle links in deze pagina openen... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Markeren - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Toevoegen aan Reclame Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Zoeken - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Winipcfg - {AE93DE97-61C4-46DA-888D-A0A658C32814} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BF525806-5A7D-45F1-BD25-7191D19D753A}: NameServer = 194.134.5.5 194.134.5.55 O18 - Filter: text/html - {497ED4A3-05F9-41A6-8FA5-6D34214AF7BF} - C:\WINDOWS\mrhop.dll O18 - Filter: text/plain - {497ED4A3-05F9-41A6-8FA5-6D34214AF7BF} - C:\WINDOWS\mrhop.dll Drifter
  • ik kijk ff
  • ga naar het configuratie scherm, dan naar software en deinstaleer dap indien aanwezig. daarna run je hjt opnieuw en fix je de volgende items indien aanwezig: [list:6ba98f66d4]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Hans\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O1 - Hosts: 255.255.255.255 www.casinoxo.com O2 - BHO: (no name) - {0E69F574-B04C-4AD6-A4B4-B49F54C6AC6E} - C:\WINDOWS\System32\iasprad.dll (file missing) O2 - BHO: (no name) - {0E69F574-B04C-4AD6-A4B4-B49F54C6AC6E} - C:\WINDOWS\System32\iasprad.dll (file missing) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Alle links in deze pagina openen... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Markeren - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Toevoegen aan Reclame Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Zoeken - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl[/list:u:6ba98f66d4] dan reboot je en maak je een nieuwe log en die post je hier. onderstaande heb ik bedenkineng bij, ik zal op onderzoek uitgaan voor je. [list:6ba98f66d4]O2 - BHO: (no name) - {4A37FB38-F0BE-4761-BC01-EE1197BF0A1D} - C:\WINDOWS\mrhop.dll O9 - Extra button: Winipcfg - {AE93DE97-61C4-46DA-888D-A0A658C32814} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU) O18 - Filter: text/html - {497ED4A3-05F9-41A6-8FA5-6D34214AF7BF} - C:\WINDOWS\mrhop.dll O18 - Filter: text/plain - {497ED4A3-05F9-41A6-8FA5-6D34214AF7BF} - C:\WINDOWS\mrhop.dll[/list:u:6ba98f66d4]
  • O9 - Extra button: Winipcfg - {AE93DE97-61C4-46DA-888D-A0A658C32814} - C:\WINDOWS\WINIPCFG.EXE (file missing) (HKCU) is kans dat die van een backdoor is, niet in hjt verwijderen maar een [url=http://housecall.trendmicro.com/housecall/start_corp.asp]online scan[/url] doen
  • Voor de zekerheid....... Bedoel je met dap.. de Download Accelerator Plus ??? Drifter
  • deze ook fixen: O2 - BHO: (no name) - {4A37FB38-F0BE-4761-BC01-EE1197BF0A1D} - C:\WINDOWS\mrhop.dll O18 - Filter: text/html - {497ED4A3-05F9-41A6-8FA5-6D34214AF7BF} - C:\WINDOWS\mrhop.dll O18 - Filter: text/plain - {497ED4A3-05F9-41A6-8FA5-6D34214AF7BF} - C:\WINDOWS\mrhop.dll daarna in safe mode de volgende file verwijderen: C:\WINDOWS\mrhop.dll <--- dit bestand deze is van dap: O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm en dat is idd die download manager "download accelerator plus". dat is rommel en kan je beter niet gebruiken :wink:
  • House Call had ik er al eerder overheen laten lopen. Maar nix bijzonders gevonden. Heb nu DAP er af gegooid en ga nu rebooten. Hoe je op de hoogte. Drifter
  • 8) Heb het tuig gevonden.......... Zie....http://www.pandasoftware.com/virus_info/encyclopedia/ficha.aspx?iddeteccion=105595 Hoop dat ik er van af ben. Drifter
  • Signature van Herman Finkers "gejat" ? :wink:
  • Tja, maar in Nijkerk zit er tenminste nog Oranje tussen.. Drifter
  • Als je nu eens gewoon zou scannen met Ad-Aware, dan is het normaal toch ook opgelost... (bij mij werkte het toch met hetzelfde probleem)
  • Hallo, Voor mij een soortgelijk probleem; Bij mij wordt constant de startpagina vervangen door c:/program files/clicktoenter/firstportal. en dat is een of andere startsite. Waar ik nu natuurlijk nooit meer heen zou gaan. eikels. Die map is dus ook daadwerkelijk op de comp geinstalleerd. Ik heb spybot, ad-aware en de google toolbar met popupblokker geinstalleerd en nog vind ie elke keer weer rotzooi. Reg entry's, quickswitch dialers etc. Cwshredder vond niets. En met het logfile kan ik niets , dat is echt abra cadabra voor mij. :-? ik heb gezocht op alle bestanden met die namen enzo maar niks gevonden. Het is een vrij nieuwe pc met win 2000 prof erop. --- [b:409f89ea2c]Ik kreeg de tip om hier mijn logfile van hijackthis te plaatsen zoals hier boven ook al is gebeurt. Ik hoop dat jullie mij dan ook verder kunnen helpen. Vriendelijk dank alvast :) [/b:409f89ea2c] ----- Logfile of HijackThis v1.97.7 Scan saved at 19:38:15, on 21-7-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINNT\system32\nvsvc32.exe C:\PROGRA~1\OUTPOS~1.0\outpost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\NORMAN\Nvc\BIN\cclaw.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINNT\system32\srv.exe C:\WINNT\system32\internat.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINNT\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\WinZip\winzip32.exe D:\Setup Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [Classes] C:\WINNT\system32\srv.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37670.1151736111 O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E0C5E8B8-C1C3-494F-A15B-269860B2DAAC}: NameServer = 212.142.8.1,212.142.28.130
  • Ga naar Start - Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer Switch. Herstart en draai een nieuw hijacklog en plaats dat in je volgende bericht.
  • misschien beter in een eigen draadje?
  • Bedankt voor de snelle reply. Als dit in een nieuwe topic thuishoort wil ik die best openen, of dat de mod deze verplaatst/hernoemt. Switch is verwijderd en dit is het nieuwe log: Logfile of HijackThis v1.97.7 Scan saved at 14:14:05, on 22-7-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Norman\NVC\BIN\Zanda.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINNT\system32\nvsvc32.exe C:\PROGRA~1\OUTPOS~1.0\outpost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\NORMAN\nvc\BIN\NJEEVES.EXE C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\NORMAN\Nvc\BIN\ZLH.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\NORMAN\Nvc\BIN\cclaw.exe C:\NORMAN\Nvc\BIN\NYMSE.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINNT\system32\internat.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Setup Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37670.1151736111 O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E0C5E8B8-C1C3-494F-A15B-269860B2DAAC}: NameServer = 212.142.8.1,212.142.28.130

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.