Vraag & Antwoord

Beveiliging & privacy

about blank

8 antwoorden
  • Ja weer 1. Heb verkeerde startpagina's. About blank, linksummary pfff gek wordt ik ervan. Heb image teruggezet maar niet geholpen. Forum bekeken, maar nog niet opgelost. Wie oh wie wil mij helpen?? Hier mijn log file. Welke acties moet ik nu doen??? Alvast bedankt. Logfile of HijackThis v1.98.2 Scan saved at 18:26:25, on 23-9-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\ewupdater.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE G:\diskeeper\DkService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe c:\windows\redirect9a.exe H:\downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [easywww] C:\WINDOWS\iewww.exe O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe O4 - HKLM\..\Run: [TrojanScanner] F:\Trojan Remover\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [redirect] c:\windows\redirect9a.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095875512117 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.cargodatasystems.com:9000/activex/AxisCamControl.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
  • Als er nog niemand gereageerd heeft voordat ik over een kwartiertje terug ben zal ik wel even voor je kijken, (kan dus zijn dat iemand anders me voor is)
  • kan het zijn dat de pc ook gigantisch traag word van die trojan??
  • zou goed kunnen, ik ben nu terug ik kijk even.
  • Deze kan ik niet thuisbrengen, laat hem even checken @kaspersky, c:\windows\redirect9a.exe http://www.kaspersky.com/remoteviruschk.html Sluit alle vensters en laat hijackthis deze repareren: [list:54c440f022][b:54c440f022]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O4 - HKLM\..\Run: [easywww] C:\WINDOWS\iewww.exe O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe [/b:54c440f022][/list:u:54c440f022] Herstart in de veilige modus en laat alle bestanden (en besturingssysteem bestanden) weergeven, verwijder indien aanwezig deze items: [list:54c440f022][b:54c440f022]C:\WINDOWS\iewww.exe <--- deze file C:\WINDOWS\ewupdater.exe <--- deze file[/b:54c440f022][/list:u:54c440f022] Post daarna een nieuwe log
  • oke, zal ik nu gelijk doen. redirect geeft kaspersky ok. Heb hem al eerder verwijderd, maar komt dus weer terug. tot zo.
  • Tja, heb alles gedaan, opnieuw opgestart maar weer about blank pagina en giga traag. Dit is nu mijn log' Logfile of HijackThis v1.98.2 Scan saved at 19:06:05, on 23-9-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\windows\redirect9a.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE G:\diskeeper\DkService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe H:\downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TrojanScanner] F:\Trojan Remover\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095875512117 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.cargodatasystems.com:9000/activex/AxisCamControl.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
  • Kijk hem weer door, Dat je nog about:blank pagina hebt komt omdat hijackthis na het verwijderen van de hijacker die pagina weer terug instelt, hij moet namelijk een startpagina instellen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.