Vraag & Antwoord

Beveiliging & privacy

Startpagina verandert steeds terug.

4 antwoorden
  • Beste mensen hier een logje zouden jullie dit kunnen nakijken. [code:1:0bc0fb1836]Logfile of HijackThis v1.99.0 Scan saved at 20:44:00, on 11/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\unlodctl.exe C:\WINDOWS\system32\nlsfuncs.exe C:\WINDOWS\system32\pentxpl.exe C:\WINDOWS\system32\openconf.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {4A89E6A7-0478-44AC-8CA6-908092F39A2A} - C:\WINDOWS\system32\snnpapi.dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\system32\iecust.dll O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.63.219.181.7 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 69.50.166.94 69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{57A0852E-B3B7-4AB1-8DE3-FB49A307DD4D}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{69153EB6-269C-4D23-B211-518ADE778161}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A4BD94-25DA-44EF-9CB6-A2D727E59F38}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CS1\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 69.50.166.94 69.31.80.244 O18 - Filter: text/html - {4905C388-BEB5-4203-833B-DE595966B14C} - C:\WINDOWS\system32\snnpapi.dll O18 - Filter: text/plain - {4905C388-BEB5-4203-833B-DE595966B14C} - C:\WINDOWS\system32\snnpapi.dll O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe [/code:1:0bc0fb1836] mvg
  • Ik kijk hem wel.
  • Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Download [url=http://users.pandora.be/bluepatchy/www/remv3.zip]remv3.zip[/url] Unzip het. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:d37928ba51] R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {4A89E6A7-0478-44AC-8CA6-908092F39A2A} - C:\WINDOWS\system32\snnpapi.dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\system32\iecust.dll O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe O15 - Trusted Zone: http://*.63.219.181.7 O17 - HKLM\System\CCS\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 69.50.166.94 69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{57A0852E-B3B7-4AB1-8DE3-FB49A307DD4D}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{69153EB6-269C-4D23-B211-518ADE778161}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A4BD94-25DA-44EF-9CB6-A2D727E59F38}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CS1\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 69.50.166.94 69.31.80.244 O18 - Filter: text/html - {4905C388-BEB5-4203-833B-DE595966B14C} - C:\WINDOWS\system32\snnpapi.dll O18 - Filter: text/plain - {4905C388-BEB5-4203-833B-DE595966B14C} - C:\WINDOWS\system32\snnpapi.dll [/b:d37928ba51] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\redirect7.exe Nog steeds in veilige modus... Dubbelklik nu op remv3.bat. Laat de batfile zijn werk doen. Wanneer het dosvenster sluit, herstart je de computer in normale modus. Zoek dit bestand: C:\log.txt. Post de inhoud van log.txt samen met een nieuwe HijackThislog.
  • Heb ik nu gedaan, hier het gevraagde hijackthis-log [code:1:b22b733d03]Logfile of HijackThis v1.99.0 Scan saved at 14:20:16, on 12/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 69.50.166.94 69.31.80.244 O17 - HKLM\System\CS1\Services\Tcpip\..\{03D4A8BC-E2B2-451B-B74B-C14D9E6BA9E8}: NameServer = 69.50.166.94 69.31.80.244 O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe [/code:1:b22b733d03] en hier het andere logje [code:1:b22b733d03] Files Found................. ---------------------------------------- unlodctl.exe spnping.exe qappsrvc32.exe pentxpl.exe openconf.exe nlsfuncs.exe dx9vbc.dll dnsauth.dll taskopen.exe iecust.exe setvers.exe Files Not deleted................. ---------------------------------------- Merging registry entries ----------------------------------------------------------------- The Registry Entries Found... ----------------------------------------------------------------- Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting ----------------------------------------------------------------- hdgf.dll msbc.dll msef.dll msi.dll msij.dll msmn.dll msqr.dll Finished [/code:1:b22b733d03]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.