Vraag & Antwoord

Beveiliging & privacy

C:\Program Files\QuickPage\Portal\portal.html -als startpage

Anoniem
None
7 antwoorden
 • wie kan mij helpen met het `startportaal probleem`ik merk dat ik niet de enige ben en heb inmiddels 2 `startportaal`gefixst. wie kan er ook ff naar de rest kijken zodat hij werkelijk niet meer terug komt=
  Hieronder mijn log. Alvast bedankt voor de moeite. Groet Bart

  Logfile of HijackThis v1.97.3
  Scan saved at 17:54:34, on 19-2-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\RaboCommSrv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
  C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
  C:\WINDOWS\SM1BG.EXE
  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  C:\WINDOWS\System32\ru.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Grisoft\AVG6\avgw.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Documents and Settings\Eigenaar\Mijn documenten\BART\download\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 8061232103
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - (no file)
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
  O2 - BHO: Veevo Library - {6E34D984-4054-45E3-8452-0159A2F0D232} - C:\WINDOWS\System32\Veevo.dll
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
  O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
  O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
  O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
  O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  O4 - HKLM\..\Run: [Quicktlme] C:\WINDOWS\System32\ru.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: PopupPopper Configuratiescherm (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O16 - DPF: {11EC003D-C1FA-4C18-AB6D-C5D1E6F281CE} - http://cab.accesorapido.com/mp3bankilse.cab
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
  O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1074258940546
  O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
 • Dag,

  ondanks een firewall. spuwareprogramma, virusscanner krijg ik steeds als startpagina in IE C:\Program Files\QuickPage\Portal\portal.html

  Hoe krijg ik dit weg?

  Groeten
  Arnold
 • http://www.pchelper.nl/forum/index.php?showtopic=3169
 • Quickpage is de nieuwe variant van Ms-Connect of Startportal.
  Download HijackThis.
  Unzip en run het programma. Klik op scan, save log en sla het log op als een .txt bestand.
  Kopieer en plak de inhoud in je volgende bericht.

  Mocht bovengenoemde link niet werken, probeer dan deze.
 • Logfile of HijackThis v1.97.7
  Scan saved at 17:20:06, on 19-2-2004
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
  C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
  C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
  C:\Program Files\Altnet\Points Manager\Points Manager.exe
  C:\Program Files\Common files\updmgr\updmgr.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\WINDOWS\System32\ru.exe
  C:\WINDOWS\system32\SWEEPER.EXE
  C:\WINDOWS\System32\ctfmon.exe
  C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\PROGRA~1\DAP\DAP.EXE
  C:\DOCUME~1\ARNOLD~1\LOCALS~1\Temp\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/QuickPage/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
  O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
  O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
  O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
  O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
  O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
  O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\system32\SWEEPER.EXE /Q
  O4 - HKLM\..\Run: [Quicktlme] C:\WINDOWS\System32\ru.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
  O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O9 - Extra button: Run DAP (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
  O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
  O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
  O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{6C70894A-F501-4F77-89DD-8EDCABBB3F9C}: NameServer = 195.121.1.34 195.121.1.66
 • Sluit alle venster, run HijackThis nog een keer en lmaat volgende repareren:

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/QuickPage/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html

  R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [Quicktlme] C:\WINDOWS\System32\ru.exe
  O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe


  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx

  Reboot de pc in veilige modus, zorg dat alle verborgen bestanden zichtbaar zijn en verwijder het volgende:
  de map P2P Networking in C:\WINDOWS\System32\
  het bestand ru.exe in C:\WINDOWS\System32\
  de map GMT in C:\Program Files\Common Files\
 • Verwijder via configuratiescherm - software de Logitech desktop messenger en BackWeb.
  Reboot.  Run HijackThis nog een keer en laat volgende Items repareren:

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

  R3 - Default URLSearchHook is missing

  O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - (no file)
  O2 - BHO: Veevo Library - {6E34D984-4054-45E3-8452-0159A2F0D232} - C:\WINDOWS\System32\Veevo.dll

  O4 - HKLM\..\Run: [Quicktlme] C:\WINDOWS\System32\ru.exe

  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

  O16 - DPF: {11EC003D-C1FA-4C18-AB6D-C5D1E6F281CE} - http://cab.accesorapido.com/mp3bankilse.cab  Reboot je pc in veilige modus en verwijder:

  het bestand Veevo.dll in C:\WINDOWS\System32\
  het bestand ru.exe in C:\WINDOWS\System32\  Hier heb ik geen verklaring voor. Als het je niks zegt kan je hem best ook laten repareren door HijackThis: (en volgens mij kan ie er uit…)
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 8061232103

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.