Vraag & Antwoord

Beveiliging & privacy

weblog beoordelen svp

Anoniem
None
2 antwoorden
 • Hieronder weblog van cpu:

  Logfile of HijackThis v1.98.2
  Scan saved at 10:12:59, on 6-11-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Real\RealPlayer\realplay.exe
  C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
  C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
  C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
  C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\ScsiAccess.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
  C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
  C:\Compaq\EAKDRV\EAUSBKBD.EXE
  C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
  C:\WINDOWS\System32\HPZipm12.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\winhlp32.exe
  C:\WINDOWS\System32\wupdmgr32.exe
  C:\WINDOWS\System32\updates.exe
  C:\WINDOWS\System32\cmd.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\van Oort Menge\Mijn documenten\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=4840687
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=4840687
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.cc/index.php?v=6&aff=4840687
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0413&s=search&ap=b204
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0413&ac
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
  O1 - Hosts: 81.211.105.69 lender-search.com
  O1 - Hosts: 81.211.105.68 hot-searches.com
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
  O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
  O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
  O4 - HKLM\..\Run: [blah service] updates.exe
  O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
  O4 - HKLM\..\RunServices: [blah service] updates.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
  O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
  O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE3E0BD-1392-468A-802F-7A86710C3E41}: NameServer = 195.241.48.33 195.241.49.33
  O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
  O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll

  Graag uw reacties hierop
 • Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen:
  wupdmgr32.exe
  updates.exe

  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:ca41ae91e5]
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=4840687
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=4840687
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.cc/index.php?v=6&aff=4840687

  O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
  O1 - Hosts: 81.211.105.69 lender-search.com
  O1 - Hosts: 81.211.105.68 hot-searches.com

  O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll

  O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
  O4 - HKLM\..\Run: [blah service] updates.exe
  O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
  O4 - HKLM\..\RunServices: [blah service] updates.exe

  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

  O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll
  [/b:ca41ae91e5]

  Als je dit gedaan hebt start je de computer op in veilige modus.
  Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
  C:\WINDOWS\System32\wupdmgr32.exe
  C:\WINDOWS\System32\updates.exe


  Reboot de computer.
  Maak je prullenbak leeg.

  Verwijder alle systeemherstelpunten: Systeemherstel uitschakelen
  Schakel nadien systeemherstel weer in.

  Doe een online-scan. Liefst beiden, laat alle bestanden vewijderen die gevonden worden.:
  http://www.pandasoftware.com/activescan/com/activescan_principal.htm
  http://housecall.trendmicro.com/housecall/start_corp.asp

  Bezoek de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

  Run HijackThis en post een nieuwe log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.