Vraag & Antwoord

Beveiliging & privacy

Browser hijack ??

Anoniem
smeenk
1 antwoord
  • Wie wil mij helpen??
    Startpagina is overgenomen en de pc lijkt een eigen leven te lijden.
    Graag hulp.

    Hierbij een hijack this log.Logfile of HijackThis v1.99.1
    Scan saved at 15:06:58, on 9-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
    C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: G DATA Firewall Tray.lnk = C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O21 - SSODL: bxlrvps - {2D1F2C9D-0AEE-492F-A358-CCC70EB24493} - C:\WINDOWS\bxlrvps.dll
    O21 - SSODL: ComponentMon - {c174ed35-113f-4fd6-83b2-7994a2cbcd9f} - C:\WINDOWS\Installer\{c174ed35-113f-4fd6-83b2-7994a2cbcd9f}\ComponentMon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
    O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
    O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - Unknown owner - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.