Mededeling

Collapse
No announcement yet.

Spyware, virus !!!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware, virus !!!

    Ik heb het volgende probleem!
    Ik heb in IE een toolbar gekregen, en een startpagina die niet te veranderen is.

    Ik heb met SP&D gescant alles weggehaald wat gevonden werd.
    Daarnaast had ik nog met Hjaktisj een scan gemaakt en heb alles waar RichFind in staat gefixd maar het komt steeds weer terug, steeds als ik de scan erover heen haal is die er weer.
    Ik heb daarnaast nog op de C schrijf handmatig gezocht maar helaas niks gevonden Met de zoekoptie van de computer vind die helaas niets. Wat moet ik doen?? Ik heb nog maar is een log hieronder toegevoegd.


    Logfile of HijackThis v1.97.7
    Scan saved at 15:24:32, on 6-10-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\FLS.exe
    C:\Program Files\NaviSearch\bin\nls.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\Icons\seticon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
    C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\exdl2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\v Driel\Bureaublad\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.informatique.nl/
    R3 - URLSearchHook: Richfind - {B77488C7-9EE1-45EE-9161-DC82936424FD} - C:\WINDOWS\System32\Q1429187.dll
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {278CC4E0-703F-4034-856D-17F1A3121F42} - C:\WINDOWS\System32\Q1429187.dll
    O2 - BHO: (no name) - {6226ECD0-D1C6-4D19-945D-950F96B6D8BB} - C:\WINDOWS\System32\Q1429187.dll
    O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: (no name) - {E1CE8072-0FA9-4D4E-B4BD-95A35DBEFC8C} - C:\WINDOWS\System32\Q1429187.dll
    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Richfind - {76D92A5F-ADD2-4AF3-B09B-5107D4050133} - C:\WINDOWS\System32\Q1429187.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [FLS] C:\WINDOWS\FLS.exe
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\seticon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
    O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Richfind (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.informatique.nl
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

  • #2
    Draai eerst even Ad Aware SE. (Full System Scan)

    Start opnieuw op, update naar HijackThis 1.98.2:

    http://radiosplace.com

    Maak nu een nieuw logje en post dat hier

    Comment


    • #3
      Helpt helaas niets


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\FLS.exe
      C:\Program Files\NaviSearch\bin\nls.exe
      C:\Program Files\BullsEye Network\bin\bargains.exe
      C:\Program Files\Icons\seticon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
      C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
      C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
      C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
      C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
      C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\System32\msiexec.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\WINDOWS\System32\exdl2.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Documents and Settings\v Driel\Bureaublad\HijackThis.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\System32\wuauclt.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.informatique.nl/
      R3 - URLSearchHook: Richfind - {B77488C7-9EE1-45EE-9161-DC82936424FD} - C:\WINDOWS\System32\Q1429187.dll
      O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
      O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {278CC4E0-703F-4034-856D-17F1A3121F42} - C:\WINDOWS\System32\Q1429187.dll
      O2 - BHO: (no name) - {6226ECD0-D1C6-4D19-945D-950F96B6D8BB} - C:\WINDOWS\System32\Q1429187.dll
      O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
      O2 - BHO: (no name) - {E1CE8072-0FA9-4D4E-B4BD-95A35DBEFC8C} - C:\WINDOWS\System32\Q1429187.dll
      O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Richfind - {76D92A5F-ADD2-4AF3-B09B-5107D4050133} - C:\WINDOWS\System32\Q1429187.dll
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [FLS] C:\WINDOWS\FLS.exe
      O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
      O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
      O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\seticon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: officejet 6100.lnk = ?
      O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
      O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Richfind (HKLM)
      O9 - Extra button: Related (HKLM)
      O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
      O9 - Extra button: Messenger (HKLM)
      O9 - Extra 'Tools' menuitem: Messenger (HKLM)
      O14 - IERESET.INF: START_PAGE_URL=http://www.informatique.nl
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
      O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

      Comment


      • #4
        Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map . Dit in verband met de backups die dit programma maakt


        1. Vink onderstaande aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/

        R3 - URLSearchHook: Richfind - {B77488C7-9EE1-45EE-9161-DC82936424FD} - C:\WINDOWS\System32\Q1429187.dll

        O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
        O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {278CC4E0-703F-4034-856D-17F1A3121F42} - C:\WINDOWS\System32\Q1429187.dll
        O2 - BHO: (no name) - {6226ECD0-D1C6-4D19-945D-950F96B6D8BB} - C:\WINDOWS\System32\Q1429187.dll
        O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
        O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
        O2 - BHO: (no name) - {E1CE8072-0FA9-4D4E-B4BD-95A35DBEFC8C} - C:\WINDOWS\System32\Q1429187.dll
        O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

        O3 - Toolbar: Richfind - {76D92A5F-ADD2-4AF3-B09B-5107D4050133} - C:\WINDOWS\System32\Q1429187.dll

        O4 - HKLM\..\Run: [FLS] C:\WINDOWS\FLS.exe
        O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
        O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

        O9 - Extra button: Richfind (HKLM)
        O9 - Extra button: Related (HKLM)
        O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

        O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx


        2. Start opnieuw op in veilige modus.
        Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

        Verwijder, in veilige modus:
        Mappen
        C:\Program Files\NaviSearch
        C:\Program Files\BullsEye Network
        C:\Program Files\MyWay

        Bestand
        C:\WINDOWS\FLS.exe

        3. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier

        Comment


        • #5
          Hoe ging veilige modus ook alweer precies met F ??? lukt niet meer


          Toevallig de zelfde persoon van helpmij
          Last edited by Yoram; 10-10-04, 21:23.

          Comment


          • #6
            Oorspronkelijk geplaatst door Yoram
            Hoe ging veilige modus ook alweer precies met F ??? lukt niet meer


            Toevallig de zelfde persoon van helpmij
            F8

            En ja, 100% dezelfde [email protected]


            Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

            "Verwar de waarheid niet met de mening van de meerderheid"

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X