Mededeling

Collapse
No announcement yet.

Irrie startpagina en favorieten

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Irrie startpagina en favorieten

    Logfile of HijackThis v1.98.2
    Scan saved at 20:37:21, on 27-12-2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\rundll32m.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Popup Ad Filter\PopFilter.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.thesearchs.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesearchs.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [CD Eject Tool] C:\Program Files\CD Eject Tool\CD Eject Tool.exe
    O4 - HKCU\..\Run: [fyfdlxv] c:\windows\tjxhspq.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Snelkoppeling naar CCAPP.lnk = C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
    O16 - DPF: {047CE197-F3B0-40EE-B4BD-D8B388AB5EFD} - file://C:\Recycled\720186.exe
    O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101752487702
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O21 - SSODL: SecurityUpdate - {05469B7E-6109-4363-95E6-FCD8F18D9B59} - C:\WINDOWS\System32\SQLSFC.DLL

    merci
    Labels: Geen
    • Citaat
  • #2
    Ik zie dat je nog een oudere versie van hijackthis gebruikt. Dus, beter om die eerst te updaten.
    Start hijackthis, klik op 'misc tools'>Check for update online. Download de nieuwe versie (1.99), unzip het en plaats het in een permanente map.
    (Als de update-functie niet werkt kan je de nieuwste versie hier downloaden)

    Plaats daarna een nieuw logje met de nieuwe versie.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog
    • Citaat

    Comment

    • #3
      Logfile of HijackThis v1.99.0
      Scan saved at 17:43:45, on 28-12-2004
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\system32\rundll32m.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\ASUS\Probe\AsusProb.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Popup Ad Filter\PopFilter.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\FTDv3\FTDv3.exe
      C:\Program Files\nbpro\nbpro.exe
      C:\Program Files\Norton AntiVirus\OPScan.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.thesearchs.com/search.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesearchs.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe
      O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [CD Eject Tool] C:\Program Files\CD Eject Tool\CD Eject Tool.exe
      O4 - HKCU\..\Run: [fyfdlxv] c:\windows\tjxhspq.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Startup: Snelkoppeling naar CCAPP.lnk = C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
      O16 - DPF: {047CE197-F3B0-40EE-B4BD-D8B388AB5EFD} - file://C:\Recycled\720186.exe
      O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101752487702
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O21 - SSODL: SecurityUpdate - {05469B7E-6109-4363-95E6-FCD8F18D9B59} - C:\WINDOWS\System32\SQLSFC.DLL
      O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
      O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
      O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      • Citaat

      Comment

      • #4
        Wil je de volgende file: C:\WINDOWS\system32\rundll32m.exe eens hier laten scannen. Bovenaan zie je staan: ' File to upload & scan:'
        Blader daar naar C:\WINDOWS\system32\rundll32m.exe en klik op submit.
        Laat me weten wat er gevonden wordt.

        * Download en installeer CCleaner
        Nog niet gebruiken

        * Download CWShredder. Nog niet laten runnen!

        * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.
        * Start hijackthis en vink volgende items aan:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.thesearchs.com/search.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesearchs.com
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
        O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
        O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
        O4 - HKCU\..\Run: [fyfdlxv] c:\windows\tjxhspq.exe
        O16 - DPF: {047CE197-F3B0-40EE-B4BD-D8B388AB5EFD} - file://C:\Recycled\720186.exe
        O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
        O21 - SSODL: SecurityUpdate - {05469B7E-6109-4363-95E6-FCD8F18D9B59} - C:\WINDOWS\System32\SQLSFC.DLL
        O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)

        * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

        * Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

        Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

        IESearchToolbar

        * Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

        C:\Program Files\IESearchToolbar <==deze map
        c:\windows\tjxhspq.exe
        C:\WINDOWS\System32\SQLSFC.DLL
        C:\WINDOWS\System32\angelex.exe (indien aanwezig)

        * Start CWShredder en klik op FIX

        * Start Ccleaner en klik op Run Cleaner (rechts onderaan)

        Reboot je pc en post een nieuw hijackthislogje.
        Microsoft MVP - Consumer Security
        Director of Research @ Malwarebytes
        Mijn Blog
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X