Mededeling

Collapse
No announcement yet.

vervelende startpagina, pop-ups,zoekbalken, ik heb het allemaal. Help aub..

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • vervelende startpagina, pop-ups,zoekbalken, ik heb het allemaal. Help aub..

    Een gekaapte startpagina van hereforsearch, hardnekkige pop-ups.. Ze terroriseren mijn pc. verder is de pc traag en loopt regelmatig vast.

    gescand met ad-aware en spybot. Hoop dat jullie me kunnen helpen.

    Het logje:

    Logfile of HijackThis v1.99.0
    Scan saved at 21:59:50, on 27-12-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\SYSTEM\NTCPL.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\OHOSRWEV17C.EXE
    C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\5CXMN2K2BS5.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
    C:\WINDOWS\SYSTEM\ORRHD20VK3B9LZS.EXE
    C:\WINDOWS\SYSTEM\WICEHVKF7DXC.EXE
    C:\WINDOWS\SYSTEM\KE2SU18T0XVO.EXE
    C:\WINDOWS\SYSTEM\ITFK89S0OPOV.EXE
    C:\WINDOWS\SYSTEM\R4MF4E1V3RN.EXE
    C:\WINDOWS\SYSTEM\5J4WPWH4ZNKR.EXE
    C:\WINDOWS\GKTCBWSLUB.EXE
    C:\WINDOWS\SYSTEM\WLIJBX2FEBTHD.EXE
    C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\MIJN DOCUMENTEN\NIEUWE MAP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2NTTEB~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Hindustan] C:\UNZIPPED\MSN-FAKE[1]\MSMSGS.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
    O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
    O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .png: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = glerum.local
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.115.192.193,212.115.192.195

  • #2
    Hoi Daan,

    leuke heb je vast...

    * Download en installeer CCleaner
    Nog niet gebruiken

    * Indien je Adaware SE nog niet op je systeem moest hebben: Download die hier. Naar het schijnt kan deze tegenwoordig ook met deze infectie om. Laat Adaware se eerst updaten, maar nog niet scannen.

    * Download CWShredder. Nog niet laten runnen!

    * Deïnstalleer daarna via je softwarelijst het programma switch indien aanwezig.

    * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.
    * Start hijackthis en vink volgende items aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2NTTEB~1.DLL
    O4 - HKLM\..\Run: [Hindustan] C:\UNZIPPED\MSN-FAKE[1]\MSMSGS.exe
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
    O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
    O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interact...stallPlugIn.cab


    * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

    * Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

    Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

    * Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

    C:\WINDOWS\SYSTEM\2NTTEB~1.DLL
    C:\WINDOWS\SYSTEM\NTCPL.EXE
    C:\WINDOWS\SYSTEM\OHOSRWEV17C.EXE
    C:\WINDOWS\SYSTEM\5CXMN2K2BS5.EXE
    C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
    C:\WINDOWS\SYSTEM\ORRHD20VK3B9LZS.EXE
    C:\WINDOWS\SYSTEM\WICEHVKF7DXC.EXE
    C:\WINDOWS\SYSTEM\KE2SU18T0XVO.EXE
    C:\WINDOWS\SYSTEM\ITFK89S0OPOV.EXE
    C:\WINDOWS\SYSTEM\R4MF4E1V3RN.EXE
    C:\WINDOWS\SYSTEM\5J4WPWH4ZNKR.EXE
    C:\WINDOWS\GKTCBWSLUB.EXE
    C:\WINDOWS\SYSTEM\WLIJBX2FEBTHD.EXE
    C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
    C:\UNZIPPED\MSN-FAKE[1] <==deze map
    C:/Program Files/EnterOne <==deze map

    * Start Cwshredder en klik op FIX

    * Doe een volledige scan met adaware se

    * Start Ccleaner en klik op Run Cleaner (rechts onderaan)

    * Reboot je pc terug normaal en post een nieuw hijackthislogje.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog

    Comment


    • #3
      nieuw logje

      Dank voor de snelle reactie
      ik heb alles uitgevoerd zoals je het aangegeven hebt. Startpagina en zoekbalken zijn inderdaad weg

      Hier het nieuwe hijackthis logje
      kun je deze nogmaals checken, alvast bedankt


      Logfile of HijackThis v1.99.0
      Scan saved at 0:32:54, on 28-12-04
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
      C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
      C:\WINDOWS\SYSTEM\SPOOL32.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
      C:\WINDOWS\RunDLL.exe
      C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\MIJN DOCUMENTEN\ANTISPYWARE NIET VERWIJDEREN\HIJACKTHIS.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
      O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
      O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
      O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
      O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
      O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
      O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
      O12 - Plugin for .png: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
      O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
      O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
      O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
      O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
      O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
      O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = glerum.local
      O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.115.192.193,212.115.192.195

      Comment


      • #4
        Ziet er al veel beter uit!!

        Deze mag je alvast nog terug fixen:

        O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE

        Kijk nog eens voor de zekerheid of deze niet meer aanwezig is in je system-map of het is straks weer feest op je pc..

        Btw.. zeg glerum.local je iets? Ik veronderstel van wel...
        Microsoft MVP - Consumer Security
        Director of Research @ Malwarebytes
        Mijn Blog

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X
        😀
        🥰
        🤢
        😎
        😡
        👍
        👎