Werd dit systeem gehigjackt ?

[anoniem]

Kan iemand eens kijken of hier zaken in staan waardoor een kennis steeds dezelfde rommel te zien krijgt vanaf het ogenblik dat hij op internet gaat. Logfile of HijackThis v1.97.7 Scan saved at 19:44:34, on 20/10/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\MediaKey\MediaKey.EXE C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\mssys.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\system32\bgjovadr.exe C:\Documents and Settings\Admin\Bureaublad\downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=133654 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=133654 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=133654 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=133654 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://be-nl.altavista.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [gkpsijjh] C:\WINDOWS\system32\bgjovadr.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: planetinternet.lnk = ? O4 - Startup: server[1].exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: SideFind (HKLM) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh...n/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223 O17 - HKLM\System\CCS\Services\Tcpip\..\{BD00892E-E852-4DBE-8DDB-78C7134504A8}: NameServer = 194.119.228.67 193.74.208.135 Bedankt?

[anoniem]

Kijk hem na :wink:

[anoniem]

Druk tegelijk op ctrl+alt+del om naar taakbeheer te gaan, kies daar voor het tabblad processen en stop deze processen indien draaiend: [list:cc50c79d9a][b:cc50c79d9a]sais.exe SearchUpgrader.exe istsvc.exe bgjovadr.exe powerscan.exe conscorr.exe server[1].exe[/b:cc50c79d9a][/list:u:cc50c79d9a] Ga naar start -> configuratiescherm -> software en deinstalleer indien mogelijk het volgende: [list:cc50c79d9a][b:cc50c79d9a]powerscan istbar[/b:cc50c79d9a][/list:u:cc50c79d9a] Scan nog een keer met hijackthis en vink onderstaande items aan, sluit vervolgens alle vensters behalve hijackthis en klik daarna op fix checked. [list:cc50c79d9a][b:cc50c79d9a]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=133654 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=133654 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=133654 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=133654 O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [gkpsijjh] C:\WINDOWS\system32\bgjovadr.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe O4 - Startup: server[1].exe O9 - Extra button: SideFind (HKLM) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab[/b:cc50c79d9a][/list:u:cc50c79d9a] Herstart in veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm Laat alle verborgen bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm Verwijder indien aanwezig de volgende items: [list:cc50c79d9a]C:\WINDOWS\[b:cc50c79d9a]localNRD.dll <--- dit bestand[/b:cc50c79d9a] C:\Program Files\[b:cc50c79d9a]SideFind <--- deze map[/b:cc50c79d9a] C:\Program Files\[b:cc50c79d9a]ISTbar <--- deze map[/b:cc50c79d9a] c:\program files\[b:cc50c79d9a]180solutions <--- deze map[/b:cc50c79d9a] C:\Program Files\Common files\[b:cc50c79d9a]SearchUpgrader <--- deze map[/b:cc50c79d9a] C:\Program Files\[b:cc50c79d9a]ISTsvc <--- deze map[/b:cc50c79d9a] C:\WINDOWS\system32\[b:cc50c79d9a]bgjovadr.exe <--- dit bestand[/b:cc50c79d9a] C:\Program Files\[b:cc50c79d9a]Power Scan <--- deze map[/b:cc50c79d9a] C:\WINDOWS\[b:cc50c79d9a]conscorr.exe <--- dit bestand[/b:cc50c79d9a] [b:cc50c79d9a]server[1].exe <--- dit bestand[/b:cc50c79d9a] C:\[b:cc50c79d9a]install.cab <--- dit bestand[/b:cc50c79d9a][/list:u:cc50c79d9a] Start de computer overnieuw op en doe een online virusscan: http://www.bitdefender.com/scan/licence.php (Als je geen breedband hebt mag je ook norton updaten en die in de veilige modus een volledige scan laten uitvoeren) Herstart de pc nog een maal en plaats een nieuwe hijackthis log met de nieuwste versie van hijackthis http://www.spywareinfo.com/~merijn/files/hijackthis.zip

[anoniem]

:-? sorry dat ik hier effe kom storen maar ik zie dat de log gemaakt is met een verouderde versie van hijackthis. hier vindt je de laatse versie. [url]http://members.lycos.nl/pinoroeltgewoon/nl.htm[/url]

[anoniem]

Bedankt dat je dat even aangeeft Lycan, was het zelf vergeten. :oops: @TS, maak de nieuwe log met de versie die op de site staat die Lycan aangeeft. Edit: directe download link: http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

[anoniem]

8) graag gedaan. We zijn er om mekaar te helpen.

[anoniem]

Na uitvoering en aanzuivering van hetgeen werd gevraagd en installatie van de recenste HijackThis-versie, krijgen wij hetvolgende resultaat. Staan hier zaken in die het steeds weerkerende scherm-probleem kunnen veroorzaken. Logfile of HijackThis v1.98.2 Scan saved at 20:08:05, on 27/10/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\MediaKey\MediaKey.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Documents and Settings\Admin\Bureaublad\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.be/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://be-nl.altavista.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: planetinternet.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223 O17 - HKLM\System\CCS\Services\Tcpip\..\{BD00892E-E852-4DBE-8DDB-78C7134504A8}: NameServer = 194.119.228.67 193.74.208.135 O20 - AppInit_DLLs: C:\WINDOWS\System32\