Anoniem2 Geplaatst: 8 december 2009 Delen Geplaatst: 8 december 2009 hallo,\r\n\r\nHieronder mijn hijack this file. Het probleem is dat Google telkens andere pagina\'s opent bij het aanklikken van de link. \r\n\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 21:18:27, on 8-12-2009\r\nPlatform: Windows Vista SP2 (WinNT 6.00.1906)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18828)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\Windows\\system32\\Dwm.exe\r\nC:\\Windows\\system32\\taskeng.exe\r\nC:\\Windows\\Explorer.EXE\r\nC:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nC:\\Program Files\\CONEXANT\\cAudioFilterAgent\\cAudioFilterAgent.exe\r\nC:\\Windows\\System32\\rundll32.exe\r\nC:\\Program Files\\VideoWebCamera\\VideoWebCamera.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nC:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nC:\\Program Files\\Launch Manager\\LManager.exe\r\nC:\\Program Files\\NewTech Infosystems\\Packard Bell MyBackup\\BackupManagerTray.exe\r\nC:\\Program Files\\CyberLink\\PowerDVD8\\PDVD8Serv.exe\r\nC:\\Program Files\\Packard Bell\\Packard Bell PowerSave Solution\\ePowerTray.exe\r\nC:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jusched.exe\r\nC:\\Program Files\\AVG\\AVG9\\avgtray.exe\r\nC:\\Program Files\\Packard Bell\\SetupMyPC\\SmpSys.exe\r\nC:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\r\nC:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\r\nC:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE\r\nC:\\Windows\\system32\\wbem\\unsecapp.exe\r\nC:\\Program Files\\Windows Media Player\\wmpnscfg.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\Program Files\\PokerStars\\PokerStars.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe\r\nC:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\r\n\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0709&m=easynote_tj65[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://www.ask.com?o=14978&l=dis[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0709&m=easynote_tj65[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0709&m=easynote_tj65[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = \r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = \r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = \r\nO1 - Hosts: ::1 localhost\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG9\\avgssie.dll\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\nO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\r\nO2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll\r\nO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.4.4525.1752\\swg.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll\r\nO4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide\r\nO4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup\r\nO4 - HKLM\\..\\Run: [cAudioFilterAgent] C:\\Program Files\\Conexant\\cAudioFilterAgent\\cAudioFilterAgent.exe\r\nO4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup\r\nO4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit\r\nO4 - HKLM\\..\\Run: [VideoWebCamera] \"C:\\Program Files\\VideoWebCamera\\VideoWebCamera.exe\" -a\r\nO4 - HKLM\\..\\Run: [PLFSetI] C:\\Program Files\\PLFSetI.exe\r\nO4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nO4 - HKLM\\..\\Run: [LManager] C:\\Program Files\\Launch Manager\\LManager.exe\r\nO4 - HKLM\\..\\Run: [BackupManagerTray] \"C:\\Program Files\\NewTech Infosystems\\Packard Bell MyBackup\\BackupManagerTray.exe\" -k\r\nO4 - HKLM\\..\\Run: [RemoteControl8] \"c:\\Program Files\\CyberLink\\PowerDVD8\\PDVD8Serv.exe\"\r\nO4 - HKLM\\..\\Run: [PDVD8LanguageShortcut] \"c:\\Program Files\\CyberLink\\PowerDVD8\\Language\\Language.exe\"\r\nO4 - HKLM\\..\\Run: [Acer ePower Management] C:\\Program Files\\Packard Bell\\Packard Bell PowerSave Solution\\ePowerTrayLauncher.exe\r\nO4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"\r\nO4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"\r\nO4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"\r\nO4 - HKLM\\..\\Run: [AVG9_TRAY] C:\\PROGRA~1\\AVG\\AVG9\\avgtray.exe\r\nO4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime\r\nO4 - HKCU\\..\\Run: [SmpcSys] C:\\Program Files\\Packard Bell\\SetupMyPC\\SmpSys.exe\r\nO4 - HKCU\\..\\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] \"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020\r\nO4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"\r\nO4 - HKCU\\..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'LOCAL SERVICE\')\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'LOCAL SERVICE\')\r\nO4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'NETWORK SERVICE\')\r\nO8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000\r\nO9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll\r\nO9 - Extra \'Tools\' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll\r\nO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll\r\nO9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll\r\nO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe\r\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL\r\nO13 - Gopher Prefix: \r\nO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll\r\nO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG9\\avgpp.dll\r\nO20 - AppInit_DLLs: C:\\WINDOWS\\SYSTEM32\\DIMSROAM32.DLL,AVGRSSTX.DLL C:\\PROGRA~1\\GOOGLE\\GOOGLE~1\\GOEC62~1.DLL\r\nO20 - Winlogon Notify: !SASWinLogon - C:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll\r\nO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\PhotoshopElementsFileAgent.exe\r\nO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG9\\avgwdsvc.exe\r\nO23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\\Program Files\\Packard Bell\\Packard Bell PowerSave Solution\\ePowerSvc.exe\r\nO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\r\nO23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nO23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\r\nO23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\r\nO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe\r\nO23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe\r\nO23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\\Program Files\\NewTech Infosystems\\Packard Bell MyBackup\\IScheduleSvc.exe\r\nO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\\nvvsvc.exe\r\nO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\Windows\\system32\\IoctlSvc.exe\r\n\r\n--\r\nEnd of file - 9435 bytes\r\n\r\nIk hoop dat iemand iets kan vinden. Alvast bedankt. Quote Link naar reactie
0 Anoniem2 Geplaatst: 12 december 2009 Auteur Delen Geplaatst: 12 december 2009 Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator\" of \"Uitvoeren als administrator\". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:\r\n\r\n[B]R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://www.ask.com?o=14978&l=dis[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\nO4 - HKCU\\..\\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] \"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020\r\nO20 - AppInit_DLLs: C:\\WINDOWS\\SYSTEM32\\DIMSROAM32.DLL,AVGRSSTX.DLL C:\\PROGRA~1\\GOOGLE\\GOOGLE~1\\GOEC62~1.DLL[/B]\r\n\r\nKlik op \'Fix checked\' om de items te verwijderen.\r\n\r\nOpen kladblok en plak volgende vetgedrukte tekst in een leeg venster: \r\n\r\n[B]REGEDIT4 \r\n\r\n[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows] \r\n\"AppInit_DLLs\"=\"avgrsstx.dll\" [/B]\r\n\r\nSla dit op, op je Bureaublad als regfix.reg, met als type \"alle bestanden\" \r\nDubbelklik op regfix.reg en sta het toevoegen aan het register toe.\r\n\r\nDownload [b][url=http://www.besttechie.net/tools/mbam-setup.exe]MBAM (Malwarebytes\' Anti-Malware).[/url][/b]\r\n\r\nDubbelklik op mbam-setup.exe om het programma te installeren.\r\n\r\nZorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes\' Anti-Malware en Start Malwarebytes\' Anti-Malware, Klik daarna op \"Voltooien\".\r\nIndien een update gevonden werd, zal die gedownload en geïnstalleerd worden.\r\nWanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : \"Snelle Scan\", daarna klik op Scan.\r\nHet scannen kan een tijdje duren, dus wees geduldig.\r\nWanneer de scan voltooid is, klik op OK, daarna \"Bekijk Resultaten\" om de resultaten te zien.\r\nZorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.\r\nNa het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). \r\n\r\nIndien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.\r\nMBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.\r\n\r\nHet log wordt automatisch bewaard door MBAM en kan je terugvinden door op de \"Logs\" tab te klikken in het programma.\r\n\r\nIndien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.\r\n\r\nPlak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log. Quote Link naar reactie
Vraag
Anoniem2
Link naar reactie
1 antwoord op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen