"find-on-the-net.com"
Bovenstaande nestelt zich steeds als homepage.
Wanneer ik met hijack this de registry keys verwijder die naar deze site verwijzen, worden deze onmiddellijk terug gelegd.
Ik delete deze dus in Hijack this, en wanneer ik Hijack this terug opstart, staan ze er terug in.
Ik heb reeds de laatste versie van ad aware laten lopen, dit is mijn log van hijack this:
Scan saved at 14:38:38, on 17/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\SwmontV4.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\notes\NLNOTES.EXE
C:\notes\naldaemn.EXE
C:\notes\nwrdaemn.EXE
C:\notes\nupdate.EXE
C:\notes\nhldaemn.EXE
C:\notes\nWEB.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\NetManage\APPS\EMULATION\NSTERM.EXE
Z:\easyip.exe
C:\WINNT\WinVnc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bhulavo\Desktop\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-on-the-net.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find-on-the-net.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by RECTICEL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.213.60.139:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.recticel.net;*.recticel.com;*.be.recticel.net;*.recticel.be;172.*;192.168.*;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\WINNT\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [StoreCleanup] RunDLL32 c:\PROGRA~1\NETMAN~1\common\nmconfig.dll,StoreCleanup
O4 - HKLM\..\Run: [NetManage LaunchNow Init] RunDLL32 c:\PROGRA~1\NETMAN~1\common\nmgoinn.dll,VerifyStartMenu
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SWMONTV4] SwmontV4.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = recticel.net,be.recticel.net,recticel.com,recticel.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = recticel.net,be.recticel.net,recticel.com,recticel.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = recticel.net,be.recticel.net,recticel.com,recticel.be
Bovenstaande nestelt zich steeds als homepage.
Wanneer ik met hijack this de registry keys verwijder die naar deze site verwijzen, worden deze onmiddellijk terug gelegd.
Ik delete deze dus in Hijack this, en wanneer ik Hijack this terug opstart, staan ze er terug in.
Ik heb reeds de laatste versie van ad aware laten lopen, dit is mijn log van hijack this:
Scan saved at 14:38:38, on 17/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\SwmontV4.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\notes\NLNOTES.EXE
C:\notes\naldaemn.EXE
C:\notes\nwrdaemn.EXE
C:\notes\nupdate.EXE
C:\notes\nhldaemn.EXE
C:\notes\nWEB.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\NetManage\APPS\EMULATION\NSTERM.EXE
Z:\easyip.exe
C:\WINNT\WinVnc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bhulavo\Desktop\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-on-the-net.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find-on-the-net.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by RECTICEL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.213.60.139:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.recticel.net;*.recticel.com;*.be.recticel.net;*.recticel.be;172.*;192.168.*;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\WINNT\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [StoreCleanup] RunDLL32 c:\PROGRA~1\NETMAN~1\common\nmconfig.dll,StoreCleanup
O4 - HKLM\..\Run: [NetManage LaunchNow Init] RunDLL32 c:\PROGRA~1\NETMAN~1\common\nmgoinn.dll,VerifyStartMenu
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SWMONTV4] SwmontV4.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = recticel.net,be.recticel.net,recticel.com,recticel.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = recticel.net,be.recticel.net,recticel.com,recticel.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = recticel.net,be.recticel.net,recticel.com,recticel.be
