werkbalk

[FX_Quicksilver]

k heb nu al een tijdje zo'n irri balk van find.quick.com in mijn beeld staan.
na wat speur werk weet k dat k de programma's ad-aware 6 (ofzo) en hackjis moet gebruiken.

alleen nu komt mij vraag waar kan k deze 2 programma's downloaden?
en hoe wwet k nu wel regel (uit ut hackijs log) moet verwijderen

thnx

 

[Jabuzero]

Zoek hier eens tussen........!

 

[FX_Quicksilver]

heb nu duz (eindelijk) hijack gevonden en gedownload en ad awara trouwens ook maar wie kan ff helpen met die log?

welke van hier onder kan k verwijderen:

Logfile of HijackThis v1.96.4
Scan saved at 17:04:16, on 2-9-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\1st Security Agent\newadmin.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
D:\KaZaA Lite\Kazaa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\RemD7.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\ScsD8.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Pascal de Hoop\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = find-quick.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {bc9b5fa0-f090-4054-9bb5-2d508e7ac369} - C:\DOCUME~1\PASCAL~1\APPLIC~1\viebrsujgl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: tlllygrsgpr - {510229b3-9eee-4df6-a3f7-9cefad053a16} - C:\DOCUME~1\PASCAL~1\APPLIC~1\viebrsujgl.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [00saskda] "d:\1st Security Agent\newadmin.exe" saskda
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [fujie] C:\DOCUME~1\PASCAL~1\APPLIC~1\gllcnprf.exe -QuieT
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

 

[Jabuzero]

OOk dat had je hier kunnen vinden..............

 

[excelsior]

Heb je je PC eerst al weleens gescant met Ad-aware, lijkt me logischer als je dat eerst doet

 

[FX_Quicksilver]

ben er al met ad awara over gegaan

 

[Caspar107]

Vink in hijackthis de volgende zaken aan en klik op Fix
C:\WINDOWS\System32\khooker.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\RemD7.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\ScsD8.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = find-quick.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find-quick.com/searchbar.ht
O2 - BHO: (no name) - {bc9b5fa0-f090-4054-9bb5-2d508e7ac369} - C:\DOCUME~1\PASCAL~1\APPLIC~1\viebrsujgl.dll
O3 - Toolbar: tlllygrsgpr - {510229b3-9eee-4df6-a3f7-9cefad053a16} - C:\DOCUME~1\PASCAL~1\APPLIC~1\viebrsujgl.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [fujie] C:\DOCUME~1\PASCAL~1\APPLIC~1\gllcnprf.exe -QuieT

En Jabuzero, denk dat een hoop mensen niet zelf kunnen bepalen wat wel en niet weg kan.

En QuickSilver, volgens mij is je log niet helemaal compleet, fix de zaken die ik zeg eens en plaats dan eens een nieuwe (complete).

 

[excelsior]

Idd, maar daar hebben we hier onze mensen voor :thumb:

 

[FX_Quicksilver]

het is gelukt.


thnx you all (':')

(':thumb:')

 

[Caspar107]

Geen dank

 

[excelsior]

No Pleasure

:thumb:

 

[FX_Quicksilver]

nu heb k alles gedaan maar nu krijg k als k de startpagina wou veranderen in www.startpagina.nl
steeds weer de http://find.quick.com

als k deze dan weer verander komt deze k*t pagina weer opnieuw

moet k nu met hijack ut laten scannen

 

[Caspar107]

Doe nog maar eens een Hijackthis log

 

[FX_Quicksilver]

dit is hem weer:

Logfile of HijackThis v1.96.4
Scan saved at 21:03:37, on 2-9-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\1st Security Agent\newadmin.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\PASCAL~1\APPLIC~1\gllcnprf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\Tqa1.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
d:\Kazaa Lite K++\Kazaa.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\1st Security Agent\newadmin.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = find-quick.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [00saskda] "d:\1st Security Agent\newadmin.exe" saskda
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [fujie] C:\DOCUME~1\PASCAL~1\APPLIC~1\gllcnprf.exe -QuieT
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

 

[Pieter Arntz]

Hoi FX_Quicksilver,

Vink de volgende zaken aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = find-quick.com
O4 - HKLM\..\Run: [fujie] C:\DOCUME~1\PASCAL~1\APPLIC~1\gllcnprf.exe -QuieT

Start daarna opnieuw op en verwijder:
C:\DOCUMENTS AND SETTINGS\[gebruikersnaam]\APPLICATION DATA\gllcnprf.exe

Groetjes,

Pieter