anoniem Geplaatst: 15 oktober 2004 Delen Geplaatst: 15 oktober 2004 PC doet rare dingen en loopt vaak vast. Kan iemand even kijken naar het volgende log. Logfile of HijackThis v1.97.7 Scan saved at 16:33:45, on 15/10/04 Platform: Windows 98 SE (Win9x 4.10.2222B) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQINET.EXE C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\SWCALLER2.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\STARTER.EXE C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\WINDOWS\SYSTEM\CTFMON.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE C:\WINDOWS\SYSTEM\HPZIPM12.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4CFL9SP\20041014-009-I32[1].EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OUTLOOK.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\MSAGENT\AGENTSVR.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\OPSCAN.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YBGFY1S7\HIJACKTHIS[1].EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldonline.be/nederlands/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diddl.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\SWPortal.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\EASYCO~1\XP-TUN~1\POPUP-~1\POPUP-~1.DLL O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [SWCaller] "C:\WINDOWS\SYSTEM\SWCALLER2.EXE" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SystemTray] SysTray.ExE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - User Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - User Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - User Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - User Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37881.0796296296 O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=a9b6b6f32b47cf3a93ef2a1733e8758810777768bf78bfc79d2a25ede417b3b7d22883635aa03fcfa335efe2149c5410d678f01a2df8c18975d6893f98e917cd:758d2ef47310b63172726af73aab9f03 Alvast hartelijk dank. Quote Link naar reactie
0 anoniem Geplaatst: 15 oktober 2004 Auteur Delen Geplaatst: 15 oktober 2004 kijk hem na Quote Link naar reactie
0 anoniem Geplaatst: 15 oktober 2004 Auteur Delen Geplaatst: 15 oktober 2004 Ik raad je eerst aan om Datemanager, Precision Time en GMT te deïnstalleren. (Gator-spyware) Daarna Spybot s&d en/of adaware even laten scannen om de restanten ervan op te ruimen. En daarna een nieuw logje plaatsen ([url=http://users.pandora.be/bluepatchy/www/HijackThis.exe]Hijackthis 1.98.2[/url]) zodat we de rest kunnen fixen. ;) Quote Link naar reactie
0 anoniem Geplaatst: 15 oktober 2004 Auteur Delen Geplaatst: 15 oktober 2004 ZET HIJACKTHIS IN EEN EIGEN MAP!!!!!! Kill in taakbeheer deze processen: [list:51670f7cc8][b:51670f7cc8]SWCALLER2.EXE CMESYS.EXE" GMT.exe DateManager.exe PrecisionTime.exe[/b:51670f7cc8][/list:u:51670f7cc8] Ga naar start -> configuratiescherm -> software en verwijder deze items: [list:51670f7cc8][b:51670f7cc8]gator precision time date manager[/b:51670f7cc8][/list:u:51670f7cc8] Sluit alle vensters en laat hijackthis deze fixen: [list:51670f7cc8][b:51670f7cc8]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\SWPortal.html O4 - HKLM\..\Run: [SWCaller] "C:\WINDOWS\SYSTEM\SWCALLER2.EXE" O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE" O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - User Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - User Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=a9b6b6f32b47cf3a93ef2a1733e8758810777768bf78bfc79d2a25ede417b3b7d22883635aa03fcfa335efe2149c5410d678f01a2df8c18975d6893f98e917cd:758d2ef47310b63172726af73aab9f03 [/b:51670f7cc8][/list:u:51670f7cc8] Herstart in de veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm Laat alle verborgen bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm Verwijder indien aanwezig deze items: [list:51670f7cc8]C:\WINDOWS\SYSTEM\[b:51670f7cc8]SWPortal.html[/b:51670f7cc8] <--- deze file C:\WINDOWS\SYSTEM\[b:51670f7cc8]SWCALLER2.EXE[/b:51670f7cc8] <--- deze file C:\PROGRAM FILES\COMMON FILES\[b:51670f7cc8]CMEII[/b:51670f7cc8] <--- deze map C:\Program Files\Common Files\[b:51670f7cc8]GMT[/b:51670f7cc8] <--- deze map C:\Program Files\[b:51670f7cc8]Date Manager[/b:51670f7cc8] <--- deze map C:\Program Files\[b:51670f7cc8]PrecisionTime[/b:51670f7cc8] <--- deze map[/list:u:51670f7cc8] Herstart en plaats een nieuwe log. deze versie: http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13 Quote Link naar reactie
0 anoniem Geplaatst: 18 oktober 2004 Auteur Delen Geplaatst: 18 oktober 2004 Hierbij de nieuwe log. Logfile of HijackThis v1.98.2 Scan saved at 21:15:43, on 18/10/04 Platform: Windows 98 SE (Win9x 4.10.2222B) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQINET.EXE C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\STARTER.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\WINDOWS\SYSTEM\CTFMON.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE C:\WINDOWS\SYSTEM\HPZIPM12.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE C:\HIJACKTHIS\HIJACKTHIS.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldonline.be/nederlands/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diddl.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\EASYCO~1\XP-TUN~1\POPUP-~1\POPUP-~1.DLL O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SystemTray] SysTray.ExE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - User Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab Quote Link naar reactie
0 anoniem Geplaatst: 18 oktober 2004 Auteur Delen Geplaatst: 18 oktober 2004 Deze mogen nog gefixt worden. Voor de rest ziet je logje er terug clean uit. ;) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Quote Link naar reactie
0 anoniem Geplaatst: 18 oktober 2004 Auteur Delen Geplaatst: 18 oktober 2004 :oops: Stomme alexa's, kijk ik vaker overheen. :oops: Vink dus de items die Miekiemoes al aangaf in hijackthis aan en sluit alle vensters, daarna fix je ze. (en verwijder meteen de file related.htm) Quote Link naar reactie
Vraag
anoniem
Link naar reactie
6 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen