zeer groot hijacklog

[anoniem]

Wie zou daar eens naar willen kijken? Het is de computer van mijn werk die nog al eens kuren vertoont. Ik heb zojuist adaware en spyware stormer eerst een system check laten doen en veel verwijderd. Maar ik heb zo het idee dat er toch nog een boel over is wat niet pluis is. Maar goed hier de LOG Degene die het aandurft..alvast bedankt! Logfile of HijackThis v1.98.2 Scan saved at 16:34:39, on do 21 okt 04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE D:\PC CILLIN 2002\PCCIOMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE D:\PC CILLIN 2002\POP3TRAP.EXE C:\RAM IDLE\RAMIDLE.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\SHUTDOWNAWARE.EXE D:\PC CILLIN 2002\PCCGUIDE.EXE D:\PC CILLIN 2002\PCCCLIENT.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE D:\OMNIPAGE SE\OPWARESE2.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\KDX\KHOST.EXE C:\PROGRAM FILES\UMSD TOOLS2.33\UMSD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE D:\PC CILLIN 2002\WEBTRAP.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE D:\CATELIJNE\CAT STUFF\DIVERS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ACROBAT READER 5.05\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing) O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Click2Share] C:\Program Files\Sitecom\C2SLoad.exe O4 - HKLM\..\Run: [PCCIOMON.exe] "D:\PC Cillin 2002\PCCIOMON.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "D:\PC Cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [WebTrap.exe] "C:\PC Cilllin 2000\WebTrap.exe" O4 - HKLM\..\Run: [RAM Idle] C:\RAM Idle\RAMIdle.exe O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\PowerQuest\PartitionMagic5\UTILITY\MMOVER32\PQINIT.EXE O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe O4 - HKLM\..\Run: [pccguide.exe] "D:\PC Cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "D:\PC Cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OpwareSE2] "D:\OmniPage SE\OpwareSE2.exe" O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run C:\Program Files\UMSD Tools2.33 O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\RunServices: [PCCIOMON.exe] "D:\PC Cillin 2002\PCCIOMON.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service O4 - HKLM\..\RunServices: [PCCPFW] D:\PC Cillin 2002\PCCPFW.exe O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE O4 - Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: Download &all with DAP - C:\DAP5~1.0\DAP\dapextie2.htm O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} (NN_Bar_Helper) - http://download.getmirar.com/install.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.champignonsuisse.ch/CFIDE/classes/CFJava.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/en/SysWebTelecomInt.cab phew..wat een lijst... :o

[anoniem]

niemand? :-?

[anoniem]

Spyware Stormer? Kijk hier eens. http://www.spywarewarrior.com/rogue_anti-spyware.htm Overigens is dit een vrij normaal formaat hjt log hoor. Heb ze wel 5x zo lang gezien...

[anoniem]

Idd er zijn veel langere. Maar ik zal deze eens checken voor je.

[anoniem]

Ga naar start -> configuratiescherm -> software en verwijder indien mogelijk:[list:b06d3b94ef][b:b06d3b94ef]spywarestormer (is zelf rommel) mybar my way search bar switch[/b:b06d3b94ef][/list:u:b06d3b94ef] Scan nog een keer met hijackthis en vink deze items aan, sluit daarna alle vensters en klik op fix checked. [list:b06d3b94ef][b:b06d3b94ef]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing) O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing) O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} (NN_Bar_Helper) - http://download.getmirar.com/install.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/en/SysWebTelecomInt.cab[/b:b06d3b94ef][/list:u:b06d3b94ef] Herstart veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm Laat alle bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm Verwijder onderstaande items indien nog aanwezig: [list:b06d3b94ef]C:/Program Files/[b:b06d3b94ef]Startportal <--- map[/b:b06d3b94ef] C:\PROGRAM FILES\[b:b06d3b94ef]MYWEBSEARCH <--- map[/b:b06d3b94ef] [b:b06d3b94ef]EGCOMLIB_1034.dll <---file[/b:b06d3b94ef][/list:u:b06d3b94ef] Herstart en maak een nieuwe log.

[anoniem]

Klein logje zeg, zeker wanneer je deze gezien hebt... Doe je die ook ff, pcguy? [code:1:7a84b4fa90]Logfile of HijackThis v1.98.2 Scan saved at 6:29:52 AM, on 9/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\pctspk.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\nacqzagb.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phantasytour.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {54A45EF9-287B-69B9-1EAD-B92AAFBB91BA} - C:\WINDOWS\system32\vnqraogv.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe O4 - HKLM\..\Run: [akrnpbmf] C:\WINDOWS\nacqzagb.exe O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe O4 - HKLM\..\Run: [b] C:\WINDOWS\System32\ppwqcl.exe O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe O4 - HKLM\..\Run: [npxruxhcj] C:\WINDOWS\System32\gvkjjq.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [timestamp=servername&Year(now())&Month(now())&Day(now())&Hour(Now())&minute(Now())&second(no] c:\WINDOWS\System32\timestamp=servername&Year(now())&Month(now())&Day(now())&Hour(Now())&minute(Now())&second(now()) O4 - HKLM\..\Run: [] c:\WINDOWS\System32\ O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false; O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINDOWS\System32\IEmac = ((document.all)&&(isMac)) ? true : false; O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false; O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System32\ver4 = (NS4 || IE4plus) ? true : false; O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false; O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System32\IE5plus = IE5 || IE6; O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0; O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus) O4 - HKLM\..\Run: [ IEMajor = p****Int(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\ IEMajor = p****Int(navigator.appVersion.substring(start+5,end)); O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions) O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array(); O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f) O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload; O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f; O4 - HKLM\..\Run: [ else if (window.onl] c:\WINDOWS\System32\ else if (window.onload) O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINDOWS\System32\ if (window.onload != SafeOnload) O4 - HKLM\..\Run: [ gSafeOnload[0] = window.onl] c:\WINDOWS\System32\ gSafeOnload[0] = window.onload; O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload; O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ else O4 - HKLM\..\Run: [ window.onload ] c:\WINDOWS\System32\ window.onload = f; O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload() O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i](); O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn) O4 - HKLM\..\Run: [ var checknum = p****Int(num] c:\WINDOWS\System32\ var checknum = p****Int(numIn); O4 - HKLM\..\Run: [ return !isNaN(checkn] c:\WINDOWS\System32\ return !isNaN(checknum); O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init() O4 - HKLM\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System32\ if (gPopupWindow.CheckFrequency()) O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show() O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\ var newWin = window.open(this.url,this.name,settings); O4 - HKLM\..\Run: [ if (! this.on] c:\WINDOWS\System32\ if (! this.ontop) O4 - HKLM\..\Run: [ window.focu] c:\WINDOWS\System32\ window.focus(); O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency() O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINDOWS\System32\ var shouldShow = this.frequency != 0; O4 - HKLM\..\Run: [ var allCookies = document.coo] c:\WINDOWS\System32\ var allCookies = document.cookie; O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINDOWS\System32\ end = allCookies.length; O4 - HKLM\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System32\ var freqStr = allCookies.substring(start+9,end); O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINDOWS\System32\ if (isInt(freqStr)) O4 - HKLM\..\Run: [ this.frequency = p****Int(freqS] c:\WINDOWS\System32\ this.frequency = p****Int(freqStr); O4 - HKLM\..\Run: [ this.frequenc] c:\WINDOWS\System32\ this.frequency--; O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ else O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINDOWS\System32\ shouldShow = false; O4 - HKLM\..\Run: [ var exp = new Dat] c:\WINDOWS\System32\ var exp = new Date(); O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\ exp.setTime(exp.getTime()+this.renew*60*6000); O4 - HKLM\..\Run: [ return shouldS] c:\WINDOWS\System32\ return shouldShow; O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height) O4 - HKLM\..\Run: [ this.width = wi] c:\WINDOWS\System32\ this.width = width; O4 - HKLM\..\Run: [ this.height = hei] c:\WINDOWS\System32\ this.height = height; O4 - HKLM\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System32\ this.top = screen.availHeight/2 - height/2; // center O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\ this.left = screen.availWidth/2 - width/2; // center O4 - HKLM\..\Run: [ this.url = ] c:\WINDOWS\System32\ this.url = url; O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINDOWS\System32\ this.showDelay = 2000; O4 - HKLM\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System32\ this.frequency = 1; // how many times show per renewal time period O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\ this.renew = 1; // renew showing every x hours O4 - HKLM\..\Run: [ this.scrollbars= fa] c:\WINDOWS\System32\ this.scrollbars= false; O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINDOWS\System32\ this.toolbar= false; O4 - HKLM\..\Run: [ this.statusbar= fa] c:\WINDOWS\System32\ this.statusbar= false; O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINDOWS\System32\ this.resizable = false; O4 - HKLM\..\Run: [ this.locationbar = fa] c:\WINDOWS\System32\ this.locationbar = false; O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINDOWS\System32\ this.menubar = false; O4 - HKLM\..\Run: [ this.ontop = fa] c:\WINDOWS\System32\ this.ontop = false; O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINDOWS\System32\ this.Init = PUW_Init; O4 - HKLM\..\Run: [ this.Show = PUW_S] c:\WINDOWS\System32\ this.Show = PUW_Show; O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\ this.CheckFrequency = PUW_CheckFrequency; O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart() O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINDOWS\System32\ gPopupWindow.Init(); O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart); O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false; O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false; O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false; O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false; O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System32\A:hover {background: #FFCC00; color: black;} O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\cetec.reg O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [timestamp=servername&Year(now())&Month(now())&Day(now())&Hour(Now())&minute(Now())&second(no] c:\WINDOWS\System32\timestamp=servername&Year(now())&Month(now())&Day(now())&Hour(Now())&minute(Now())&second(now()) O4 - HKCU\..\Run: [] c:\WINDOWS\System32\ O4 - HKCU\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false; O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINDOWS\System32\IEmac = ((document.all)&&(isMac)) ? true : false; O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false; O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System32\ver4 = (NS4 || IE4plus) ? true : false; O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false; O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System32\IE5plus = IE5 || IE6; O4 - HKCU\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0; O4 - HKCU\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus) O4 - HKCU\..\Run: [ IEMajor = p****Int(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\ IEMajor = p****Int(navigator.appVersion.substring(start+5,end)); O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions) O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array(); O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f) O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload; O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f; O4 - HKCU\..\Run: [ else if (window.onl] c:\WINDOWS\System32\ else if (window.onload) O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINDOWS\System32\ if (window.onload != SafeOnload) O4 - HKCU\..\Run: [ gSafeOnload[0] = window.onl] c:\WINDOWS\System32\ gSafeOnload[0] = window.onload; O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload; O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ else O4 - HKCU\..\Run: [ window.onload ] c:\WINDOWS\System32\ window.onload = f; O4 - HKCU\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload() O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i](); O4 - HKCU\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn) O4 - HKCU\..\Run: [ var checknum = p****Int(num] c:\WINDOWS\System32\ var checknum = p****Int(numIn); O4 - HKCU\..\Run: [ return !isNaN(checkn] c:\WINDOWS\System32\ return !isNaN(checknum); O4 - HKCU\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init() O4 - HKCU\..\Run: [ if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System32\ if (gPopupWindow.CheckFrequency()) O4 - HKCU\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show() O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\ var newWin = window.open(this.url,this.name,settings); O4 - HKCU\..\Run: [ if (! this.on] c:\WINDOWS\System32\ if (! this.ontop) O4 - HKCU\..\Run: [ window.focu] c:\WINDOWS\System32\ window.focus(); O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency() O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINDOWS\System32\ var shouldShow = this.frequency != 0; O4 - HKCU\..\Run: [ var allCookies = document.coo] c:\WINDOWS\System32\ var allCookies = document.cookie; O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINDOWS\System32\ end = allCookies.length; O4 - HKCU\..\Run: [ var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System32\ var freqStr = allCookies.substring(start+9,end); O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINDOWS\System32\ if (isInt(freqStr)) O4 - HKCU\..\Run: [ this.frequency = p****Int(freqS] c:\WINDOWS\System32\ this.frequency = p****Int(freqStr); O4 - HKCU\..\Run: [ this.frequenc] c:\WINDOWS\System32\ this.frequency--; O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ else O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINDOWS\System32\ shouldShow = false; O4 - HKCU\..\Run: [ var exp = new Dat] c:\WINDOWS\System32\ var exp = new Date(); O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\ exp.setTime(exp.getTime()+this.renew*60*6000); O4 - HKCU\..\Run: [ return shouldS] c:\WINDOWS\System32\ return shouldShow; O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height) O4 - HKCU\..\Run: [ this.width = wi] c:\WINDOWS\System32\ this.width = width; O4 - HKCU\..\Run: [ this.height = hei] c:\WINDOWS\System32\ this.height = height; O4 - HKCU\..\Run: [ this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System32\ this.top = screen.availHeight/2 - height/2; // center O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\ this.left = screen.availWidth/2 - width/2; // center O4 - HKCU\..\Run: [ this.url = ] c:\WINDOWS\System32\ this.url = url; O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINDOWS\System32\ this.showDelay = 2000; O4 - HKCU\..\Run: [ this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System32\ this.frequency = 1; // how many times show per renewal time period O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\ this.renew = 1; // renew showing every x hours O4 - HKCU\..\Run: [ this.scrollbars= fa] c:\WINDOWS\System32\ this.scrollbars= false; O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINDOWS\System32\ this.toolbar= false; O4 - HKCU\..\Run: [ this.statusbar= fa] c:\WINDOWS\System32\ this.statusbar= false; O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINDOWS\System32\ this.resizable = false; O4 - HKCU\..\Run: [ this.locationbar = fa] c:\WINDOWS\System32\ this.locationbar = false; O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINDOWS\System32\ this.menubar = false; O4 - HKCU\..\Run: [ this.ontop = fa] c:\WINDOWS\System32\ this.ontop = false; O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINDOWS\System32\ this.Init = PUW_Init; O4 - HKCU\..\Run: [ this.Show = PUW_S] c:\WINDOWS\System32\ this.Show = PUW_Show; O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\ this.CheckFrequency = PUW_CheckFrequency; O4 - HKCU\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart() O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINDOWS\System32\ gPopupWindow.Init(); O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart); O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false; O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false; O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false; O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false; O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System32\A:hover {background: #FFCC00; color: black;} O4 - Startup: DLHelperEXE.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU) O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU) O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.nugs.net/dev/dlControl.CAB O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab[/code:1:7a84b4fa90]

[anoniem]

[quote:5ea1ff6b74="=Rieske="]Klein logje zeg, zeker wanneer je deze gezien hebt... Doe je die ook ff, pcguy? [code:1:5ea1ff6b74]log[/code:1:5ea1ff6b74][/quote:5ea1ff6b74] kan je zelf. :P

[anoniem]

:o dat ziet er :cry: uit......

[anoniem]

Hé geweldig bedankt! Woensdag ben ik weer op het werk..dan zal ik het nog allemaal nagaan een keer (ad-aware, spybot, etc..) en die dingen 'checken en fixen' Thanx ook namens mijn werkgevers :)

[anoniem]

[quote:8778a8efe6="taco78"]:o dat ziet er :cry: uit......[/quote:8778a8efe6] idd dan ziet dat log van mij er nog best ok uit :D sterkte ermee