anoniem Geplaatst: 19 februari 2005 Delen Geplaatst: 19 februari 2005 Problemen! lees hier dat een hijacklog nodig is om het op te kunnen lossen... wie kan me AUB helpen? Logfile of HijackThis v1.98.2 Scan saved at 9:26:49, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {2F801A68-246D-11D9-AC07-0020F8C577EE} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {D38B2F81-8202-11D9-AC07-0020E584E4C7} - C:\WINDOWS\SYSTEM\LOFF.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\RunServices: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O18 - Filter: text/html - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL O18 - Filter: text/plain - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 wanneer ik nu internet opstart krijg ik: res://msn.dll/index wanneer ik naar start ga en uitvoeren doe. regedit /e C:\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" intik gebeurt er niets. regkey.txt is gevonden en inhoud is: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "Taakcontrole"="C:\\WINDOWS\\taskmon.exe" "SystemTray"="SysTray.exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "NPROTECT"="E:\\Program Files\\Norton Utilities\\Nprotect.exe" "AcctMgr"="E:\\Program Files\\Password Manager\\AcctMgr.exe /startup" "Matrox Control Center"="C:\\Program Files\\Matrox MGA PowerDesk\\mgactrl.exe" "Matrox Color Control"="C:\\Program Files\\Matrox MGA PowerDesk\\Color\\hgcctl95.exe" "Matrox Diagnostic"="C:\\Program Files\\Matrox MGA PowerDesk\\diag\\mgadiag.exe -s" "WinampAgent"="E:\\Program Files\\Winamp\\winampa.exe" "QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime" "LoadQM"="loadqm.exe" "EzAudioTray"="C:\\WINDOWS\\EZAUDIO.EXE TRAYAPP" "block buster"="C:\\WINDOWS\\All Users\\Desktop" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Maak een nieuwe hijackthislog en post deze. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Logfile of HijackThis v1.99.1 Scan saved at 16:31:49, on 20-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\MSSYS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://msn.dll/msn R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msn.dll/index R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msn.dll/index R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/msn R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msn.dll/msn R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msn.dll/index R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://msn.dll/msn R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://msn.dll/msn R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\RunOnce: [MS Guard] C:\WINDOWS\SYSTEM\MSSYS.EXE 320 O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\NTOSV.DLL Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Laadt C:\WINDOWS\SYSTEM\MSSYS.EXE scannen op jotti: http://virusscan.jotti.org/ Meldt het resultaat. DOwnload en installeer Ad-Aware SE: http://users.telenet.be/marcvn/spyware/1414188.htm Laat het programamma nog niet scannen. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:dea9885f8d] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://msn.dll/msn R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msn.dll/index R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msn.dll/index R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/msn R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msn.dll/msn R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msn.dll/index R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://msn.dll/msn R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://msn.dll/msn R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKCU\..\RunOnce: [MS Guard] C:\WINDOWS\SYSTEM\MSSYS.EXE 320 O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\NTOSV.DLL [/b:dea9885f8d] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\System32\NTOSV.DLL Start Ad-Aware SE en laat je volledige systeem scannen. Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Voorgaande post even geëdit. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 resultaat van Jotti: (rest wordt nu uitgevoerd) Service load: 0% 100% File: mssys.exe Status: INFECTED/MALWARE Packers detected: ASPACK AntiVir No viruses found (0.43 seconds taken) Avast No viruses found (1.53 seconds taken) AVG Antivirus No viruses found (0.51 seconds taken) BitDefender No viruses found (0.55 seconds taken) ClamAV No viruses found (0.62 seconds taken) Dr.Web No viruses found (0.95 seconds taken) F-Prot Antivirus No viruses found (0.74 seconds taken) Fortinet No viruses found (0.43 seconds taken) Kaspersky Anti-Virus Trojan-Downloader.Win32.Delf.au (1.02 seconds taken) mks_vir No viruses found (0.49 seconds taken) NOD32 No viruses found (4.81 seconds taken) Norman Virus Control No viruses found (12.80 seconds taken) Last piece of malware found was W32/DLoader.AVN in command.exe, detected by: Scanner Malware name Time taken AntiVir TR/Drop.Delf.EV.2 0.36 seconds Avast Win32:Trojan-gen. {Other} 1.50 seconds AVG Antivirus Dropper.Delf.4.G 0.40 seconds BitDefender Trojan.Dropper.Delf.EV 0.46 seconds ClamAV Trojan.Delf-12 0.69 seconds Dr.Web Trojan.MulDrop.1232 0.86 seconds F-Prot Antivirus X 0.44 seconds Fortinet X 0.38 seconds Kaspersky Anti-Virus Trojan-Dropper.Win32.Delf.ev 0.99 seconds mks_vir Trojan.Dropper.Delf.Ev 0.21 seconds NOD32 X 0.54 seconds Norman Virus Control W32/DLoader.AVN 0.19 seconds Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Verwijder ook: C:\WINDOWS\SYSTEM\MSSYS.EXE <--dit bestand. Maak nadien je prullenbak leeg. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 windows\system32\ntosv.dll kon NIET verwijderd worden omdat het in gebruk is bij windows. Mssys.exe is verwijderd Ad-Aware is doorlopen en aantal dingen zijn veranderd. hier mijn log Logfile of HijackThis v1.99.1 Scan saved at 17:30:13, on 20-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Start Hijackthis. Ga naar Config - Misc Tools - Kies "delete a file on reboot". Laat dit bestand verwijderen: C:\WINDOWS\System32\NTOSV.DLL Herstart de computer. Nog problemen? Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 voor zover ik merk geen problemen. Hopelijk is het nu opgelost! Dat zou super zijn want vind het echt belabberd! Vind het ook raar trouwens dat norton het niet herkend. Ik heb inmiddels mijn bureaublad volstaan met dingen: fix, appinit, cc.c, uu.u, 3.dat 2.dat 4.dat, wat kladblokbestanden runinfo enzo. wat kan ik verwijderen en wat niet? nieuwe log: Logfile of HijackThis v1.99.1 Scan saved at 18:44:53, on 20-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {4CCDBB38-836F-11D9-AC07-002090217C2C} - C:\WINDOWS\SYSTEM\ADMBC.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O18 - Filter: text/html - {4CCDBB37-836F-11D9-AC07-0020E1BEE85E} - C:\WINDOWS\SYSTEM\ADMBC.DLL O18 - Filter: text/plain - {4CCDBB37-836F-11D9-AC07-0020E1BEE85E} - C:\WINDOWS\SYSTEM\ADMBC.DLL Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 grmpf! kreeg net weer een vage pop-up Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Download Startdreck: http://www.niksoft.at/php/dl.php?f=startdreck.zip Dubbelklik op 'StartDreck.exe' Klik op config. Klik op Unmark all. Selecteer alleen de volgende: Registry->run keys en System/drivers> Running processes Klik >ok. Er wordt een logje gemaakt. Post de inhoud van dit logje ook. Maak een nieuwe Hijackthislog en post deze ook. Gooi de bestanden die je niet bekend voorkomen maar weg op je buroblad. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 ehm dat logje van stardreck hoe kan ik dat hier plaatsen kan het namelijk niet copieren en pasten... kan het wel saven maar dat wordt een .log bestand en die kan ik niet openen Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Openen met kladblok zou moeten lukken. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Stardreck: StartDreck (build 2.1.7 public stable) - 2005-02-20 @ 19:12:49 (GMT +01:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2800.1106 Logged in as johan at JOHAN »Registry »Run Keys »Current User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Default User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Local Machine »Run *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun *Taakcontrole=C:\WINDOWS\taskmon.exe *SystemTray=SysTray.exe *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *AcctMgr=E:\Program Files\Password Manager\AcctMgr.exe /startup *Matrox Control Center=C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe *Matrox Color Control=C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe *Matrox Diagnostic=C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s *WinampAgent=E:\Program Files\Winamp\winampa.exe *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime *LoadQM=loadqm.exe *EzAudioTray=C:\WINDOWS\EZAUDIO.EXE TRAYAPP *sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall +OptionalComponents +IMAIL *Installed=1 +MAPI *NoChange=1 *Installed=1 +MAPI *NoChange=1 *Installed=1 »RunOnce »RunServices *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *SchedulingAgent=mstask.exe *SymTray - Norton SystemWorks=C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *CSINJECT.EXE=E:\Program Files\Norton CleanSweep\csinject.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" »RunServicesOnce **ygfh=rundll32 C:\WINDOWS\FAI.CPE,DllGetClassObject »RunOnceEx »RunServicesOnceEx »Files »System/Drivers »Running Processes +FFCFA84B=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFFFCDB=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFFEB6B=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFFCB9B=C:\WINDOWS\SYSTEM\mmtask.tsk +FFF073E3=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFF06E77=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE +FFF04EE3=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE +FFF0B553=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE +FFF0A38F=E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE +FFF0C81F=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE +FFF11567=C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE +FFF176AB=C:\WINDOWS\RUNDLL32.EXE +FFF238C7=C:\WINDOWS\EXPLORER.EXE +FFF3F327=C:\WINDOWS\TASKMON.EXE +FFF20FFB=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFF1B197=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE +FFF3CF6F=E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE +FFF41373=C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE +FFF459A3=C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE +FFF40FB3=E:\PROGRAM FILES\WINAMP\WINAMPA.EXE +FFF460F3=C:\WINDOWS\SYSTEM\QTTASK.EXE +FFF461E7=C:\WINDOWS\LOADQM.EXE +FFF3E9FB=C:\WINDOWS\EZAUDIO.EXE +FFF1C503=C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE +FFF5F197=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE +FFF52C1B=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE +FFF61E67=E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe +FFF52307=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE +FFF4D4D7=C:\WINDOWS\SYSTEM\WMIEXE.EXE +FFC94AEB=C:\WINDOWS\RUNDLL32.EXE +FFF4F493=C:\WINDOWS\SYSTEM\DDHELP.EXE +FFCADF77=C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE +F91AD49F=C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE »Application specific Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 19:13:56, on 20-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE C:\WINDOWS\NOTEPAD.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {4CCDBB38-836F-11D9-AC07-002090217C2C} - C:\WINDOWS\SYSTEM\ADMBC.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O18 - Filter: text/html - {4CCDBB37-836F-11D9-AC07-0020E1BEE85E} - C:\WINDOWS\SYSTEM\ADMBC.DLL O18 - Filter: text/plain - {4CCDBB37-836F-11D9-AC07-0020E1BEE85E} - C:\WINDOWS\SYSTEM\ADMBC.DLL Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 DOwnload [url=http://dl1.filehippo.com/mydownload/file/H7SDFKqWEWVsjrzKJ-OwpFmS6976Z1RTPKQMqFFRQWY/ccsetup117.exe]CCleaner[/url] Installeer het , maar gebruik het nog niet. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: fix.reg Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:d35d01d493] REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\New Windows] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [-HKEY_CLASSES_ROOT\CLSID\{4CCDBB38-836F-11D9-AC07-002090217C2C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4CCDBB38-836F-11D9-AC07-002090217C2C}] [-HKEY_CLASSES_ROOT\CLSID\{4CCDBB37-836F-11D9-AC07-0020E1BEE85E}] [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html] [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sp"=- [/code:1:d35d01d493] Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:d35d01d493] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {4CCDBB38-836F-11D9-AC07-002090217C2C} - C:\WINDOWS\SYSTEM\ADMBC.DLL O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O18 - Filter: text/html - {4CCDBB37-836F-11D9-AC07-0020E1BEE85E} - C:\WINDOWS\SYSTEM\ADMBC.DLL O18 - Filter: text/plain - {4CCDBB37-836F-11D9-AC07-0020E1BEE85E} - C:\WINDOWS\SYSTEM\ADMBC.DLL [/b:d35d01d493] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\SYSTEM\ADMBC.DLL Dubbelklik op fix.reg en laat de wijzigingen aan het register toevoegen. Start Ccleaner en klik op de knop "Cleaner opstarten" Wanneer het programma klaar is, herstart je de computer. Mak een nieuwe hijackthislog en post deze. Maak een nieuwe log met Startdreck. Post deze ook. Kijk eens of je het bestand C:\WINDOWS\FAI.CPE kan vinden. Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 ik bekijk het morgen weer... ik MOET nu weg helaas... :S Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 C:\WINDOWS\SYSTEM\ADMBC.DLL en C:\WINDOWS\FAI.CPE waren niet te vinden. de twee logs Logfile of HijackThis v1.99.1 Scan saved at 22:36:15, on 20-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab stardreck StartDreck (build 2.1.7 public stable) - 2005-02-20 @ 22:37:49 (GMT +01:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2800.1106 Logged in as johan at JOHAN »Registry »Run Keys »Current User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Default User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Local Machine »Run *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun *Taakcontrole=C:\WINDOWS\taskmon.exe *SystemTray=SysTray.exe *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *AcctMgr=E:\Program Files\Password Manager\AcctMgr.exe /startup *Matrox Control Center=C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe *Matrox Color Control=C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe *Matrox Diagnostic=C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s *WinampAgent=E:\Program Files\Winamp\winampa.exe *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime *LoadQM=loadqm.exe *EzAudioTray=C:\WINDOWS\EZAUDIO.EXE TRAYAPP +OptionalComponents +IMAIL *Installed=1 +MAPI *NoChange=1 *Installed=1 +MAPI *NoChange=1 *Installed=1 »RunOnce »RunServices *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *SchedulingAgent=mstask.exe *SymTray - Norton SystemWorks=C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *CSINJECT.EXE=E:\Program Files\Norton CleanSweep\csinject.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" »RunServicesOnce **f=rundll32 C:\WINDOWS\FAI.CPE,DllGetClassObject »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="E:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* +.htm *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.html *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.js *JSFile=C:\WINDOWS\WScript.exe "%1" %* +.jse *JSEFile=C:\WINDOWS\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=C:\WINDOWS\NOTEPAD.EXE %1 +.vbs *VBSFile=C:\WINDOWS\WScript.exe "%1" %* +.vbe *VBEFile=C:\WINDOWS\WScript.exe "%1" %* +.wsh *WSHFile=C:\WINDOWS\WScript.exe "%1" %* +.wsf *WSFFile=C:\WINDOWS\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=E:\READER\ACTIVEX\ACROIEHELPER.OCX *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=E:\Program Files\Norton Antivirus\NavShExt.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=E:\Program Files\Spybot - Search & Destroy\SDHelper.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar2.dll »Files »Autostart Folders »Current User *C:\WINDOWS\Start Menu\Programma's\Opstarten\Microsoft Office.lnk *C:\WINDOWS\Start Menu\Programma's\Opstarten\CleanSweep Smart Sweep-Internet Sweep.lnk »Default User *C:\WINDOWS\Start Menu\Programma's\Opstarten\Microsoft Office.lnk *C:\WINDOWS\Start Menu\Programma's\Opstarten\CleanSweep Smart Sweep-Internet Sweep.lnk »Local Machine »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\msdos.sys *C:\config.sys *C:\autoexec.bat *C:\WINDOWS\wininit.bak *C:\WINDOWS\dosstart.bat »System/Drivers »Running Processes +FFCFDAB3=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFF8E23=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFF9993=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFFB963=C:\WINDOWS\SYSTEM\mmtask.tsk +FFF0011B=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFF01D9B=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE +FFF0333F=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE +FFF08B37=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE +FFF0AA3F=E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE +FFF0B46B=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE +FFF1543F=C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE +FFFFB30F=C:\WINDOWS\RUNDLL32.EXE +FFF1DF7F=C:\WINDOWS\EXPLORER.EXE +FFF3054F=C:\WINDOWS\TASKMON.EXE +FFF310FB=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFF3EB8B=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE +FFF39A4B=E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE +FFF1E4CF=C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE +FFF32073=C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE +FFF3D487=E:\PROGRAM FILES\WINAMP\WINAMPA.EXE +FFF471C7=C:\WINDOWS\SYSTEM\QTTASK.EXE +FFF44953=C:\WINDOWS\LOADQM.EXE +FFF39C1B=C:\WINDOWS\EZAUDIO.EXE +FFF31387=C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE +FFF48917=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE +FFF4E433=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE +FFF5789B=C:\WINDOWS\NOTEPAD.EXE +FFF64CB7=C:\WINDOWS\SYSTEM\WMIEXE.EXE +FFF6C38F=E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe +FFF5DB0F=C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE +FFF1B517=C:\WINDOWS\NOTEPAD.EXE +FFF66057=C:\WINDOWS\NOTEPAD.EXE +FFF75B67=C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE »NT Services »Application specific Quote Link naar reactie
0 anoniem Geplaatst: 20 februari 2005 Auteur Delen Geplaatst: 20 februari 2005 Probeer eerst dit: Ga naar de opdrachtprompt vanuit je windows (Dos) Kijk of je in de windows map zit. Is dit niet zo dan tik je in: cd windows druk op enter tik in ren FAI.CPE aaa.old druk op enter Kijk of je het bestand aaa.old kan vinden. Indien niet dan doe je dit: Lees hier hoe je een opstartdiskette maakt: http://www.schoonepc.nl/instal/startdisk.html Als je de opstartdiskette hebt, stop je deze in de a-drive en herstart je de computer. Het kan zijn dat de pc nu start van de diskette. Anders zorg dat je pc eerst start van de a -drive en dan pas van de c-drive of cd rom (is een instelling in je BIOS). Als je opstart via de opstartdiskette krijg je: a: Tik in: c: druk op enter Tik in: cd windows druk op enter Tik in: ren FAI.CPE aaa.old Herstart de computer in windows modus en maak een nieuwe hijackthislog en een nieuwe log met Startdreck. vertel me hoe de situatie nu is. Quote Link naar reactie
0 anoniem Geplaatst: 22 februari 2005 Auteur Delen Geplaatst: 22 februari 2005 Sorry sorry sorry... ik heb nu pas weer tijd. zou iemand het willen vervolgen? Naar aanleiding vanhet laatste bericht van M@rk: kon het in eerste instantie niet vinden dus die diskette aangemaakt en de rest van de stappen doorlopen... Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 20:45:02, on 22-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE C:\WINDOWS\SYSTEM\TWINK64.EXE C:\WINDOWS\SYSTEM\WEB.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE C:\WINDOWS\OPENSTRE.EXE C:\WINDOWS\STROPL.EXE C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE C:\125788.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\INTRON.EXE C:\WINDOWS\SYSTEM\LPT.EXE C:\124488.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {A72470C1-83DB-11D9-AC07-0020F1BFF856} - C:\WINDOWS\VOPJJD.DLL O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\WEB.EXE O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [cmsound] c:\windows\openstre.exe O4 - HKCU\..\Run: [winltmpv] c:\windows\stropl.exe O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\WEB.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O18 - Filter: text/html - {A72470C0-83DB-11D9-AC07-00209EF35DCD} - C:\WINDOWS\VOPJJD.DLL O18 - Filter: text/plain - {A72470C0-83DB-11D9-AC07-00209EF35DCD} - C:\WINDOWS\VOPJJD.DLL Stardreck StartDreck (build 2.1.7 public stable) - 2005-02-22 @ 20:47:06 (GMT +01:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2800.1106 Logged in as johan at JOHAN »Registry »Run Keys »Current User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *cmsound=c:\windows\openstre.exe *winltmpv=c:\windows\stropl.exe *Srv32 spool service=C:\WINDOWS\System\spoolsrv32.exe *Windows Service=C:\WINDOWS\SYSTEM\WEB.EXE *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Default User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *cmsound=c:\windows\openstre.exe *winltmpv=c:\windows\stropl.exe *Srv32 spool service=C:\WINDOWS\System\spoolsrv32.exe *Windows Service=C:\WINDOWS\SYSTEM\WEB.EXE *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Local Machine »Run *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun *Taakcontrole=C:\WINDOWS\taskmon.exe *SystemTray=SysTray.exe *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *AcctMgr=E:\Program Files\Password Manager\AcctMgr.exe /startup *Matrox Control Center=C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe *Matrox Color Control=C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe *Matrox Diagnostic=C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s *WinampAgent=E:\Program Files\Winamp\winampa.exe *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime *LoadQM=loadqm.exe *EzAudioTray=C:\WINDOWS\EZAUDIO.EXE TRAYAPP *Srv32 spool service=C:\WINDOWS\System\spoolsrv32.exe *ControlPanel=C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile *Windows Service=C:\WINDOWS\SYSTEM\WEB.EXE *sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall +OptionalComponents +IMAIL *Installed=1 +MAPI *NoChange=1 *Installed=1 +MAPI *NoChange=1 *Installed=1 »RunOnce »RunServices *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *SchedulingAgent=mstask.exe *SymTray - Norton SystemWorks=C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *CSINJECT.EXE=E:\Program Files\Norton CleanSweep\csinject.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" »RunServicesOnce **u=rundll32 C:\WINDOWS\W98SETBP.BIN,DllGetClassObject »RunOnceEx »RunServicesOnceEx »Files »System/Drivers »Running Processes +FFCFA46D=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFFF0FD=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFFE74D=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFFC7BD=C:\WINDOWS\SYSTEM\mmtask.tsk +FFF07FCD=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFF06259=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE +FFF04DFD=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE +FFF0B915=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE +FFF0AFD1=E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE +FFF0C039=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE +FFF11E3D=C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE +FFF2AF75=C:\WINDOWS\EXPLORER.EXE +FFF31781=C:\WINDOWS\TASKMON.EXE +FFF35D95=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFF3A539=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE +FFF38F71=E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE +FFF3D1E5=C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE +FFF3C3FD=C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE +FFF409A5=E:\PROGRAM FILES\WINAMP\WINAMPA.EXE +FFF32C61=C:\WINDOWS\SYSTEM\QTTASK.EXE +FFF1CF81=C:\WINDOWS\LOADQM.EXE +FFF10BA5=C:\WINDOWS\EZAUDIO.EXE +FFF1AC8D=C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE +FFF1105D=C:\WINDOWS\SYSTEM\TWINK64.EXE +FFF49619=C:\WINDOWS\SYSTEM\WEB.EXE +FFF4882D=C:\WINDOWS\RUNDLL32.EXE +FFF53735=C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE +FFF56BC1=C:\WINDOWS\OPENSTRE.EXE +FFF586C1=C:\WINDOWS\STROPL.EXE +FFFFCCA9=C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE +FFF42CC9=C:\125788.EXE +FFF5C1E9=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE +FFF6EEF1=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE +FFC83479=E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe +FFC8330D=C:\WINDOWS\SYSTEM\WMIEXE.EXE +FFCA2E5D=C:\WINDOWS\RUNDLL32.EXE +FFC9E345=C:\124488.EXE +FFCBAFC1=C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE »Application specific Quote Link naar reactie
Vraag
anoniem
Link naar reactie
Beste reacties voor deze vraag
78
Populaire dagen
19 feb
32
20 feb
28
22 feb
14
23 feb
4
Beste reacties voor deze vraag
anoniem 78 berichten
Populaire dagen
19 feb 2005
32 berichten
20 feb 2005
28 berichten
22 feb 2005
14 berichten
23 feb 2005
4 berichten
77 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen