Spyware hijackthis log

[anoniem]

Problemen! lees hier dat een hijacklog nodig is om het op te kunnen lossen... wie kan me AUB helpen? Logfile of HijackThis v1.98.2 Scan saved at 9:26:49, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {2F801A68-246D-11D9-AC07-0020F8C577EE} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {D38B2F81-8202-11D9-AC07-0020E584E4C7} - C:\WINDOWS\SYSTEM\LOFF.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\RunServices: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O18 - Filter: text/html - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL O18 - Filter: text/plain - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL

[anoniem]

foutje dubbel

[anoniem]

Print deze instructies uit. Volg exact de procdure zoals hier beschreven. Download deze regfile: http://users.telenet.be/marcvn/temp/Lodgerfix.zip Unzip het naar je bureaublad. Gebruik de regfile nog niet Download en installeer Ccleaner: http://www.ccleaner.com/ Gebruik het programma nog niet. Zorg dat je een opstartdiskette hebt. Lees hier hoe je een opstartdiskette kan maken: http://www.schoonepc.nl/instal/startdisk.html Zorg dat alle bestanden weergegeven worden: http://users.pandora.be/marcvn/spyware/1117602.htm . Start de computer in veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm . start hijackthis en laat het de volgende sleutels fixen: [b:0bab3e474e] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {A72470C1-83DB-11D9-AC07-0020F1BFF856} - C:\WINDOWS\VOPJJD.DLL O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\WEB.EXE O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKCU\..\Run: [cmsound] c:\windows\openstre.exe O4 - HKCU\..\Run: [winltmpv] c:\windows\stropl.exe O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\WEB.EXE O18 - Filter: text/html - {A72470C0-83DB-11D9-AC07-00209EF35DCD} - C:\WINDOWS\VOPJJD.DLL O18 - Filter: text/plain - {A72470C0-83DB-11D9-AC07-00209EF35DCD} - C:\WINDOWS\VOPJJD.DLL [/b:0bab3e474e] Verwijder de volgende bestanden: C:\WINDOWS\VOPJJD.DLL C:\WINDOWS\System\spoolsrv32.exe C:\WINDOWS\SYSTEM\twink64.exe c:\windows\openstre.exe c:\windows\stropl.exe C:\WINDOWS\SYSTEM\WEB.EXE C:\125788.EXE C:\124488.EXE Start Ccleaner. ALs CCleaner klaar is, doe je de opstartdiskette in het diskette-station en herstart je de computer. De computer zou nu van de diskette moeten starten. Indien dit niet zo is dan moet je dit wijzigen in het BIOS van de computer. Eénmaal opgestart van de diskette krijg je dan:[b:0bab3e474e]a:\>[/b:0bab3e474e] Tik in: [code:1:0bab3e474e]c:[/code:1:0bab3e474e] druk op enter tik in: [code:1:0bab3e474e]cd windows[/code:1:0bab3e474e] druk op enter [code:1:0bab3e474e]ren W98SETBP.BIN zzz.old[/code:1:0bab3e474e] druk op enter Herstart de computer. (negeer eventuele foutmeldingen) Dubbelklik op Lodgerfix.reg (op je bureaublad) en laat de wijzigingen aan het register toevoegen. Herstart de computer. Maak een nieuwe Hijackthislog en post deze. Maak een nieuwe Startdrecklog en post deze ook. Geef me even wat feedback over wat lukte en wat niet gelukt is.

[anoniem]

helaas is niet alles gelukt. kon wel alles in hijackthis log aanvinken en verwijderen. bestanden vopjjd.dll en 125788.exe kon ik niet vinden bij het uitvoeren van lodgerfix.reg kreeg ik de volgende melding kan c:\windows\desktop\lodger~1.reg niet importeren: het opgegeven bestand is geen registerscript. U kunt alleen registerbestanden importeren Logfile of HijackThis v1.99.1 Scan saved at 21:58:16, on 22-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab StartDreck (build 2.1.7 public stable) - 2005-02-22 @ 21:58:59 (GMT +01:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2800.1106 Logged in as johan at JOHAN »Registry »Run Keys »Current User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Default User »Run *Matrox QuickDesk=C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background »RunOnce »Local Machine »Run *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun *Taakcontrole=C:\WINDOWS\taskmon.exe *SystemTray=SysTray.exe *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *AcctMgr=E:\Program Files\Password Manager\AcctMgr.exe /startup *Matrox Control Center=C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe *Matrox Color Control=C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe *Matrox Diagnostic=C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s *WinampAgent=E:\Program Files\Winamp\winampa.exe *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime *LoadQM=loadqm.exe *EzAudioTray=C:\WINDOWS\EZAUDIO.EXE TRAYAPP +OptionalComponents +IMAIL *Installed=1 +MAPI *NoChange=1 *Installed=1 +MAPI *NoChange=1 *Installed=1 »RunOnce »RunServices *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *SchedulingAgent=mstask.exe *SymTray - Norton SystemWorks=C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" *NPROTECT=E:\Program Files\Norton Utilities\Nprotect.exe *CSINJECT.EXE=E:\Program Files\Norton CleanSweep\csinject.exe *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="E:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* +.htm *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.html *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.js *JSFile=C:\WINDOWS\WScript.exe "%1" %* +.jse *JSEFile=C:\WINDOWS\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=C:\WINDOWS\NOTEPAD.EXE %1 +.vbs *VBSFile=C:\WINDOWS\WScript.exe "%1" %* +.vbe *VBEFile=C:\WINDOWS\WScript.exe "%1" %* +.wsh *WSHFile=C:\WINDOWS\WScript.exe "%1" %* +.wsf *WSFFile=C:\WINDOWS\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=E:\READER\ACTIVEX\ACROIEHELPER.OCX *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=E:\Program Files\Norton Antivirus\NavShExt.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=E:\Program Files\Spybot - Search & Destroy\SDHelper.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar2.dll »Files »Autostart Folders »Current User *C:\WINDOWS\Start Menu\Programma's\Opstarten\Microsoft Office.lnk *C:\WINDOWS\Start Menu\Programma's\Opstarten\CleanSweep Smart Sweep-Internet Sweep.lnk »Default User *C:\WINDOWS\Start Menu\Programma's\Opstarten\Microsoft Office.lnk *C:\WINDOWS\Start Menu\Programma's\Opstarten\CleanSweep Smart Sweep-Internet Sweep.lnk »Local Machine »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\msdos.sys *C:\config.sys *C:\autoexec.bat *C:\WINDOWS\wininit.bak *C:\WINDOWS\dosstart.bat »System/Drivers »Running Processes +FFCFDB6D=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFF8FFD=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFF984D=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFFB8BD=C:\WINDOWS\SYSTEM\mmtask.tsk +FFF000F5=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFF01D41=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE +FFF032E5=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE +FFF0C719=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE +FFF0D1F9=E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE +FFF15EA1=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE +FFF179A9=C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE +FFF2EFDD=C:\WINDOWS\EXPLORER.EXE +FFF30FED=C:\WINDOWS\TASKMON.EXE +FFF31CCD=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFF2E825=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE +FFF3EA05=E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE +FFF30751=C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE +FFF2C1D5=C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE +FFF3BCB5=E:\PROGRAM FILES\WINAMP\WINAMPA.EXE +FFF22571=C:\WINDOWS\SYSTEM\QTTASK.EXE +FFF47EBD=C:\WINDOWS\LOADQM.EXE +FFF40AF1=C:\WINDOWS\EZAUDIO.EXE +FFF41011=C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE +FFF50C5D=E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE +FFF5315D=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE +FFF644BD=E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe +FFF6DC8D=C:\WINDOWS\SYSTEM\WMIEXE.EXE +FFF44B75=C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE +FFF30865=C:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE »NT Services »Application specific

[anoniem]

Ziet er goed uit Lodger. Zijn er nog problemen?

[anoniem]

tot zover niet maar het is natuurlijk nog even afwachten... ik hou je op de hoogte! Let's pray (jazeker in dat stadium ben ik beland :lol: )

[anoniem]

bij het uitvoeren van lodgerfix.reg kreeg ik de volgende melding kan c:\windows\desktop\lodger~1.reg niet importeren: het opgegeven bestand is geen registerscript. U kunt alleen registerbestanden importeren dat geeft niets? want lodger.reg deed het niet

[anoniem]

Raar Lodger. Probeer de regfile even zelf te maken. Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: fix.reg Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:675d107713]REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\New Windows] [-HKEY_CLASSES_ROOT\CLSID\{A72470C1-83DB-11D9-AC07-0020F1BFF856}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A72470C1-83DB-11D9-AC07-0020F1BFF856}] [-HKEY_CLASSES_ROOT\CLSID\{5742F79A-1D91-42c4-990C-B46CF55A6478}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5742F79A-1D91-42c4-990C-B46CF55A6478}] [-HKEY_CLASSES_ROOT\CLSID\{A72470C0-83DB-11D9-AC07-00209EF35DCD}] [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html] [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [/code:1:675d107713] Dubbelklik op fix.reg file en laat de wijzigingen aan het register toevoegen. Kreeg je eerder bij het opstarten een foutmelding?

[anoniem]

ja kreeg wel een foutmelding... nu ik het zelf gedaan heb in het kladblok... is het wel gelukt! ben met norton nu aan het scannen en die is nu bezig en heeft al wel wat gevonden....

[anoniem]

Herstart de computer even en kijk of je de foutmelding nu nog krijgt.

[anoniem]

geen foutmelding meer... ga nogmaals norton antivirus doen want die gaf net aan dat ie wat had gevonden :roll:

[anoniem]

daarnaast is er nog iets vaags... wanneer ik bijvoorbeeld doorlink op een site krijg ik een blanke pagina. Dat krijg ik bijvoorbeeld ook als ik hier nadat mijn bericht klaar is op ok druk hieronder...

[anoniem]

Mooi zo Lodger. Ik denk dat het nu wel weg is. Laat inderdaad best je hele systeem een keer scannen door een geupdate anti-virusprogramma. Misschien ook een keer scannen met Ad-aware SE. Instructies vind je [url=http://users.telenet.be/marcvn/spyware/1414188.htm]hier[/url].

[anoniem]

heeej M@rk.... Goed nieuws geen virussen meer, geen rare pop=ups etc! ik geloof dat je het gefixed hebt! Bedankt man!

[anoniem]

Graag gedaan Lodger. Happy surfing again. :wink:

[anoniem]

[quote:c39ba9643e="Lodger"]bij het uitvoeren van lodgerfix.reg kreeg ik de volgende melding kan c:\windows\desktop\lodger~1.reg niet importeren: het opgegeven bestand is geen registerscript. U kunt alleen registerbestanden importeren[/quote:c39ba9643e][quote:c39ba9643e="M@rc"]Raar Lodger. Probeer de regfile even zelf te maken. Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: fix.reg[/quote:c39ba9643e] [img:c39ba9643e]http://home.hetnet.nl/~stefsmeenk/lodgerfix.gif[/img:c39ba9643e] Ik denk dat bovenstaande afbeelding duidelijk maakt waarom het niet werkte vr.gr.smeenk :wink:

[anoniem]

Blijft raar. Regje werkt hier perfect.

[anoniem]

[quote:e5b98177cd="M@rc"]Blijft raar. Regje werkt hier perfect.[/quote:e5b98177cd]Ook na het unzippen?? Dacht zelf dat het aan het comprimeren lag! vr.gr.smeenk :wink: