Vraag & Antwoord

Beveiliging & privacy

Weer een log

22 antwoorden
  • PcGuy of Rieske zullen het inmiddels wel doorhebben maar ik ben regelmatig bezig om mensen te helpen met hun pc. Zo ook weer deze pc die gewoonweg niets meer doet wat wij willen. Graag jullie input (het is echt een zooi) [code:1:d0b84b4f57] Logfile of HijackThis v1.98.2 Scan saved at 0:14:43, on 23-9-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE D:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\DITASK.EXE C:\PROGRAM FILES\EICON TECHNOLOGY\DIVA MANAGEMENT SYSTEM\WATCH.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE C:\WINDOWS\EROTRACKS.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\GSICON.EXE C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\TWINK64.EXE C:\WINDOWS\ADULT_PLAYUT.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\MSLAGENT\MSLAGENT.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\DIINFO.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE D:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE D:\MIJN DOCUMENTEBREASTCOLLARN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jbzdynmzsgcadfligkieho.org/tLjBtE/T_ljvse5iGPLyICyCXYTe6QjssFiG86jxeVM.jsp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?np-hklm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gxjkzhrtuiaku.uk/tLjBtE/T_lhCgyfked30ON8MFJz/VdcR/MBXdqB6JkyVmnXfuajObKn244FBsNU0.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com O1 - Hosts: 217.116.231.7 aimtoday.aol.com O1 - Hosts: 217.116.231.7 aimtoday.aol.com O1 - Hosts: 217.116.231.7 aimtoday.aol.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\LBBHO.DLL O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL O2 - BHO: (no name) - {6D943E2C-EF6E-59E4-D1FE-DE51A86483D5} - C:\PROGRAM FILES\DELETEPILE\BROWSE JOY.EXE O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\WINDOWS\TEMP\msntb.dll O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [DiTask] "C:\WINDOWS\ditask.exe" O4 - HKLM\..\Run: [EICONCARD_DAEMON] "C:\Program Files\Eicon Technology\DIVA Management System\WATCH.EXE" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [QD FastAndSafe] D:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup O4 - HKLM\..\Run: [Erotracks] C:\WINDOWS\Erotracks.exe /quiet O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [Atom stop] C:\PROGRA~1\GRIDTO~1\idlecreative.exe O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Plus program bias spam] C:\WINDOWS\Application Data\Globalaceplusprogram\The Cash.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [ADULT_PLAYUT] C:\WINDOWS\ADULT_PLAYUT.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [GoBack Polling Service] D:\Program Files\Roxio\GoBack\GBPoll.exe O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE O4 - HKLM\..\RunServices: [GhostStartService] D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [NC Scheduler] C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE /Hide O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O4 - Startup: GoBack.lnk = D:\Program Files\Roxio\GoBack\GBTray.exe O4 - Startup: Norton System Doctor.lnk = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\UNWISE.EXE O4 - Startup: FlashTalk.lnk = C:\Program Files\Norton Internet Security\IAMSTATS.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://members.aol.com/mo92674/cam.cab O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://paradise.s-x.nl/exe/paradise/adultonlynl.exe O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://dialer.midhold.nl/31/erotracks/erotracks_plugin.exe O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.131/dl/dmitriy/x.chm::/load.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.008i.com//x//f//96676/msits.exe O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB O21 - SSODL: System - {CE614E21-4FFE-4E84-98BB-1628017F6129} - C:\WINDOWS\system32\system32.dll [/code:1:d0b84b4f57]
  • Je hebt gelijk het is een echte zooi! Misschien is het handig als jij een en ander doet zodat een lijst wat korter wordt. 1- Verwijder MSN Plus. Je kan het later opnieuw instaleren maar..adviseer mensen om tijdens installatie toch 1 en ander te lezen. Bijv. bij MSN Plus om te kiezen voor een installatie ZONDER sponsors. 2- Download : CWShredder, AdAware, Spybot, Spywareguard en SpywareBlaster. Poets de PC op met CWShredder, vervolgens instaleer overige 4 programma’s, [u:9308c78a37]update deze en laat Spybot en AdAware de “rommel” weghalen.[/u:9308c78a37]3- Als je dat hebt gedaan, plaats dan een nieuwe Hijack Log, dan ziet het anders uit.
  • na het verwijderen van imesh/client/unwise.exe start outlook niet meer?
  • [code:1:947c01bb14] Logfile of HijackThis v1.98.2 Scan saved at 14:29:40, on 23-9-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE D:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\DITASK.EXE C:\PROGRAM FILES\EICON TECHNOLOGY\DIVA MANAGEMENT SYSTEM\WATCH.EXE C:\WINDOWS\LOADQM.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\GSICON.EXE C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\TWINK64.EXE C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DIINFO.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE D:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE C:\WINDOWS\EXPLORER.EXE D:\MIJN DOCUMENTEBREASTCOLLARN\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.searchwords.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\WINDOWS\TEMP\msntb.dll O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [DiTask] "C:\WINDOWS\ditask.exe" O4 - HKLM\..\Run: [EICONCARD_DAEMON] "C:\Program Files\Eicon Technology\DIVA Management System\WATCH.EXE" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [QD FastAndSafe] D:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [GoBack Polling Service] D:\Program Files\Roxio\GoBack\GBPoll.exe O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE O4 - HKLM\..\RunServices: [GhostStartService] D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE O4 - HKCU\..\Run: [NC Scheduler] C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE /Hide O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O4 - Startup: GoBack.lnk = D:\Program Files\Roxio\GoBack\GBTray.exe O4 - Startup: Norton System Doctor.lnk = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\UNWISE.EXE O4 - Startup: FlashTalk.lnk = C:\Program Files\Norton Internet Security\IAMSTATS.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab [/code:1:947c01bb14]
  • ben bezig
  • gelukkig, Ik zie er zelf ook een aantal maar als ik die weghaal dan start outlook niet meer hij geeft dan aan dat outlook geen toegang heeft tot outlook.pst dus maar GO-back gebruikt :oops:
  • Het is hier blijkbaar al norton-symantectoestanden wat de klok slaat op deze pc... die moet serieus aan het geheugen vreten.. maar soit.. doe eerst even een online antivirusscan die verschillend is met degene van symantec: Kijk eens op volgende link. http://www.lobika.be/Virus/onlinescanners.htm Persoonlijk raad ik bitdefender en housecall aan. ;-) Post daarna een nieuw logje.
  • dat norton regel ik later wel.. virusscanners gaven niets aan. SpybotSD en add-aware hebben al meer dan 300 dingen gevonden en gefixt, die geven nu niets meer aan. alleen dat imesh kan ik nergens vinden... ik zie ook wel de erotracks en zo maar hoe krijg ik dat echt weg
  • Deinstaleer eerst imesh in software in configscherm, In taakbeheer kill je deze processen indien draaiend: [list:c0879ab299][b:c0879ab299]twink64.exe P2P NETWORKING.EXE[/b:c0879ab299][/list:u:c0879ab299] Sluit alle vensters en run hijackthis opnieuw, fix deze: [list:c0879ab299][b:c0879ab299]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.searchwords.com/ R3 - Default URLSearchHook is missing O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\WINDOWS\TEMP\msntb.dll O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing) O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -[/b:c0879ab299][/list:u:c0879ab299] Herstart in safe mode en laat alle bestanden weergeven, verwijder deze indien aanwezig: [list:c0879ab299][b:c0879ab299]C:\PROGRAM FILES\MYWAY <--- deze file C:\WINDOWS\TEMP <--- leeg deze map C:\WINDOWS\SYSTEM\P2P NETWORKING <--- deze map C:\WINDOWS\SYSTEM\twink64.exe <--- deze file internat.dll <--- deze file (waarschijnlijk in c:\windows of c:\windows\system32) p2esocks_1020.dll <--- deze file waarschijnlijk in c:\windows of c:\windows system32)[/b:c0879ab299][/list:u:c0879ab299] herstart en post een nieuw logje, Je hebt trouwens wel een lading aan norton, gooi dat er eens af dan ben je van de meeste ellende verlost,
  • Ik zal op je vertrouwen pcguy maar ik zogoed als hetzelfde gedaan en toen gaf hij die bovenstaande foutmelding bij outlook.
  • Sorry voor het onderbreken Guy, maar er zit meer troep (adware/spyware/trojans) op de pc die je aangegeven hebt.. dus daarom deze aanvulling ;-) fixen in hijackthis: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jbzdynmzsgcadfligkieho.org/tLjBtE/T_ljvse5iGPLyICyCXYTe6QjssFiG86jxeVM.jsp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?np-hklm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gxjkzhrtuiaku.uk/tLjBtE/T_lhCgyfked30ON8MFJz/VdcR/MBXdqB6JkyVmnXfuajObKn244FBsNU0.asp R3 - Default URLSearchHook is missing O1 - Hosts: 217.116.231.7 aimtoday.aol.com O1 - Hosts: 217.116.231.7 aimtoday.aol.com O1 - Hosts: 217.116.231.7 aimtoday.aol.com O1 - Hosts: 217.116.231.7 aimtoday.aol.com O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\LBBHO.DLL O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL O2 - BHO: (no name) - {6D943E2C-EF6E-59E4-D1FE-DE51A86483D5} - C:\PROGRAM FILES\DELETEPILE\BROWSE JOY.EXE O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL O4 - HKLM\..\Run: [Erotracks] C:\WINDOWS\Erotracks.exe /quiet O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [Atom stop] C:\PROGRA~1\GRIDTO~1\idlecreative.exe O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE O4 - HKLM\..\Run: [Plus program bias spam] C:\WINDOWS\Application Data\Globalaceplusprogram\The Cash.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [ADULT_PLAYUT] C:\WINDOWS\ADULT_PLAYUT.EXE O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://members.aol.com/mo92674/cam.cab O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://paradise.s-x.nl/exe/paradise/adultonlynl.exe O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://dialer.midhold.nl/31/erotracks/erotracks_plugin.exe O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.131/dl/dmitriy/x.chm::/load.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.008i.com//x//f//96676/msits.exe O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB O21 - SSODL: System - {CE614E21-4FFE-4E84-98BB-1628017F6129} - C:\WINDOWS\system32\system32.dll Daarna pc opstarten in veilige mode en volgende manueel verwijderen: C:\WINDOWS\LBBHO.DLL C:\WINDOWS\SYSTEM\WINNB42.DLL C:\PROGRAM FILES\DELETEPILE\ <== deze map C:\PROGRAM FILES\MYWAY\ <== deze map C:\WINDOWS\Erotracks.exe C:\WINDOWS\SYSTEM\P2P NETWORKING <== deze map C:\PROGRAm files\GRIDTO~1 <==deze map C:\WINDOWS\SYSTEM\A.EXE C:\WINDOWS\Application Data\Globalaceplusprogram\ <==deze map C:\WINDOWS\ADULT_PLAYUT.EXE C:\Program Files\ClockSync <==deze map C:\Program Files\Forbes\ <==deze map C:\WINDOWS\mslagent\MSLAGENT.EXE C:\WINDOWS\system32\system32.dll kijk ook eens of C:\windows\secure.html aanwezig is en verwijder die ook. Succes. ;-)
  • Miekiemoes, volgens mij kijk je naar de 1e log ipv naar de 2e?
  • ow ja.. is juist.. hahaha.. thx. :oops: Dus ja, hetgeen je nog vindt in hijackthis en op je pc fixen.. :D
  • @miekemoes die oplossingen van jou gaan over mijn 1ste log toch? ik kan in de 2e die o.a. c:\windows\system\a.exe niet meer vinden
  • ja idd sander.. had de tweede log nl. niet gezien.. Kmoet dringend een bril kopen dus... :D
  • en het log weer [code:1:aeef6c40ea] Logfile of HijackThis v1.98.2 Scan saved at 17:35:53, on 23-9-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE D:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\DITASK.EXE C:\PROGRAM FILES\EICON TECHNOLOGY\DIVA MANAGEMENT SYSTEM\WATCH.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\GSICON.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE C:\WINDOWS\SYSTEM\DIINFO.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE D:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE D:\MIJN DOCUMENTEBREASTCOLLARN\HIJACKTHIS.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [DiTask] "C:\WINDOWS\ditask.exe" O4 - HKLM\..\Run: [EICONCARD_DAEMON] "C:\Program Files\Eicon Technology\DIVA Management System\WATCH.EXE" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [QD FastAndSafe] D:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [GoBack Polling Service] D:\Program Files\Roxio\GoBack\GBPoll.exe O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE O4 - HKLM\..\RunServices: [GhostStartService] D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE O4 - HKCU\..\Run: [NC Scheduler] C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE /Hide O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O4 - Startup: GoBack.lnk = D:\Program Files\Roxio\GoBack\GBTray.exe O4 - Startup: Norton System Doctor.lnk = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O4 - Startup: FlashTalk.lnk = C:\Program Files\Norton Internet Security\IAMSTATS.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab [/code:1:aeef6c40ea] edit: de pc blijft om een verbinding vragen bij het opstarten..
  • deze is ook nog gerelateerd met adware: O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe verwijder daarna: C:\Program Files\Forbes\<==deze map welke melding krijg je juist bij het opstarten?
  • Gewoon zo'n venstertje met de inbelverbinding. er is dus iets wat verbinding wil maken met internet. alleen ik kan er niet achter komen wat edit Deze zijn veilig? O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe en al die 012 en 016??
  • Volg de raad van Miekiemoes op en doe een online scan bij bitdefender: http://www.bitdefender.com/scan/licence.php Herstart en post een nieuwe log,
  • gsicon.exe is de ADSL modem monitor van Eicon Networks. Is eigenlijk niet echt noodzakelijk, het geeft enkel maar info wat betreft je connectie. Nu ja, je hoeft het niet te verwijderen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.