Vraag & Antwoord

Beveiliging & privacy

opstartproblemen !!

19 antwoorden
  • :-? Bij het opstarten krijg ik steeds een aantal vensters van Sygate Firewall met vragen over het toelaten van enkele programmabestanden: * tsl.exe * ts.exe * xkaorh.exe Ik geef nu steeds het commando "not allowed", omdat ik in de loop van vandaag fikse opstartproblemen heb gehad en ook problemen met het internet. Dat laatste is nu wel deels verholpen d.w.z. normale verbindingssnelheid. Ik zal de logfile toevoegen. Logfile of HijackThis v1.97.7 Scan saved at 17:34:07, on 4-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE C:\XKAORH.EXE C:\PROGRAM FILES\180SOLUTIONS\SAIS.EXE C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSLAVE.EXE C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE C:\MY DOWNLOADS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows AdService] C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE O4 - HKLM\..\Run: [4KirB] C:\XKAORH.EXE O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" O4 - HKLM\..\Run: [bidijox] C:\WINDOWS\bidijox.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
  • Wat een troep zeg :o Download eerst de nieuwste versie van hijackthis: http://computercops.biz/downloads-file-328.html Post dan opnieuw een log. Het kan overigens ook geen kwaad op eerst Ad Aware en Spybot te draaien. Voor downloadlinks verwijs ik je naar de spywareFAQ
  • Logfile of HijackThis v1.97.7 Scan saved at 20:59:26, on 4-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE C:\XKAORH.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSLAVE.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSL2.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE C:\MY DOWNLOADS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows AdService] C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE O4 - HKLM\..\Run: [4KirB] C:\XKAORH.EXE O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
  • Logfile of HijackThis v1.98.2 Scan saved at 21:22:54, on 4-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE C:\XKAORH.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSLAVE.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSL2.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ED3KDORU\HIJACKTHIS[1].EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows AdService] C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE O4 - HKLM\..\Run: [4KirB] C:\XKAORH.EXE O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1" O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O21 - SSODL: systemie - {A1BBD640-32DE-11D8-821E-0000C5C100BD} - sysie.dll (file missing)
  • Versie 1.97.7 van Hijack This is niet de nieuwste ;) download de nieuwste [url=http://ftp.officefive.org.uk/sites/www.spywareinfo.com/~merijn/files/hijackthis.zip][b:68fb920a97]hier[/b:68fb920a97][/url] gebruik die ff en post je log weer.
  • Voor we gaan werken met HijackThis doe je best eerst het volgende: Sla HijackThis op in een eigen map, bijvoorbeeld c:\hijackthis. Verplaats hijackthis.exe naar deze map en start het programma vanuit die map. Hijackthis maakt backups in de map waar het opgestart wordt, en je weet nooit of je deze misschien nodig zal hebben. Controleer daarna even of je volgende programma's aanwezig zijn en of je ze kan deïnstalleren: Windows AdService Windows_rebates Uninstall 180 solutions Zijn ze aanwezig en het wil niet lukken dan probeer je dit in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Herstart de computer en plaats een nieuwe log.
  • Ik heb Windows AdService verwijderd (veilige modus). De andere zijn niet aanwezig. Ik geloof, dat ik Uninstall 180 Solutions al eerder verwijderd heb. Logfile of HijackThis v1.98.2 Scan saved at 11:53:27, on 5-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE C:\PROGRAM FILES\COMMON FILES\TSA\TSL2.EXE C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows AdService] C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE O4 - HKLM\..\Run: [4KirB] C:\XKAORH.EXE O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O21 - SSODL: systemie - {A1BBD640-32DE-11D8-821E-0000C5C100BD} - sysie.dll (file missing)
  • Deze heb jezelf in je hosts geplaatst? O1 - Hosts: 64.91.255.87 www.dcsresearch.com C:\XKAORH.EXE <--dit bestand laat je hier even scannen: http://virusscan.jotti.dhs.org/ Meldt het resultaat. (Of ken je dit bestand?) Belangrijk: [url=http://users.pandora.be/marcvn/spyware/1378056.htm]start de computer op in veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:9dbe14fc5d] O4 - HKLM\..\Run: [Windows AdService] C:\PROGRAM FILES\WINDOWS ADSERVICE\WINADSERV.EXE O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab O21 - SSODL: systemie - {A1BBD640-32DE-11D8-821E-0000C5C100BD} - sysie.dll (file missing) [/b:9dbe14fc5d] Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\PROGRAM FILES\WINDOWS ADSERVICE c:\program files\180solutions C:\PROGRAM FILES\WEB_REBATES C:\PROGRAM FILES\COMMON FILES\TSA Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • allereerst xkaorh.exe gescand. Resultaat: 0 bytes; it's likely a firewall or a piece of malware is prohibiting you from uploading this file. Wat bedoel je met de vraag over www.dcsresearch.com ? gerard
  • Logfile of HijackThis v1.98.2 Scan saved at 22:21:44, on 5-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\HIJACKTHIS\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [4KirB] C:\XKAORH.EXE O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  • [quote:6ad18f4ba8="G. Ebisch"]allereerst xkaorh.exe gescand. Resultaat: 0 bytes; it's likely a firewall or a piece of malware is prohibiting you from uploading this file. Wat bedoel je met de vraag over www.dcsresearch.com ? gerard[/quote:6ad18f4ba8]Je hebt de file niet gescand Gerard. Kan je nog even proberen?
  • no virus were found
  • Moet ik nog aan het werk met mijn logfile ? Of is alles nu opgelost ? Ik heb zelf het gevoel van niet. Moet bijvoorbeeld c:\xkaorh.ece verwijderd worden ? :( gerard
  • Moet ik nog aan het werk met mijn logfile ? Of is alles nu opgelost ? Ik heb zelf het gevoel van niet. Moet bijvoorbeeld c:\xkaorh.exe verwijderd worden ? :( gerard
  • Als je het niet herkend zou ik het toch laten fixen: Start de computer in veilige modus en laat deze fixen: [b:1fdd9316df] O4 - HKLM\..\Run: [4KirB] C:\XKAORH.EXE O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe" [/b:1fdd9316df] Verwijder C:\PROGRAM FILES\WEB_REBATES <--deze map. Reboot. Post een nieuwe log.
  • Ik heb gedaan wat je zei: Logfile of HijackThis v1.98.2 Scan saved at 16:42:20, on 6-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\EXPLORER.EXE C:\HIJACKTHIS\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O1 - Hosts: 64.91.255.87 www.dcsresearch.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab Het gaat al een stuk sneller, ofschoon ik het gevoel heb dat er nog een hoop rotzooi tussen zit. gerard
  • Er worden nogal wat programma's meegeladen als windows start. de volgende regels zou ik ook nog uitschakelen: O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE verder kan deze ook weg: O1 - Hosts: 64.91.255.87 www.dcsresearch.com twijvelgevalletjes: O4 - Startup: Time Zones for PCs.lnk = C:\WINDOWS\HWINFO.EXE O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
  • Logfile of HijackThis v1.98.2 Scan saved at 20:56:59, on 6-12-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\HIJACKTHIS\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wallflowers.com/bboard/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wallflowers.com/bboard/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [PC Booster] C:\PROGRAM FILES\PC BOOSTER\PCBOOSTER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [ITIC SpamFilter] C:\PROGRAM FILES\ITIC SPAMFILTER\SPAMFILTER.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab Hoe kan ik er voor zorgen dat niet zoveel programma's worden meegeladen als windows start ? Alvast bedankt ! :D
  • Toch mijn bedenkingen Over dit item: O1 - Hosts: 64.91.255.87 www.dcsresearch.com Als je TDS-3 gebruikt heeft deze nog wel degelijk zijn nut. Dit item zou ik niet laten fixen: O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash Bij deze is de keuze aan de gebruiker O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Het is niet echt nodig dat ze mee op starten maar ze zijn ook niet spyware-related.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.