Vraag & Antwoord

Beveiliging & privacy

Spyware hijackthis log

77 antwoorden
  • Ik zie dat hijackthis.exe nog in je temp-map staat. Dit is geen goede plaats aangezien hijackthis backups maakt en die backups kunnen verwijderd worden zolang die in je tempmap blijven staan. Maak daarvoor een permanente map aan: Ga naar Deze Computer > C > Program Files. Klik op Bestand > Nieuw > Map. Noem deze map HijackThis. Plaats nu de HijackThis.exe in die map. Download en installeer CCleaner: http://www.ccleaner.com Nog niet gebruiken voor de rest!! Start HijackThis en verwijder de volgende items: [b:4b241068c6] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {2F801A68-246D-11D9-AC07-0020F8C577EE} - (no file) O2 - BHO: (no name) - {D38B2F81-8202-11D9-AC07-0020E584E4C7} - C:\WINDOWS\SYSTEM\LOFF.DLL O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O18 - Filter: text/html - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL O18 - Filter: text/plain - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL [/b:4b241068c6] Als je dit gedaan hebt [url=http://users.pandora.be/marcvn/spyware/1378056.htm]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\WINDOWS\SYSTEM\[b:4b241068c6]LOFF.DLL[/b:4b241068c6] <== dit bestand C:\WINDOWS\TEMP\[b:4b241068c6]SE.DLL[/b:4b241068c6] <== dit bestand Start CCleaner en druk op de knop opschonen, als CCleaner klaar is herstart je de computer en maak je een nieuw Hijacklog en plaats dat in je volgende bericht. Zorg dat je volgende HijackThislog met 1.99.1 gemaakt is: http://www.merijn.org/files/hijackthis.zip
  • Bedankt voor je tips... hierbij mijn nieuwe logfile Logfile of HijackThis v1.99.1 Scan saved at 15:19:17, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE E:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
  • Deze mag je nog verwijderen: O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall En kijk even of deze weg is op je computer: C:\WINDOWS\TEMP\SE.DLL Zoniet ook weggooien.
  • Het bovenste is nu ook verwijderd. het bestand in windows/temp stond er niet... dit is mijn nieuwe logfile... hopelijk is alle snu ok? Logfile of HijackThis v1.99.1 Scan saved at 15:41:31, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE E:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
  • Alles ziet er weer goed uit.
  • super dank!
  • Graag gedaan.
  • Kreeg toch weer rare dingen... nogmaals mijn log Logfile of HijackThis v1.99.1 Scan saved at 18:13:21, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\LOADCLEAN.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\NRHELPH.EXE C:\WINDOWS\OPENSTRE.EXE C:\WINDOWS\STROPL.EXE C:\WINDOWS\STARLEST.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {8D821B81-82A1-11D9-AC07-00203AED103D} - C:\WINDOWS\SYSTEM\BEOF.DLL O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [cmsound] c:\windows\openstre.exe O4 - HKCU\..\Run: [winltmpv] c:\windows\stropl.exe O4 - HKCU\..\RunOnce: [Shockwave 10] "C:\WINDOWS\SYSTEM\Macromed\Shockwave 10\swinit.exe" O4 - HKCU\..\RunServicesOnce: [Shockwave 10] "C:\WINDOWS\SYSTEM\Macromed\Shockwave 10\swinit.exe" O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O18 - Filter: text/html - {8D821B80-82A1-11D9-AC07-002055A1B5A6} - C:\WINDOWS\SYSTEM\BEOF.DLL O18 - Filter: text/plain - {8D821B80-82A1-11D9-AC07-002055A1B5A6} - C:\WINDOWS\SYSTEM\BEOF.DLL
  • Download [url=http://users.pandora.be/marcvn/tools/appinit.zip]appinit.bat.[/url] Run het bestand niet uit de zip-map, maar unzip het naar je desktop. Even verschijnt er een dosbox en dan wordt er een bestandje aangemaakt dat windows.txt noemt. Post dat in je volgende bericht. Ik zie er trouwens ook een nieuwe infectie tussen, hoe doe je dat zo vlug????
  • hoe kan ik dat makkelijk posten?
  • nieuwe infectie?? :S grmpf! ik doe niets raars! Volgens mij werkt het appinit niet. ik heb het op mijn desktop gezet en wil het draaien en krijg dan het volgende: C:\windows\desktop>reg save "HKLM\software\microsoft\windows nt\currenVersion\windows" windows1.hiv C:\windows\desktop>ren windows1.hiv windows.txt het bestand is niet gevonden - windows1.hiv
  • ging wat fout heb nu het bericht meerdere keren per ongeluk geplaatst
  • nieuwe infectie?? :S grmpf! ik doe niets raars! Volgens mij werkt het appinit niet. ik heb het op mijn desktop gezet en wil het draaien en krijg dan het volgende: C:\windows\desktop>reg save "HKLM\software\microsoft\windows nt\currenVersion\windows" windows1.hiv C:\windows\desktop>ren windows1.hiv windows.txt het bestand is niet gevonden - windows1.hiv
  • Download en installeer CWShredder: http://www.intermute.com/spysubtract/cwshredder_download.html Nog niet gebruiken. Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: fix.reg Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:d12a04dc5a] REGEDIT4 [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html] [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain] [-HKEY_CLASSES_ROOT\CLSID\{8D821B80-82A1-11D9-AC07-002055A1B5A6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D821B81-82A1-11D9-AC07-00203AED103D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D821B81-82A1-11D9-AC07-00203AED103D}] [/code:1:d12a04dc5a] Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:d12a04dc5a] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {8D821B81-82A1-11D9-AC07-00203AED103D} - C:\WINDOWS\SYSTEM\BEOF.DLL O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKCU\..\Run: [cmsound] c:\windows\openstre.exe O4 - HKCU\..\Run: [winltmpv] c:\windows\stropl.exe O18 - Filter: text/html - {8D821B80-82A1-11D9-AC07-002055A1B5A6} - C:\WINDOWS\SYSTEM\BEOF.DLL O18 - Filter: text/plain - {8D821B80-82A1-11D9-AC07-002055A1B5A6} - C:\WINDOWS\SYSTEM\BEOF.DLL [/b:d12a04dc5a] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\SYSTEM\BEOF.DLL c:\windows\stropl.exe c:\windows\openstre.exe C:\WINDOWS\TEMP\SE C:\WINDOWS\SYSTEM\twink64.exe C:\WINDOWS\NOTFI.DLL Verwijder alle bestanden in deze map: C:\WINDOWS\TEMP Start CWShredder en verwijder alles wat het vind. Dubbelklik op fix.reg en laat de wijzigingen aan je register toevoegen. Reboot de computer. Doe een onlinescan: http://housecall.trendmicro.com/housecall/start_corp.asp run HijackThis opnieuw en post een nieuwe log.
  • ik kreeg een foutmelding toen ik op http://housecall.trendmicro.com/housecall/start_corp.asp wilde doen. Hier nogmaals logfile Logfile of HijackThis v1.99.1 Scan saved at 20:52:06, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\NOTEPAD.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  • Laat de volgende entry: O4 - HKLM\..\Run: [SystemTray] SysTray.exe is controleren bij http://virusscan.jotti.org/ LET OP ik heb het over SysTray.exe en niet systray Verwacht een trojan, als dat zo is verwijderen en dan de onlinescan bij housecall. Surf ook even een half uurtje over internet om te weten of de about blank terug komt.
  • en hoe doe ik dat? ik kan op die site bladeren maar waar kan ik O4 - HKLM\..\Run: [SystemTray] SysTray.exe vinden?
  • Het bestand SysTray.exe staat in C:\WINDOWS\SYSTEM Dus laat dat scannen
  • nu kanik systray wel vinden maar niet SysTray.exe. Ik zoek onder Start zoeken bestanden mappen. De systray die ik kan vinden zit in c:\windows\system en msdosnaam: SYSTRAY.EXE[/list]
  • Problemen! lees hier dat een hijacklog nodig is om het op te kunnen lossen... wie kan me AUB helpen? Logfile of HijackThis v1.98.2 Scan saved at 9:26:49, on 19-2-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE E:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE E:\PROGRAM FILES\PASSWORD MANAGER\ACCTMGR.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE E:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\EZAUDIO.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\CSINSM32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE E:\PROGRAM FILES\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {2F801A68-246D-11D9-AC07-0020F8C577EE} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {D38B2F81-8202-11D9-AC07-0020E584E4C7} - C:\WINDOWS\SYSTEM\LOFF.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP O4 - HKLM\..\Run: [block buster] C:\WINDOWS\All Users\Desktop O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\Program Files\Norton CleanSweep\csinject.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\RunServices: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\Norton CleanSweep\Csinsm32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O18 - Filter: text/html - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL O18 - Filter: text/plain - {F9051B02-8256-11D9-AC07-0020D8CD7176} - C:\WINDOWS\SYSTEM\LOFF.DLL

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.