Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis log

kleine junior
37 antwoorden
  • Hallo, ik ben Max en ik heb rotzooi op mijn computer staan. Dit is de log dinges van hijtsjik:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:03:07, on 9-3-05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://chat.sth.nu:8246/Java/cfs40301.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe


    Ik snap hier dus echt geen drol van. Kunnen jullie misschien zien wat er fout is? Alvast bedankt voor de moeite.
  • kleine junior

    zou je een eigen topic willen beginnen en niet in een andermans topic jouwe in zetten
    het is al moeilijk genoeg voor de scan uitlezers
  • Gesplitst.
  • Ow sorry, ik dacht dat het een algemeen log topic was…
  • Ik heb ad-aware, spy bot en SWShredder laten draaien en nu ziet de Logfile of HijackThis v1.99.1 er zo uit:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:59:13, on 9-3-05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://chat.sth.nu:8246/Java/cfs40301.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
  • Kleine Junior,


    Herstart je computer in VEILIGE mode. Dat is bij opstarten als het scherm nog zwart is op F8 drukken en dan VEILIGE mode kiezen.

    Start Hijackthis op en selecteer de volgende items

    [b:4b490f1c7c]O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://chat.sth.nu:8246/Java/cfs40301.cab
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe[/b:4b490f1c7c]

    Klik nu op "Fix checked"

    Maak nu je Temp directory leeg:
    Start -> Uitvoeren – Typ in: %Temp% (enter)
    selecteer alle bestanden/directories en verwijder deze.
    Maak nu ook je prullenbak leeg.

    Start je computer opnieuw op en maak een nieuw logje.
    Post dit log voor controle.

    Sjaak
  • Het lukt me niet om in de veilig modus te starten. Zal het komen omdat ik op een laptop zit? Zijn er nog andere mogelijkheden om in de veilige modus te starten?
  • [quote:f146f0aebc="kleine junior"]Het lukt me niet om in de veilig modus te starten. Zal het komen omdat ik op een laptop zit? Zijn er nog andere mogelijkheden om in de veilige modus te starten?[/quote:f146f0aebc]


    http://users.pandora.be/marcvn/spyware/1378056.htm


    Guft. :wink:
  • Hey steggel, ik heb gedaan wat je zei. Dit is nu mijn log:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:57:56, on 10-3-05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {E951AAC2-918D-11D9-A12D-0004EBC31D52} - C:\WINDOWS\SYSTEM\HEMJ.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O18 - Filter: text/html - {E951AAC1-918D-11D9-A12D-00041B118325} - C:\WINDOWS\SYSTEM\HEMJ.DLL
    O18 - Filter: text/plain - {E951AAC1-918D-11D9-A12D-00041B118325} - C:\WINDOWS\SYSTEM\HEMJ.DLL
  • Is dit zo'n lastig geval dat jullie niet meer reageren? Ik kan jullie zeggen dat het er niet beter op geworden is. :cry:
  • Download Startdreck.exe.
    Dubbelklik op 'StartDreck.exe'
    Klik op config.
    Klik op Unmark all.
    Selecteer alleen de volgende:
    - Bij Registry: run keys
    - Bij System/drivers: Running processes
    Klik op OK.
    Er wordt een logje gemaakt. Post de inhoud van dit logje.
    Maak een nieuwe hijackthislog en post deze ook.
  • StartDreck (build 2.1.7 public stable) - 2005-03-11 @ 23:01:39 (GMT +01:00)
    Platform: Windows 98 (Win 4.10.1998 )
    Internet Explorer: 6.0.2600.0000
    Logged in as Gerard at T440CDT

    »Registry
    »Run Keys
    »Current User
    »Run
    *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    »RunOnce
    »Default User
    »Run
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
    *Taakcontrole=C:\WINDOWS\taskmon.exe
    *SystemTray=SysTray.Exe
    *IrMon=IrMon.exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *LoadQM=loadqm.exe
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *msnappau="c:\program files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    *sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    +OptionalComponents
    +IMAIL
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *Machine Debug Manager=C:\WINDOWS\SYSTEM\MDM.EXE
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    +FFCF2C2D=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    +FFFF18B5=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    +FFFFEF45=C:\WINDOWS\SYSTEM\MPREXE.EXE
    +FFFFCC0D=C:\WINDOWS\SYSTEM\mmtask.tsk
    +FFFF95F1=C:\WINDOWS\SYSTEM\MSTASK.EXE
    +FFFE6835=C:\WINDOWS\SYSTEM\MDM.EXE
    +FFFE2D8D=C:\WINDOWS\EXPLORER.EXE
    +FFFEFA39=C:\WINDOWS\TASKMON.EXE
    +FFFD6171=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    +FFFD3EB9=C:\WINDOWS\SYSTEM\IRMON.EXE
    +FFFD1A95=C:\WINDOWS\LOADQM.EXE
    +FFFFC495=C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    +FFFDA5D5=C:\WINDOWS\RUNDLL32.EXE
    +FFFDBF71=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    +FFFC53C9=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    +FFFCE811=C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
    +FFFC9EE9=C:\WINDOWS\SYSTEM\DDHELP.EXE
    +FFC265E9=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    +FFC2F671=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
    »Application specific
  • Logfile of HijackThis v1.99.1
    Scan saved at 23:04:56, on 11-3-05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {E951AAC2-918D-11D9-A12D-0004EBC31D52} - C:\WINDOWS\SYSTEM\HEMJ.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O18 - Filter: text/html - {E951AAC1-918D-11D9-A12D-00041B118325} - C:\WINDOWS\SYSTEM\HEMJ.DLL
    O18 - Filter: text/plain - {E951AAC1-918D-11D9-A12D-00041B118325} - C:\WINDOWS\SYSTEM\HEMJ.DLL
  • Download en installeer Ccleaner: http://www.ccleaner.com/
    Gebruik het programma nog niet.

    Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.

    Zorg dat alle verborgen bestanden weergegeven worden.

    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    [code:1:ef7f5b8b42]REGEDIT4

    [-HKEY_CLASSES_ROOT\CLSID\{E951AAC2-918D-11D9-A12D-0004EBC31D52}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E951AAC2-918D-11D9-A12D-0004EBC31D52}]

    [-HKEY_CLASSES_ROOT\CLSID\{E951AAC1-918D-11D9-A12D-00041B118325}]

    [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

    [-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sp"=-
    [/code:1:ef7f5b8b42]

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:ef7f5b8b42]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {E951AAC2-918D-11D9-A12D-0004EBC31D52} - C:\WINDOWS\SYSTEM\HEMJ.DLL

    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

    O18 - Filter: text/html - {E951AAC1-918D-11D9-A12D-00041B118325} - C:\WINDOWS\SYSTEM\HEMJ.DLL
    O18 - Filter: text/plain - {E951AAC1-918D-11D9-A12D-00041B118325} - C:\WINDOWS\SYSTEM\HEMJ.DLL
    [/b:ef7f5b8b42]
    Dubbelklik op fix.reg en laat de wijzigingen aan het register toevoegen.

    Verwijder de volgende bestanden indien aanwezig:
    C:\WINDOWS\SYSTEM\HEMJ.DLL

    Start CCleaner en klik op de knop Opschonen.

    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
    Vertel even hoe de situatie nu is.
  • Wat is reboot?
  • Opnieuw starten.
  • Nou, ik heb het eindelijk voor elkaar…. Dit is nu de log:

    Logfile of HijackThis v1.99.1
    Scan saved at 0:12:55, on 12-3-05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
    C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  • Ik heb nog steeds die about:blank pagina als ik internet opstart. Zelfs als ik internet niet opstart komt er een pop-up in beeld met de informatie dat de computer geinfecteerd is met spam e.d.
  • Start de computer nogmaals in VEILIGE mode

    Maak de directory C:\Windows\Temp leeg (alle bestanden verwijderen)

    Daarna hijackthis opstarten en fix de volgende items nogmaals:
    [b:dd1888b043]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank [/b:dd1888b043]

    Herstart je computer en controleer of deze R1 regels zijn verdwenen.

    Sjaak
  • Daar heb ik geen tijd meer voor. Ga zo namelijk naar IJsselmeervogels-Spakenburg. Ik denk dat het vanavond of morgen wordt.

    In ieder geval bedankt voor de tips tot zover!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.