Vraag & Antwoord

Beveiliging & privacy

Hijack log *IE gekaapt*

Anoniem
M@rc
16 antwoorden
 • Hey mensen,

  Mijn kwam erachter dat mijn IE was gekaapt. Gebruik al sinds een tijdje Firefox, maar wil nu ook wel dat IE weer normaal is. Dus wie kan mij helpen dit weer goed te zetten?

  Als ik IE opstart verwijst ie naar mijn program files/Make125/Portal/portal.html …

  Ik heb al in veilige modus een fix uitgevoerd hierop, maar het heeft niet geholpen. Kan iemand mij helpen?

  Hier het logje:

  [list:58391afc87]Logfile of HijackThis v1.99.1
  Scan saved at 19:35:14, on 14-3-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  E:\WINDOWS\System32\smss.exe
  E:\WINDOWS\system32\winlogon.exe
  E:\WINDOWS\system32\services.exe
  E:\WINDOWS\system32\lsass.exe
  E:\WINDOWS\System32\Ati2evxx.exe
  E:\WINDOWS\system32\svchost.exe
  E:\WINDOWS\System32\svchost.exe
  E:\WINDOWS\system32\spoolsv.exe
  E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  E:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
  E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  E:\WINDOWS\System32\inetsrv\inetinfo.exe
  E:\WINDOWS\system32\drivers\KodakCCS.exe
  E:\Inetpub\mysql\bin\mysqld-nt.exe
  E:\Program Files\Norton AntiVirus\navapsvc.exe
  E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  E:\Program Files\Norton AntiVirus\SAVScan.exe
  E:\WINDOWS\System32\ScsiAccess.EXE
  E:\WINDOWS\System32\svchost.exe
  E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  E:\WINDOWS\System32\svchost.exe
  E:\WINDOWS\system32\wuauclt.exe
  E:\WINDOWS\system32\Ati2evxx.exe
  E:\WINDOWS\Explorer.EXE
  E:\WINDOWS\system32\wscntfy.exe
  E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  E:\Program Files\Common Files\Symantec Shared\ccApp.exe
  E:\Program Files\DU Meter\DUMeter.exe
  E:\Program Files\QuickTime\qttask.exe
  E:\Program Files\Messenger Plus! 3\MsgPlus.exe
  E:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
  E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
  E:\Program Files\Common Files\Real\Update_OB\realsched.exe
  E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
  E:\WINDOWS\system32\vxdrun6.exe
  E:\Program Files\Messenger\msmsgs.exe
  E:\Program Files\Hitman Pro\srhelper.exe
  E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  E:\Program Files\Logitech\SetPoint\KEM.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
  E:\Inetpub\mysql\bin\winmysqladmin.exe
  E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
  E:\Program Files\MSN Messenger\msnmsgr.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
  E:\Documents and Settings\akiffen\Desktop\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/Program%20Files/Make125/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///E:/Program%20Files/Make125/Portal/portal.html
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NAV CfgWiz] E:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
  O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"
  O4 - HKLM\..\Run: [DataLayer] E:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
  O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LVCOMS] E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKLM\..\Run: [sVideo2] E:\WINDOWS\system32\vxdrun6.exe
  O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
  O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "E:\Program Files\Hitman Pro\srhelper.exe"
  O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Startup: WinMySQLadmin.lnk = E:\Inetpub\mysql\bin\winmysqladmin.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: hp psc 2000 Series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
  O4 - Global Startup: officejet 6100.lnk = ?
  O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
  O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://edapp01.saxion.nl/qp2.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: MySql - Unknown owner - E:/Inetpub/mysql/bin/mysqld-nt.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: ScsiAccess - Unknown owner - E:\WINDOWS\System32\ScsiAccess.EXE
  O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  [/list:u:58391afc87]
 • Ik zie dat je Hitman Pro geinstalleerd hebt. Heb je die al eens zijn werk laten doen?
 • ja dat heb ik al gedaan. Maar die veranderd er niks aan :S

  vaag he
 • Ga naar COnfiguratiescherm - SOftware en deïnstalleer Switch.
  Herstart de computer en maak een nieuwe Hijackthislog. Post deze.
 • thanks man!!!

  zo te zien is het nu weg! thanks alot

  [list:abff6c8e09]Logfile of HijackThis v1.99.1
  Scan saved at 20:52:56, on 14-3-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  E:\WINDOWS\System32\smss.exe
  E:\WINDOWS\system32\winlogon.exe
  E:\WINDOWS\system32\services.exe
  E:\WINDOWS\system32\lsass.exe
  E:\WINDOWS\System32\Ati2evxx.exe
  E:\WINDOWS\system32\svchost.exe
  E:\WINDOWS\System32\svchost.exe
  E:\WINDOWS\system32\spoolsv.exe
  E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  E:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
  E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  E:\WINDOWS\System32\inetsrv\inetinfo.exe
  E:\WINDOWS\system32\drivers\KodakCCS.exe
  E:\Inetpub\mysql\bin\mysqld-nt.exe
  E:\Program Files\Norton AntiVirus\navapsvc.exe
  E:\WINDOWS\system32\Ati2evxx.exe
  E:\WINDOWS\Explorer.EXE
  E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  E:\Program Files\Norton AntiVirus\SAVScan.exe
  E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  E:\Program Files\Common Files\Symantec Shared\ccApp.exe
  E:\WINDOWS\System32\ScsiAccess.EXE
  E:\WINDOWS\System32\svchost.exe
  E:\Program Files\DU Meter\DUMeter.exe
  E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  E:\Program Files\QuickTime\qttask.exe
  E:\Program Files\Messenger Plus! 3\MsgPlus.exe
  E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  E:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
  E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
  E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  E:\Program Files\Common Files\Real\Update_OB\realsched.exe
  E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
  E:\Program Files\Messenger\msmsgs.exe
  E:\Program Files\Hitman Pro\srhelper.exe
  E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  E:\Program Files\Logitech\SetPoint\KEM.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
  E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
  E:\Inetpub\mysql\bin\winmysqladmin.exe
  E:\Program Files\MSN Messenger\msnmsgr.exe
  E:\WINDOWS\system32\wscntfy.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
  E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
  E:\WINDOWS\system32\wuauclt.exe
  E:\Documents and Settings\akiffen\Desktop\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NAV CfgWiz] E:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
  O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"
  O4 - HKLM\..\Run: [DataLayer] E:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
  O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [LVCOMS] E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
  O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "E:\Program Files\Hitman Pro\srhelper.exe"
  O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Startup: WinMySQLadmin.lnk = E:\Inetpub\mysql\bin\winmysqladmin.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: hp psc 2000 Series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
  O4 - Global Startup: officejet 6100.lnk = ?
  O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
  O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://edapp01.saxion.nl/qp2.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: C-DillaSrv - C-Dilla Ltd - E:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: MySql - Unknown owner - E:/Inetpub/mysql/bin/mysqld-nt.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
  O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: ScsiAccess - Unknown owner - E:\WINDOWS\System32\ScsiAccess.EXE
  O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  [/list:u:abff6c8e09]
 • Ok…. 1 pc is nu gemaakt, maar heb ook nog een oudere pc staan met hetzelfde probleem.

  Hopelijk weet je hier ook het antwoord op! ;)

  hier de log

  [list:8f54d30ee7]Logfile of HijackThis v1.99.1
  Scan saved at 19:10:55, on 14-3-05
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\SYSTEM\SPOOL32.EXE
  C:\WINDOWS\EXPLORER.EXE
  C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
  C:\WINDOWS\SYSTEM\STIMON.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
  C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
  C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
  C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
  C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
  C:\WINDOWS\SYSTEM\WMIEXE.EXE
  C:\WINDOWS\SYSTEM\DDHELP.EXE
  C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/228/
  F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
  O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
  O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
  O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
  O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
  O4 - HKLM\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWARN.EXE
  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
  O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
  O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
  O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
  O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
  O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
  O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
  O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
  O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
  O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
  O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra button: Microsoft AntiSpyware helper - {41DA1E20-946D-11D9-8060-0040F4857333} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {41DA1E20-946D-11D9-8060-0040F4857333} - (no file) (HKCU)
  O12 - Plugin for .spop: C:\PROGRA~1\Intern~1\Plugins\NPDocBox.dll
  O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O15 - Trusted IP range: 206.161.125.149
  O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll

  [/list:u:8f54d30ee7]
 • Mooi. Kijk even of dit bestand nog aanwezig is (inde eerste log): E:\WINDOWS\system32\DummyX.dll
  Indien aanwezig mag je dit verwijderen.
 • ja was aanwezig….net gedelete…

  thanks man!


  nog oplossing voor die andere log? die heeft een hijack op www.hotoffers.info
 • Kan je dit bestand even naar me mailen: C:\WINDOWS\SYSTEM\thun32.dll
  mailto: MarckieATBluemedicine.be (AT vervang je door @)

  Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.

  Zorg dat alle verborgen bestanden weergegeven worden.

  Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
  Security iGuard

  Start de computer in veilige modus.

  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:b7fcded266]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/228/

  F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
  O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

  O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
  O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
  O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
  O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

  O15 - Trusted IP range: 206.161.125.149

  O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll

  [/b:b7fcded266]

  Verwijder de volgende bestanden indien aanwezig:
  C:\WINDOWS\System\spoolsrv32.exe
  C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

  Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
 • Hey hey,

  Ik heb gedaan wat je zei, maar heeft nog niet geholpen.

  hieronder de log:

  [list:cc353e2a9c]Logfile of HijackThis v1.99.1
  Scan saved at 18:41:29, on 15-3-05
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\EXPLORER.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
  C:\WINDOWS\SYSTEM\STIMON.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
  C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
  C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
  C:\WINDOWS\SYSTEM\WMIEXE.EXE
  C:\HIJACKTHIS\HIJACKTHIS.EXE

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/228/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
  O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
  O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
  O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
  O4 - HKLM\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWARN.EXE
  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
  O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
  O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
  O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
  O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
  O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
  O12 - Plugin for .spop: C:\PROGRA~1\Intern~1\Plugins\NPDocBox.dll
  O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O15 - Trusted IP range: 206.161.125.149

  [/list:u:cc353e2a9c]
 • Download SilentRunners.
  Unzip het naar een eigen map.
  Klik op silentrunners.vbs om het te starten.
  Er wordt een bestand aangemaakt dat Startup Programs noemt. Post de inhoud.
 • Hier de log van silent runners:

  [list:3a08d2ba8f]"Silent Runners.vbs", revision 32, http://www.silentrunners.org/
  Operating System: Windows 98
  Output limited to non-default values, except where indicated by "{++}"


  Startup items buried in registry:
  ———————————

  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
  "Spyware Doctor" = ""C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q" [file not found]
  "Skype" = ""C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized" ["Skype Technologies S.A."]
  "SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0" ["Webroot Software, Inc."]

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
  "Taakcontrole" = "C:\WINDOWS\taskmon.exe" [MS]
  "SystemTray" = "SysTray.Exe" [MS]
  "LoadQM" = "loadqm.exe" [MS]
  "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
  "URLLSTCK.exe" = "C:\Program Files\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"]
  "StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]
  "Symantec NetDriver Warning" = "C:\PROGRA~1\SYMNET~1\SNDWARN.EXE" ["Symantec Corporation"]
  "Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
  "msnappau" = ""c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"" [MS]
  "Security iGuard" = "C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE" [file not found]
  "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
  "ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
  "ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
  "ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"]
  "ccProxy" = "C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE" ["Symantec Corporation"]
  "SndSrvc" = "C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE" ["Symantec Corporation"]
  "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
  "SchedulingAgent" = "C:\WINDOWS\SYSTEM\mstask.exe" [MS]

  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]
  {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
  {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL" [MS]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL" [MS]

  HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  "{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Externe toegang"
  -> {CLSID}\InProcServer32\(Default) = "rnaui.dll" [MS]

  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
  INFECTION WARNING! "{12345678-0000-0010-8000-00AAFF6D2EA4}" = "Sysctl Desktop Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\systr.dll" [null data]


  Startup items in "Startup" & "All Users…Startup" folders:
  ———————————————————–

  C:\WINDOWS\Start Menu\Programma's\Opstarten
  "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
  "hp psc 2000 Series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" ["Hewlett-Packard Co."]
  "officejet 6100" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe" ["Hewlett-Packard Co."]


  Enabled Scheduled Tasks:
  ————————

  "Toepassing Optimalisatie Start" -> launches: "walign" [MS]
  "Onderhoud-Defragmentatieprogramma's" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:0" [MS]
  "Onderhoud-Schijfcontrole" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS]
  "Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"]
  "Norton AntiVirus - Mijn computer scannen" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\WINDOWS\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
  "Onderhoud-Schijfopruiming" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS]


  Winsock2 Service Provider DLLs:
  ——————————-

  Namespace Service Providers

  HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
  000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

  Transport Service Providers

  HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
  00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
  C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
  C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
  C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


  ———-
  This report excludes default entries except where indicated.
  To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
  ———-
  [/list:u:3a08d2ba8f]
 • Open een klablokbestand.
  Kopieer onderstaande code in dit kladblokbestand.
  Ga naar Bestand - Opslaan als.
  Bij "Opslaan in" kies je: Bureaublad
  Bij "Bestandsnaam" zet je: fix.reg
  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
  Klik op de knop Opslaan.
  [code:1:3ede3a6375]REGEDIT4

  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4}]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  "{12345678-0000-0010-8000-00AAFF6D2EA4}"=-
  [/code:1:3ede3a6375]
  Gebruik de regfile nog niet.

  Download Pocket KillBox.
  Unzip het programma naar je bureaublad.
  Klik op killbox.exe.
  Selecteer de optie “Delete on reboot”.
  In het veld “Full path of file to delete" Kopieer en plak je het volgende:
  [code:1:3ede3a6375]
  C:\WINDOWS\System32\systr.dll
  [/code:1:3ede3a6375]
  Plaats een vinkje bij "Unregister .dll before deletion".
  Klik op de knop met de rode cirkel en het witte kruis.
  Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de

  knop "YES".
  De computer zal nu opnieuw starten. (het kan zijn dat je onder 9.X de computer zelf opnieuw moet laten starten)

  Wanneer de computer opnieuw opgestart is start je Hijackthis en laat volgende fixen:
  [b:3ede3a6375]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/228/

  O15 - Trusted IP range: 206.161.125.149
  [/b:3ede3a6375]

  Dubbelklik nu op de fix.reg file (op je bureaublad) en laat de wijzigingen aan het register

  toevoegen.

  Herstart de computer maak een nieuwe HijackThislog en post deze.
  Vertel me hoe de situatie nu is.
 • ok…gedaan….en zo te zien is het weg….alleen die 015 blijft nog staan

  hier de log:

  [list:a605b72e28]Logfile of HijackThis v1.99.1
  Scan saved at 12:33:50, on 16-3-05
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\EXPLORER.EXE
  C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
  C:\WINDOWS\SYSTEM\WMIEXE.EXE
  C:\WINDOWS\SYSTEM\STIMON.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
  C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
  C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
  C:\HIJACKTHIS\HIJACKTHIS.EXE

  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
  O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
  O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
  O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
  O4 - HKLM\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWARN.EXE
  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
  O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
  O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
  O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
  O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
  O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
  O12 - Plugin for .spop: C:\PROGRA~1\Intern~1\Plugins\NPDocBox.dll
  O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O15 - Trusted IP range: 206.161.125.149

  [/list:u:a605b72e28]
 • je bent deze nog vergeten.
  O15 - Trusted IP range: 206.161.125.149
  of kwam ie terug na de fix
 • die kwam terug na de fix

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.