Vraag & Antwoord

Beveiliging & privacy

HJT-logje (Gaat goed zo)

Anoniem
M@rc
4 antwoorden
  • ik heb hier nog een logje, maar even een paar gedaan.. :wink:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:15:39, on 15-3-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE

    C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
    C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
    C:\WINDOWS\NVSVWC.EXE
    C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\TEMP\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://msn.dll/msn
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {E5996DA1-9412-11D9-9D75-0050A7DDD318} - C:\WINDOWS\SYSTEM\BDMN.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
    O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.EXE
    O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
    O4 - HKLM\..\Run: [hbcl] C:\WINDOWS\HBCL.EXE
    O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
    O4 - HKLM\..\Run: [sp] rundll32 C:\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
    O4 - HKCU\..\Run: [winltmpv] c:\windows\nvsvwc.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O18 - Filter: text/html - {279D79CD-9559-11D9-9D75-0050DC15FE66} - C:\WINDOWS\SYSTEM\BDMN.DLL
    O18 - Filter: text/plain - {279D79CD-9559-11D9-9D75-0050DC15FE66} - C:\WINDOWS\SYSTEM\BDMN.DLL
    O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\NTOSV.DLL

    Ik weet niet precies wat de problemen zijn maar er zouden problemen zijn.. Er zit 98Se op en er zou veel Spyware opzitten die Ad-aware niet weg zou krijgen.. :cry:
  • Download startdreck.zip.
    Dubbelklik op 'StartDreck.exe'
    Klik op config.
    Klik op Unmark all.
    Selecteer alleen de volgende:
    - Bij Registry: run keys
    - Bij System/drivers: Running processes
    Klik op OK.
    Er wordt een logje gemaakt. Post de inhoud van dit logje.
  • firefox is de oplossinghttp://www.mozilla.org/products/firefox/
  • Dit kwam eruit, ik heb gelijk gezegd dat hij Mozilla moet installeren..

    Logged in as at OEMCOMPUTER

    »Registry
    »Run Keys
    »Current User
    »Run
    *Srv32 spool service=C:\WINDOWS\System\spoolsrv32.exe
    *winltmpv=c:\windows\nvsvwc.exe
    »RunOnce
    »Default User
    »Run
    *Srv32 spool service=C:\WINDOWS\System\spoolsrv32.exe
    *winltmpv=c:\windows\nvsvwc.exe
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *Taakcontrole=c:\windows\taskmon.exe
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *EnsoniqMixer=starter.exe
    *TaskMonitor=c:\windows\taskmon.exe
    *COMSMDEXE=comsmd.exe -on
    *DU Meter=C:\PROGRAM FILES\DU METER\DUMETER.EXE
    *FinePrint Dispatcher=C:\WINDOWS\SYSTEM\fpdisp3a.exe
    *Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    *StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
    *SetPoint=C:\Program Files\Logitech\SetPoint\KEM.EXE
    *Logitech Hardware Abstraction Layer=KHALMNPR.EXE
    *Drag'n'Drop_Autolaunch="C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    *LoadQM=loadqm.exe
    *hbcl=C:\WINDOWS\HBCL.EXE
    *Srv32 spool service=C:\WINDOWS\System\spoolsrv32.exe
    *sp=rundll32 C:\TEMP\SE.DLL,DllInstall
    +OptionalComponents
    +IMAIL
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *Machine Debug Manager=C:\WINDOWS\SYSTEM\MDM.EXE
    »RunServicesOnce
    **so=rundll32 C:\WINDOWS\SCHEDLRG.TXT,DllGetClassObject
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    +FF0F6F75=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    +FFFF1811=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    +FFFF2F81=C:\WINDOWS\SYSTEM\MPREXE.EXE
    +FFFFADFD=C:\WINDOWS\SYSTEM\MDM.EXE
    +FFFFBA89=C:\WINDOWS\SYSTEM\mmtask.tsk
    +FFFE7959=C:\WINDOWS\RUNDLL32.EXE
    +FFFE4BF9=C:\WINDOWS\EXPLORER.EXE
    +FFFDD4C5=C:\WINDOWS\TASKMON.EXE
    +FFFD7FC9=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    +FFFD3245=C:\WINDOWS\STARTER.EXE
    +FFFDC739=C:\WINDOWS\SYSTEM\STIMON.EXE
    +FFFDE6CD=C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
    +FFFC0C5D=C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
    +FFFC1195=C:\WINDOWS\LOADQM.EXE
    +FFFDB4E9=C:\WINDOWS\HBCL.EXE
    +FFFC2FE9=C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
    +FFFC3D49=C:\WINDOWS\RUNDLL32.EXE
    +FFFC52C1=C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
    +FFFCDA5D=C:\WINDOWS\NVSVWC.EXE
    +FFFAC4E1=C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
    +FFFA04C1=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    +FFF95369=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    +FFF74909=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    +FFF7DB31=C:\WINDOWS\SYSTEM\DDHELP.EXE
    +FFF7B681=C:\WINDOWS\DESKTOP\STARTDRECK\STARTDRECK.EXE
    »Application specific

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.