Mededeling

Collapse
No announcement yet.

logje gino

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • logje gino

    Ik heb al een tijd een probleem via spyware, iedere keer komt er een popup met windows error service iedere 10 min. Via adaware ben ik erachter gekomen dat het om enigma.spyhunter gaat en dat er in het register een waarde is die besmet is {357aa41a..etc} deze heb ik al een paar keer verwijderd echter zonder resultaat, het blijft terugkomen, wie kan mij helpen met een oplossing?

    logje:
    Logfile of HijackThis v1.98.2
    Scan saved at 8:18:52, on 19-11-04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\Program Files\OPLIMIT\OCRAWARE.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE
    C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM32\INETSRV\SERVICES.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOSTR03.EXE
    C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE
    C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
    C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOVDX03.EXE
    C:\WINDOWS\SYSTEM\HPOHID03.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hetnet.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F1 - win.ini: load=C:\PROGRA~1\OPLIMIT\ocraware.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Atikey] Atitask.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe
    O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
    O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
    O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
    O4 - User Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.138

  • #2
    Hoi hendr022,

    1. Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map . Dit in verband met de backups die dit programma maakt

    2. Vink onderstaande aan in HijackThis:

    O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
    O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
    3. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

    4. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    5. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
    Mappen:
    C:\WINDOWS\system32\wbem
    C:\WINDOWS\system32\inetsrv

    5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier

    Comment


    • #3
      re: nieuw logje

      De aanpassingen gedaan, het enige wat ik niet wist hoe je in de veilige modus kan opstarten, ik heb nu normaal opgestart, laat het me weten als dit anders kan,
      Gino

      hier het nieuwe logje:
      Logfile of HijackThis v1.98.2
      Scan saved at 8:26:05, on 22-11-04
      Platform: Windows 98 Gold (Win9x 4.10.1998)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
      C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
      C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\Program Files\OPLIMIT\OCRAWARE.EXE
      C:\WINDOWS\STARTER.EXE
      C:\PROGRAM FILES\OPLIMIT\OCRAWR32.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\WINDOWS\SYSTEM\ATITASK.EXE
      C:\WINDOWS\SYSTEM\ATICWD32.EXE
      C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
      C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE
      C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE
      C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\WINDOWS\SYSTEM\QTTASK.EXE
      C:\WINDOWS\SYSTEM32\DRIVERS\CSRSS.EXE
      C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOSTR03.EXE
      C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE
      C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
      C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOVDX03.EXE
      C:\WINDOWS\SYSTEM\HPOHID03.EXE
      C:\HJT\HIJACKTHIS.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hetnet.nl:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F1 - win.ini: load=C:\PROGRA~1\OPLIMIT\ocraware.exe
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
      O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [Atikey] Atitask.exe
      O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
      O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
      O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
      O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
      O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe
      O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe
      O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
      O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
      O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
      O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
      O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
      O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
      O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
      O4 - Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
      O4 - User Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
      O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
      O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
      O15 - Trusted Zone: http://*.windowsupdate.com
      O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.138

      Comment


      • #4
        Ziehier hoe je PC te starten in veilige modus: http://www.virushelp.nl/veilige_modus.htm


        Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

        "Verwar de waarheid niet met de mening van de meerderheid"

        Comment


        • #5
          Dank voor de tip over de veilige modus.
          Alle handelingen gedaan. Onderstaand de nieuwe log.
          Ik heb zie al wel dat de 2 mappen in system 32 bij opnieuw opstarten er weer staan ondanks het verwijderen, hoort dit? ben bang dat het nog niet weg is.
          log:
          Logfile of HijackThis v1.98.2
          Scan saved at 17:22:00, on 22-11-04
          Platform: Windows 98 Gold (Win9x 4.10.1998)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
          C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
          C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\Program Files\OPLIMIT\OCRAWARE.EXE
          C:\WINDOWS\STARTER.EXE
          C:\PROGRAM FILES\OPLIMIT\OCRAWR32.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\ATITASK.EXE
          C:\WINDOWS\SYSTEM\ATICWD32.EXE
          C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
          C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE
          C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE
          C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          C:\WINDOWS\SYSTEM\QTTASK.EXE
          C:\WINDOWS\SYSTEM32\DRIVERS\CSRSS.EXE
          C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE
          C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOSTR03.EXE
          C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
          C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOVDX03.EXE
          C:\WINDOWS\SYSTEM\HPOHID03.EXE
          C:\HJT\HIJACKTHIS.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hetnet.nl:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          F1 - win.ini: load=C:\PROGRA~1\OPLIMIT\ocraware.exe
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
          O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [Atikey] Atitask.exe
          O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
          O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
          O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
          O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
          O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe
          O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe
          O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
          O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
          O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
          O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
          O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
          O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
          O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
          O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
          O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
          O4 - Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
          O4 - User Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
          O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
          O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
          O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
          O15 - Trusted Zone: http://*.windowsupdate.com
          O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.138

          Comment


          • #6
            Kun je Ad Aware even draaien (in veilige modus), opnieuw opstarten, en een nieuw logje plaatsen?

            Dank

            Comment


            • #7
              Adaware gedraaid,
              ik heb 2 nieuwe logjes (1 van HJT) en 1 van adaware toegevoegd:
              als 1e via adaware:

              Ad-Aware SE Build 1.05
              Logfile Created on:dinsdag 23 november 2004 17:07:10
              Created with Ad-Aware SE Personal, free for private use.
              Using definitions file:SE1R19 14.11.2004
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              References detected during the scan:
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              Clickbank.Affiliate(TAC index:7):3 total references
              Dialer(TAC index:5):1 total references
              MRU List(TAC index:0):23 total references
              Possible Browser Hijack attempt(TAC index:3):1 total references
              Tracking Cookie(TAC index:3):2 total references
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              Ad-Aware SE Settings
              ===========================
              Set : Search for negligible risk entries
              Set : Safe mode (always request confirmation)
              Set : Scan active processes
              Set : Scan registry
              Set : Deep-scan registry
              Set : Scan my IE Favorites for banned URLs
              Set : Scan my Hosts file

              Extended Ad-Aware SE Settings
              ===========================
              Set : Unload recognized processes & modules during scan
              Set : Scan registry for all users instead of current user only
              Set : Always try to unload modules before deletion
              Set : Let Windows remove files in use at next reboot
              Set : Delete quarantined objects after restoring
              Set : Include basic Ad-Aware settings in log file
              Set : Include additional Ad-Aware settings in log file
              Set : Include reference summary in log file
              Set : Include alternate data stream details in log file
              Set : Play sound at scan completion if scan locates critical objects


              23-11-04 17:07:11 - Scan started. (Full System Scan)

              MRU List Object Recognized!
              Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
              Description : winzip recently used archives


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
              Description : list of recent files opened using wordpad


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
              Description : list of files recently opened using microsoft paint


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
              Description : mru list for items opened in start | run


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\office\8.0\excel\recent file list
              Description : list of recent files used by microsoft excel


              MRU List Object Recognized!
              Location: : software\microsoft\office\8.0\publisher\recent file list
              Description : list of recent files used by microsoft publisher


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\office\8.0\powerpoint\recent file list
              Description : list of recent files used by microsoft powerpoint


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
              Description : list of recently used files in microsoft windows media player


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\internet explorer\main
              Description : last save directory used in microsoft internet explorer


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\internet explorer
              Description : last download directory used in microsoft internet explorer


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\outlook express\recent stationery list
              Description : list of recently used stationery in microsoft outlook express


              MRU List Object Recognized!
              Location: : software\microsoft\directdraw\mostrecentapplication
              Description : most recent application to use microsoft directdraw


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
              Description : last save as directory used in jasc paint shop pro


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
              Description : most recent application to use microsoft directinput


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
              Description : last open directory used in jasc paint shop pro


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
              Description : most recent application to use microsoft direct3d


              MRU List Object Recognized!
              Location: : software\microsoft\direct3d\mostrecentapplication
              Description : most recent application to use microsoft direct3d


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
              Description : most recent application to use microsoft directinput


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
              Description : last playlist loaded in microsoft windows media player


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
              Description : list of recently used search terms for locating files using the microsoft windows operating system


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
              Description : most recent application to use microsoft direct X


              MRU List Object Recognized!
              Location: : software\microsoft\direct3d\mostrecentapplication
              Description : most recent application to use microsoft direct X


              MRU List Object Recognized!
              Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
              Description : windows media sdk


              Listing running processes
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              #:1 [KERNEL32.DLL]
              FilePath : C:\WINDOWS\SYSTEM\
              ProcessID : 4279214835
              Threads : 4
              Priority : High
              FileVersion : 4.10.1998
              ProductVersion : 4.10.1998
              ProductName : Besturingssysteem Microsoft(R) Windows(R)
              CompanyName : Microsoft Corporation
              FileDescription : Win32 Kernel-kerncomponent
              InternalName : KERNEL32
              LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
              OriginalFilename : KERNEL32.DLL

              #:2 [MSGSRV32.EXE]
              FilePath : C:\WINDOWS\SYSTEM\
              ProcessID : 4294940183
              Threads : 1
              Priority : Normal
              FileVersion : 4.10.1998
              ProductVersion : 4.10.1998
              ProductName : Besturingssysteem Microsoft(R) Windows(R)
              CompanyName : Microsoft Corporation
              FileDescription : Windows 32-bits VxD-berichtserver
              InternalName : MSGSRV32
              LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
              OriginalFilename : MSGSRV32.EXE

              #:3 [MPREXE.EXE]
              FilePath : C:\WINDOWS\SYSTEM\
              ProcessID : 4294959495
              Threads : 1
              Priority : Normal
              FileVersion : 4.10.1998
              ProductVersion : 4.10.1998
              ProductName : Microsoft(R) Windows(R) Operating System
              CompanyName : Microsoft Corporation
              FileDescription : WIN32 Network Interface Service Process
              InternalName : MPREXE
              LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
              OriginalFilename : MPREXE.EXE

              #:4 [EXPLORER.EXE]
              FilePath : C:\WINDOWS\
              ProcessID : 4294952151
              Threads : 4
              Priority : Normal
              FileVersion : 4.72.3110.1
              ProductVersion : 4.72.3110.1
              ProductName : Microsoft(R) Windows NT(R) Operating System
              CompanyName : Microsoft Corporation
              FileDescription : Windows Explorer
              InternalName : explorer
              LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
              OriginalFilename : EXPLORER.EXE

              #:5 [AD-AWARE.EXE]
              FilePath : C:\ADAWARE\AD-AWARE SE PERSONAL\
              ProcessID : 4294872987
              Threads : 2
              Priority : Normal
              FileVersion : 6.2.0.206
              ProductVersion : VI.Second Edition
              ProductName : Lavasoft Ad-Aware SE
              CompanyName : Lavasoft Sweden
              FileDescription : Ad-Aware SE Core application
              InternalName : Ad-Aware.exe
              LegalCopyright : Copyright © Lavasoft Sweden
              OriginalFilename : Ad-Aware.exe
              Comments : All Rights Reserved

              Memory scan result:
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 0
              Objects found so far: 23


              Started registry scan
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              Dialer Object Recognized!
              Type : Regkey
              Data :
              Category : Dialer
              Comment :
              Rootkey : HKEY_CLASSES_ROOT
              Object : clsid\{093f9cf8-0de1-491c-95d5-5ec257bd4ca3}

              Clickbank.Affiliate Object Recognized!
              Type : RegValue
              Data :
              Category : Malware
              Comment : "SuperBar.Component"
              Rootkey : HKEY_LOCAL_MACHINE
              Object : software\microsoft\windows\currentversion\run
              Value : SuperBar.Component

              Clickbank.Affiliate Object Recognized!
              Type : RegValue
              Data :
              Category : Malware
              Comment : "AdRotator.Application"
              Rootkey : HKEY_LOCAL_MACHINE
              Object : software\microsoft\windows\currentversion\run
              Value : AdRotator.Application

              Clickbank.Affiliate Object Recognized!
              Type : RegValue
              Data :
              Category : Malware
              Comment : "{357AA41A-B7A8-4632-A27D-5B980B25CF43}"
              Rootkey : HKEY_LOCAL_MACHINE
              Object : software\microsoft\windows\currentversion\run
              Value : {357AA41A-B7A8-4632-A27D-5B980B25CF43}

              Registry Scan result:
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 4
              Objects found so far: 27


              Started deep registry scan
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              Deep registry scan result:
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 0
              Objects found so far: 27


              Started Tracking Cookie scan
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


              Tracking Cookie Object Recognized!
              Type : IECache Entry
              Data : [email protected][1].txt
              Category : Data Miner
              Comment : Hits:1
              Value : Cookie:[email protected]/
              Expires : 20-11-14 12:19:56
              LastSync : Hits:1
              UseCount : 0
              Hits : 1

              Tracking cookie scan result:
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 1
              Objects found so far: 28



              Deep scanning and examining files (c
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              Tracking Cookie Object Recognized!
              Type : IECache Entry
              Data : [email protected][1].txt
              Category : Data Miner
              Comment :
              Value : c:\WINDOWS\Cookies\[email protected][1].txt

              Disk Scan Result for c:\
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 0
              Objects found so far: 29


              Deep scanning and examining files (d
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              Disk Scan Result for d:\
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 0
              Objects found so far: 29

              Possible Browser Hijack attempt Object Recognized!
              Type : File
              Data : CDNOW.url
              Category : Misc
              Comment : Problematic URL discovered: http://www.cdnow.com/
              Object : C:\WINDOWS\Favorieten\Shops\




              Performing conditional scans...
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

              Conditional scan result:
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              New critical objects: 0
              Objects found so far: 30

              17:12:03 Scan Complete

              Summary Of This Scan
              »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
              Total scanning time:00:04:52.530
              Objects scanned:44788
              Objects identified:7
              Objects ignored:0
              New critical objects:7

              als 2e via hjt:
              Hopelijk zie je weer punten die aan te passen zijn , het probleem is er nog helaas:
              Logfile of HijackThis v1.98.2
              Scan saved at 17:30:23, on 23-11-04
              Platform: Windows 98 Gold (Win9x 4.10.1998)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

              Running processes:
              C:\WINDOWS\SYSTEM\KERNEL32.DLL
              C:\WINDOWS\SYSTEM\MSGSRV32.EXE
              C:\WINDOWS\SYSTEM\MPREXE.EXE
              C:\WINDOWS\SYSTEM\mmtask.tsk
              C:\WINDOWS\SYSTEM\MSTASK.EXE
              C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
              C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
              C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
              C:\WINDOWS\EXPLORER.EXE
              C:\Program Files\OPLIMIT\OCRAWARE.EXE
              C:\WINDOWS\STARTER.EXE
              C:\PROGRAM FILES\OPLIMIT\OCRAWR32.EXE
              C:\WINDOWS\TASKMON.EXE
              C:\WINDOWS\SYSTEM\SYSTRAY.EXE
              C:\WINDOWS\SYSTEM\ATITASK.EXE
              C:\WINDOWS\SYSTEM\ATICWD32.EXE
              C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
              C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE
              C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE
              C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
              C:\WINDOWS\LOADQM.EXE
              C:\WINDOWS\SYSTEM\STIMON.EXE
              C:\WINDOWS\SYSTEM\QTTASK.EXE
              C:\WINDOWS\SYSTEM32\DRIVERS\CSRSS.EXE
              C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOSTR03.EXE
              C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE
              C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
              C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOVDX03.EXE
              C:\WINDOWS\SYSTEM\HPOHID03.EXE
              C:\HJT\HIJACKTHIS.EXE
              C:\WINDOWS\NOTEPAD.EXE

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hetnet.nl:8080
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              F1 - win.ini: load=C:\PROGRA~1\OPLIMIT\ocraware.exe
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
              O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
              O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
              O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
              O4 - HKLM\..\Run: [Atikey] Atitask.exe
              O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
              O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
              O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
              O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
              O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
              O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
              O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe
              O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe
              O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
              O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
              O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
              O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
              O4 - HKLM\..\Run: [LoadQM] loadqm.exe
              O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
              O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
              O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
              O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
              O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
              O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
              O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
              O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
              O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
              O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
              O4 - Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
              O4 - User Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
              O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
              O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
              O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
              O15 - Trusted Zone: http://*.windowsupdate.com
              O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.138

              Comment


              • #8
                Bedankt

                1. Start opnieuw op in veilige modus, en fix deze regels in HijackThis:

                O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
                O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
                O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
                2. Start opnieuw op, nogmaals in veilige modus, en verwijder:
                C:\WINDOWS\system32\inetsrv << map
                C:\WINDOWS\system32\drivers\csrss.exe << bestand
                C:\WINDOWS\system32\wbem << map

                3. Start opnieuw op in normale modus, maak een nieuw HijackThis logje, en post dat hier

                Comment


                • #9
                  Hans,
                  Het ziet er goed uit, ik heb de aanpassingen gedaan, lijkt allemaal te werken.
                  Hier de nieuwe log, ik ben benieuwd.
                  Harstikke bedankt voor de hulp.
                  Heb hier het nodige van geleerd, top. Vraag heb ik nog voor wat betreft voorkomen in de toekomst. Wat kan ik doen om mijn pc beter te beveiligen. Het is w-98 , pc van 1999 daarom hoeft het van mij niet zonodig een firewall te zijn. Maar wie weet zijn er eenvoudige maatregelen te treffen of 'free'firewall's. laat het me weten.
                  Nogmaals dank, hopen hopen dat de spyware nu weg is. Hier de log:
                  Logfile of HijackThis v1.98.2
                  Scan saved at 22:26:14, on 23-11-04
                  Platform: Windows 98 Gold (Win9x 4.10.1998)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINDOWS\SYSTEM\KERNEL32.DLL
                  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                  C:\WINDOWS\SYSTEM\MPREXE.EXE
                  C:\WINDOWS\SYSTEM\mmtask.tsk
                  C:\WINDOWS\SYSTEM\MSTASK.EXE
                  C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
                  C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
                  C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
                  C:\WINDOWS\EXPLORER.EXE
                  C:\Program Files\OPLIMIT\OCRAWARE.EXE
                  C:\WINDOWS\STARTER.EXE
                  C:\PROGRAM FILES\OPLIMIT\OCRAWR32.EXE
                  C:\WINDOWS\TASKMON.EXE
                  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                  C:\WINDOWS\SYSTEM\ATITASK.EXE
                  C:\WINDOWS\SYSTEM\ATICWD32.EXE
                  C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
                  C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE
                  C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE
                  C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
                  C:\WINDOWS\LOADQM.EXE
                  C:\WINDOWS\SYSTEM\STIMON.EXE
                  C:\WINDOWS\SYSTEM\QTTASK.EXE
                  C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE
                  C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
                  C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOSTR03.EXE
                  C:\PROGRAM FILES\HP OFFICEJET 700-SERIE\BIN\HPOVDX03.EXE
                  C:\WINDOWS\SYSTEM\HPOHID03.EXE
                  C:\HJT\HIJACKTHIS.EXE

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hetnet.nl:8080
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  F1 - win.ini: load=C:\PROGRA~1\OPLIMIT\ocraware.exe
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\Spybot - Search & Destroy\SDHelper.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                  O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
                  O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
                  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                  O4 - HKLM\..\Run: [Atikey] Atitask.exe
                  O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
                  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
                  O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
                  O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
                  O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
                  O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe
                  O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe
                  O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
                  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                  O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
                  O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
                  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                  O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
                  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                  O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
                  O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
                  O4 - Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
                  O4 - User Startup: HP OfficeJet 700-serie Opstarten.lnk = C:\Program Files\HP OfficeJet 700-Serie\bin\HPOstr03.exe
                  O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
                  O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
                  O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
                  O15 - Trusted Zone: http://*.windowsupdate.com
                  O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.0.0.138

                  Groet,Gino

                  Comment


                  • #10
                    Heb hier het nodige van geleerd, top. Vraag heb ik nog voor wat betreft voorkomen in de toekomst. Wat kan ik doen om mijn pc beter te beveiligen. Het is w-98 , pc van 1999 daarom hoeft het van mij niet zonodig een firewall te zijn. Maar wie weet zijn er eenvoudige maatregelen te treffen of 'free'firewall's. laat het me weten.
                    Sowieso langs Windows Update gaan. (en Office Update). Al is geloof ik de officiele support op Win 98 komen te vervallen.

                    Een firewall houdt niet alleen hackers buiten ook kan deze bescherming bieden tegen sommige virussen en spyware (ism internetbeveiligingssoftware).
                    Zone Alarm is een goede gratis firewall (www.zonelabs.com).

                    Verder door spyware preventie lees dit eens:
                    http://www.nucia.eu/forum/showthread.php?t=55
                    http://www.nucia.eu/main/spyware_hoevoorkom.html


                    Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

                    "Verwar de waarheid niet met de mening van de meerderheid"

                    Comment


                    • #11
                      Dank voor de info over spyware en de hulp.
                      Ik ben er volgens mij vanaf nu je kian het zien in het laatste logje , geen vervelende popup meer iedere 5 min!!!!!!!!!
                      Mijn dank is groot. Complimenten !

                      Ik ben nu bezig geweest de anti-spyware tools te installeren. Allemaal gelukt.
                      Niet gaan lachen nu, maar ik ben ook gaan kijken naar mijn anti-virus programma, dit blijkt nog van 1999 te zijn. Is van Mcaffee versie 4.0.2. Hebben jullie mogelijk suggesties voor een goede 'free' virusscanners voor windows 98.

                      Groet, gino

                      Comment


                      • #12
                        Graag gedaan

                        AVG en Avast zijn bekende gratis virusscanners en doen hun werk redelijk. Ik zou zelf vertrouwen op een programma als Kaspersky/Nod32, deze zijn stukken beter, maar niet gratis

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X