Een gekaapte startpagina van hereforsearch, hardnekkige pop-ups.. Ze terroriseren mijn pc. verder is de pc traag en loopt regelmatig vast.
gescand met ad-aware en spybot. Hoop dat jullie me kunnen helpen.
Het logje:
Logfile of HijackThis v1.99.0
Scan saved at 21:59:50, on 27-12-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\NTCPL.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\OHOSRWEV17C.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\5CXMN2K2BS5.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
C:\WINDOWS\SYSTEM\ORRHD20VK3B9LZS.EXE
C:\WINDOWS\SYSTEM\WICEHVKF7DXC.EXE
C:\WINDOWS\SYSTEM\KE2SU18T0XVO.EXE
C:\WINDOWS\SYSTEM\ITFK89S0OPOV.EXE
C:\WINDOWS\SYSTEM\R4MF4E1V3RN.EXE
C:\WINDOWS\SYSTEM\5J4WPWH4ZNKR.EXE
C:\WINDOWS\GKTCBWSLUB.EXE
C:\WINDOWS\SYSTEM\WLIJBX2FEBTHD.EXE
C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MIJN DOCUMENTEN\NIEUWE MAP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2NTTEB~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Hindustan] C:\UNZIPPED\MSN-FAKE[1]\MSMSGS.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = glerum.local
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.115.192.193,212.115.192.195
gescand met ad-aware en spybot. Hoop dat jullie me kunnen helpen.
Het logje:
Logfile of HijackThis v1.99.0
Scan saved at 21:59:50, on 27-12-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\NTCPL.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\OHOSRWEV17C.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\5CXMN2K2BS5.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
C:\WINDOWS\SYSTEM\ORRHD20VK3B9LZS.EXE
C:\WINDOWS\SYSTEM\WICEHVKF7DXC.EXE
C:\WINDOWS\SYSTEM\KE2SU18T0XVO.EXE
C:\WINDOWS\SYSTEM\ITFK89S0OPOV.EXE
C:\WINDOWS\SYSTEM\R4MF4E1V3RN.EXE
C:\WINDOWS\SYSTEM\5J4WPWH4ZNKR.EXE
C:\WINDOWS\GKTCBWSLUB.EXE
C:\WINDOWS\SYSTEM\WLIJBX2FEBTHD.EXE
C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MIJN DOCUMENTEN\NIEUWE MAP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2NTTEB~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Hindustan] C:\UNZIPPED\MSN-FAKE[1]\MSMSGS.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\6SLIW25GSMTHD.EXE
O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\VMEORK47C4R0YS7.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = glerum.local
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.115.192.193,212.115.192.195
Comment