Tweet
Hey,
ik heb sinds een tijdje een probleem...
Ik heb windows98SE, en als deze opgestart wordt, krijg ik 2 popups, met : please select your country.
Ik heb er maar geen geselecteerd en ze iedere keer met ctr+alt+del weggedaan.
Ook is de start pagina van m'n internet explorer veranderd naar http://213.159.117.134/index.php
Als ik dan I-net exporer open, dan krijg ik ook een heleboel popups.
Die van firefox is niet veranderd gelukkig.
In veilige modus heb ik al de temporary internet files en de gewone temporary files allemaal verwijderd, dit mocht helaas niet helpen.
Daarna wilde ik adaware er op los laten, maar die loopt nu constant vast
Weten jullie wat het probleem is?
Hier is mijn hijackthis log:
Alvast bedankt,
Faerun
Logfile of HijackThis v1.98.2
Scan saved at 16:41:23, on 21-12-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\DBMSSHRN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\netdde.exe
C:\WINDOWS\APPLICATION DATA\CBNE.EXE
C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SCANWIZARD 5\SCANNERFINDER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2754129c5937] C:\WINDOWS\SYSTEM\DBMSSHRN.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\netdde.exe
O4 - HKCU\..\Run: [Tash] C:\WINDOWS\Application Data\cbne.exe
O4 - HKCU\..\Run: [areslite] "C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.globalphon.com/dialer/olanda_ver3.CAB
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - C:\WINDOWS\SYSTEM\child.dll
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\SYSTEM\Bancjgkl.dll
ik heb sinds een tijdje een probleem...
Ik heb windows98SE, en als deze opgestart wordt, krijg ik 2 popups, met : please select your country.
Ik heb er maar geen geselecteerd en ze iedere keer met ctr+alt+del weggedaan.
Ook is de start pagina van m'n internet explorer veranderd naar http://213.159.117.134/index.php
Als ik dan I-net exporer open, dan krijg ik ook een heleboel popups.
Die van firefox is niet veranderd gelukkig.
In veilige modus heb ik al de temporary internet files en de gewone temporary files allemaal verwijderd, dit mocht helaas niet helpen.
Daarna wilde ik adaware er op los laten, maar die loopt nu constant vast
Weten jullie wat het probleem is?
Hier is mijn hijackthis log:
Alvast bedankt,
Faerun
Logfile of HijackThis v1.98.2
Scan saved at 16:41:23, on 21-12-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\DBMSSHRN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\netdde.exe
C:\WINDOWS\APPLICATION DATA\CBNE.EXE
C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SCANWIZARD 5\SCANNERFINDER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2754129c5937] C:\WINDOWS\SYSTEM\DBMSSHRN.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\netdde.exe
O4 - HKCU\..\Run: [Tash] C:\WINDOWS\Application Data\cbne.exe
O4 - HKCU\..\Run: [areslite] "C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.globalphon.com/dialer/olanda_ver3.CAB
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - C:\WINDOWS\SYSTEM\child.dll
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\SYSTEM\Bancjgkl.dll
Comment