Mededeling

Collapse
No announcement yet.

Help!

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Help!

    Heel simpel misschien, maar ik weet het niet !

    1) Als ik de lijst bekijk, die in het opstartmenu staat van een vriend van me, is die erg groot. Hoe kan ik dat makkelijk ergens heen kopieren om hier te posten? En waar heen kan ik dat kopieren?

    2) Als ik de lijst bekijk, die bij Ctr-Alt-Del tevoorschijn komt bij een vriend van me, is die erg groot. Hoe kan ik dat makkelijk ergens heen kopieren om hier te posten? En waar heen kan ik dat kopieren?

    3) Hoe kan ik bij hem zien, hoe zwaar de computer belast wordt? Hij gebruikt Windows98.

    Hartelijk dank voor je antwoord!!!

    Ciao,

    Patrick
    It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.
    Mark Twain (1835 - 1910)
    Labels: Geen
    • Citaat
  • #2
    En nog een: hoe kan ik makkelijk alles van Zonealarm kopieren ergens heen om het te posten?
    It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.
    Mark Twain (1835 - 1910)
    • Citaat

    Comment

    • #3
      De sex/betaal/auto popups vliegen ons alweer om de oren; daarom graag hulp bij deze Hijack.

      Logfile of HijackThis v1.99.0
      Scan saved at 8:48:25, on 30-12-04
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\WINDOWS\SYSTEM\CBA\PDS.EXE
      C:\WINDOWS\SYSTEM\CBA\XFR.EXE
      C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\PROGRAM FILES\INTEL\LDCM\BIN\IIDS.EXE
      C:\WINDOWS\SYSTEM\MSGSYS.EXE
      C:\PROGRAM FILES\INTEL\LDCM\BIN\SSM.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
      C:\PROGRAM FILES\INTEL\LDCM\BIN\USM.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
      C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\WINDOWS\SYSTEM\RPCSS.EXE
      C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
      C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
      C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
      C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
      C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
      C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
      C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
      C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADALT.EXE
      C:\WINDOWS\SYSTEM\NTCPL.EXE
      C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
      C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE
      C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
      C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
      C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
      C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
      C:\WINDOWS\SYSTEM\SPOOL32.EXE
      C:\PROGRAM FILES\COMMON FILES\TSA\TSL2.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\WINDOWS\SYSTEM\TAPISRV.EXE
      C:\HJT\HIJACKTHIS.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NTAyNTQyMzc3&ver=2.1.0.0
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\WINDOWS\ALL USERS\APPLICATION DATA\SETUP\SETUP.DLL
      O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
      O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
      O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
      O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRAM FILES\AQUATICA\AQ3HELPER.EXE /partner AQ3
      O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
      O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
      O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [Intel PDS] c:\windows\system\cba\pds.exe
      O4 - HKLM\..\RunServices: [Intel File Transfer] c:\windows\system\cba\xfr.exe
      O4 - HKLM\..\RunServices: [TMA Distribution] c:\windows\system\cba\lcfinst.exe
      O4 - HKLM\..\RunServices: [DMIStart] C:\Program Files\Intel\LDCM\DMIStart.exe
      O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
      O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
      O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE
      O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
      O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
      O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
      O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
      O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
      O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
      O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
      O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
      O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
      O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab
      O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
      O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
      O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
      O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PPInstaller.exe
      O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dab9d95caba4cdccfe39a8f20b05e32d30301b0941df4d3f3ade0a38085fee75924e90d2588fc6b 5b5d020f6a263b6bb66750ae9b6d36f9df3507b0746400242:49343c741893f279f2708a875f52f374
      O16 - DPF: {BCDB34A6-C1A6-4C89-9526-E84A579A0EF7} (VacPro.olanda_win98) - http://www9.advnt01.com/dialer/olanda_win98.CAB
      O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
      O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL
      O18 - Filter: text/html - {0FD20F00-16FA-11D9-910C-0030F10549FC} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT
      It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.
      Mark Twain (1835 - 1910)
      • Citaat

      Comment

      • #4
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c...zc3&ver=2.1.0.0

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/Plus18Point/Portal/portal.html

        O16 - DPF: {BCDB34A6-C1A6-4C89-9526-E84A579A0EF7} (VacPro.olanda_win98)

        mag je er wat mij betreft uithalen, maar laat dit even controleren door een van de HJT-log experts. Je hebt een spyware-infectie inderdaad.
        • Citaat

        Comment

        • #5
          @ SW-Killer,

          Als je niet zeker van je zaak bent, kun je beter geen antwoord plaatsen.


          @ Azzurri_nr1,

          1. Scan met HijackThis en vink de volgende items aan:

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=...c3&ver=2.1.0.0
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/Plus18Point/Portal/portal.html

          R3 - Default URLSearchHook is missing

          O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\WINDOWS\ALL USERS\APPLICATION DATA\SETUP\SETUP.DLL
          O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

          O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
          O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
          O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE

          O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm

          O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

          O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
          O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab
          O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
          O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
          O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...708a875f52f374
          O16 - DPF: {BCDB34A6-C1A6-4C89-9526-E84A579A0EF7} (VacPro.olanda_win98) - http://www9.advnt01.com/dialer/olanda_win98.CAB
          O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab

          O18 - Filter: text/html - {0FD20F00-16FA-11D9-910C-0030F10549FC} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT
          Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

          2. Herstart de pc in veilige modus.
          Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

          Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
          Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

          Verwijder nu, in veilige modus dus, de volgende bestanden en mappen (voor zover nog aanwezig):

          C:\WINDOWS\SYSTEM\NTCPL.EXE <- dat bestand
          C:\PROGRAM FILES\WINDOWS ADCONTROL <- die map
          C:\PROGRAM FILES\ENTERONE <- die map
          C:\PROGRAM FILES\PLUS18POINT <- die map
          C:\PROGRAM FILES\COMMON FILES\TSA <- die map

          3. Herstart de pc in 'normale modus'.

          4. Maak een nieuw log en plaats dat hier.
          • Citaat

          Comment

          Vorige template Volgende
          Sorry, you are not authorized to view this page
          Working...
          X