Mededeling

Collapse
No announcement yet.

Logfile

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Logfile

    Na een paar uur begint mn pc tragg te werken. Ik heb ook te maken met spyware denk ik.

    Logfile of HijackThis v1.98.2
    Scan saved at 15:10:59, on 12/30/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
    C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
    C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
    C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\PC CLEANING\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: C:\WINDOWS\LBBHO.DLL - {2B37F5A0-5900-11D9-B516-00055DE3C475} - C:\WINDOWS\LBBHO.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\nl-be\msnappau.exe"
    O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
    O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\WINDOWS\TEMP\__unin__.exe
    O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=88fb4bd1cc748615aaf24d95e9cbeb3358724ab481f8e3efaa749926ff7d88d97236971755bdedd b0fd3efedf2024d26208d:a50669a8a42fe77354145ae90fecae62
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab


    Alvast bedankt.
    Labels: Geen
    • Citaat
  • #2
    Hoi Flizzy,

    Installeer de nieuwste versie van HijackThis even, dus versie 1.99.0: http://www.nucia.eu/downloads/hijackthis/index.html
    Maak daarmee een nieuw log en plaats dat hier.
    • Citaat

    Comment

    • #3
      Logfile of HijackThis v1.99.0
      Scan saved at 15:32:06, on 12/30/2004
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
      C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
      C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
      C:\WINDOWS\RUNDLL32.EXE
      C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
      C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
      C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
      C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\DOWNLOADS\HIJACKTHIS.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.nl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
      O2 - BHO: C:\WINDOWS\LBBHO.DLL - {2B37F5A0-5900-11D9-B516-00055DE3C475} - C:\WINDOWS\LBBHO.DLL
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
      O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
      O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\nl-be\msnappau.exe"
      O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
      O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
      O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
      O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\WINDOWS\TEMP\__unin__.exe
      O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
      O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
      O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
      O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/nl/win/QuickTimeFullInstaller.exe
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=88fb4bd1cc748615aaf24d95e9cbeb3358724ab481f8e3efaa749926ff7d88d97236971755bdedd b0fd3efedf2024d26208d:a50669a8a42fe77354145ae90fecae62
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
      • Citaat

      Comment

      • #4
        Hoi Flizzy,


        1. Scan met HijackThis en vink de volgende items aan:

        O2 - BHO: C:\WINDOWS\LBBHO.DLL - {2B37F5A0-5900-11D9-B516-00055DE3C475} - C:\WINDOWS\LBBHO.DLL

        O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
        O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
        O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
        O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE

        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...145ae90fecae62
        Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

        2. Herstart de pc in veilige modus.
        Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

        Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
        Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

        Verwijder nu, in veilige modus dus, de volgende bestanden en mappen:

        C:\PROGRAM FILES\WIN COMM <- die map
        C:\PROGRAM FILES\WINDOWS ADTOOLS <- die map
        C:\PROGRAM FILES\WINDUPDATES <- die map (indien nog aanwezig)
        C:\WINDOWS\SYSTEM\P2P NETWORKING <- die map (indien nog aanwezig)

        3. Herstart de pc in 'normale modus'.

        4. Installeer AdAware SE Personal 1.05: http://www.nucia.eu/adaware/handleiding.html
        Haal de nieuwste updates op, doe de volledige scan, laat alles verwijderen wat wordt gevonden.
        Start daarna de pc opnieuw op.

        5. Maak een nieuw HijackThis-log en plaats dat hier.
        • Citaat

        Comment

        • #5
          Logfile of HijackThis v1.99.0
          Scan saved at 16:19:07, on 12/30/2004
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
          C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          C:\WINDOWS\RUNDLL32.EXE
          C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
          C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\DOWNLOADS\HIJACKTHIS.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.nl
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - Default URLSearchHook is missing
          O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
          O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
          O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
          O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
          O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\nl-be\msnappau.exe"
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
          O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
          O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\WINDOWS\TEMP\__unin__.exe
          O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
          O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
          O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
          O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/nl/win/QuickTimeFullInstaller.exe
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
          O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
          • Citaat

          Comment

          • #6
            1. Scan met HijackThis en vink het volgende item aan:

            R3 - Default URLSearchHook is missing

            Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

            2. Start de pc opnieuw op.

            3. Maak een nieuw log en plaats dat hier.
            • Citaat

            Comment

            • #7
              Logfile of HijackThis v1.99.0
              Scan saved at 16:28:16, on 12/30/2004
              Platform: Windows 98 SE (Win9x 4.10.2222A)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

              Running processes:
              C:\WINDOWS\SYSTEM\KERNEL32.DLL
              C:\WINDOWS\SYSTEM\MSGSRV32.EXE
              C:\WINDOWS\SYSTEM\MPREXE.EXE
              C:\WINDOWS\SYSTEM\mmtask.tsk
              C:\WINDOWS\SYSTEM\MSTASK.EXE
              C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
              C:\WINDOWS\EXPLORER.EXE
              C:\WINDOWS\TASKMON.EXE
              C:\WINDOWS\SYSTEM\SYSTRAY.EXE
              C:\WINDOWS\LOADQM.EXE
              C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
              C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
              C:\WINDOWS\SYSTEM\STIMON.EXE
              C:\WINDOWS\RUNDLL32.EXE
              C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
              C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
              C:\WINDOWS\SYSTEM\WMIEXE.EXE
              C:\PROGRAM FILES\PC CLEANING\HIJACK THIS\HIJACKTHIS.EXE

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.nl
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
              O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
              O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
              O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
              O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
              O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
              O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
              O4 - HKLM\..\Run: [LoadQM] loadqm.exe
              O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
              O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
              O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
              O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
              O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
              O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\nl-be\msnappau.exe"
              O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
              O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
              O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
              O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
              O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
              O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
              O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
              O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
              O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\WINDOWS\TEMP\__unin__.exe
              O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
              O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
              O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
              O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
              O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
              O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/nl/win/QuickTimeFullInstaller.exe
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
              O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
              O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
              • Citaat

              Comment

              • #8
                Dit log is schoon.

                Lees hier hoe je dit soort problemen in het vervolg kunt voorkomen: http://www.nucia.eu/forum/showthread.php?t=55
                • Citaat

                Comment

                • #9
                  Ok, bedankt voor de hulp.
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan.
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X