Mededeling

**miekiemoes** · 02-01-05, 23:30

Hoi Hugo,

Om een programma te deïnstalleren ga je naar start > configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

Messenger plus
Spywarestormer
ADMILLI SERVICE
Searchrelevancy

Reboot daarna je pc en post een nieuw hijackthislogje.

**Hugo** · 03-01-05, 10:51

De icoontjes zijn nu wel weg op mijn bureaublad, maar als ik IE open dan opent er een toolbar (hier kan ik wel disabel kiezen) en vanonder opent er een soort frame als er verbinding is met internet, dat kan ik wel sluiten, maar niet wegdoen
IE gebruik ik wel niet veel meer, ik gebruik nu firefox, maar sommige sites kan je alleenmaar daarop bezoeken, bv "de bank van breda", IE opent nu al sneller, maar het blokeert nog veel

aja, toen ik uninstall had gekozen bij messenger plus kwam er wel geen sponservenster, maar het is wel weg

Logfile of HijackThis v1.98.2
Scan saved at 12:04:45, on 3/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ALCATEL\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oueaarrykdurrk.uk/XYKDOuQhQ9LxXeg6DeNZJ_ixDDxLm98AJc1TKaBjuE7mT/U5y7RWCzxF0gJuvnaj.html
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CSBHO - {d14d6793-9b65-11d3-80b6-00500487bdba} - (no file)
O2 - BHO: (no name) - {4F59BF5B-003F-EFDF-E785-638962F52837} - C:\WINDOWS\APPLICATION DATA\ITCH DUMB ACID\BAITBOLT.EXE
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] A:\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [honmd] C:\WINDOWS\honmd.exe
O4 - HKLM\..\Run: [proc test skip regs] C:\WINDOWS\Application Data\global manager proc test\Rdrmove.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe -init
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [File Free] C:\WINDOWS\APPLIC~1\INFOST~1\JoyThat.exe
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O12 - Plugin for .PNG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c5.cab

**miekiemoes** · 03-01-05, 11:06

Hoi Hugo,

Ok.. we zullen de restantjes manueel aanpakken.

* Download en installeer CCleaner
Nog niet gebruiken
* Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.

* Start hijackthis en vink volgende items aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oueaarrykdurrk.uk/XYKDOu...xF0gJuvnaj.html
O2 - BHO: CSBHO - {d14d6793-9b65-11d3-80b6-00500487bdba} - (no file)
O2 - BHO: (no name) - {4F59BF5B-003F-EFDF-E785-638962F52837} - C:\WINDOWS\APPLICATION DATA\ITCH DUMB ACID\BAITBOLT.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [honmd] C:\WINDOWS\honmd.exe
O4 - HKLM\..\Run: [proc test skip regs] C:\WINDOWS\Application Data\global manager proc test\Rdrmove.exe
O4 - HKCU\..\Run: [File Free] C:\WINDOWS\APPLIC~1\INFOST~1\JoyThat.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D...e/bridge-c5.cab

* Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

* Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

* Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

C:\WINDOWS\APPLICATION DATA\ITCH DUMB ACID <==deze map
C:\WINDOWS\honmd.exe
C:\WINDOWS\Application Data\global manager proc test <==deze map
C:\WINDOWS\APPLICATION DATA\INFOST... <==deze map (begint met deze letters)

* Start Ccleaner en klik op Run Cleaner (rechts onderaan)

* Reboot je pc terug normaal en post een nieuw hijackthislogje.

Wat betreft je firefox en bepaalde sites die niet goed weergegeven zijn. Probeer deze plugin eens: http://ieview.mozdev.org/
Zo kan je op een page in firefox rechtsklikken en de optie: 'view this page in IE' kiezen. Heel handig.

**Hugo** · 03-01-05, 11:53

Dank u, het heeft geholpen

maar voor wat dient CCleaner en
waarom moest ik de computer in veilige modus opstarten om die bestanden te verwijderen?

Logfile of HijackThis v1.98.2
Scan saved at 13:06:49, on 3/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALCATEL\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.atfjahmfdaxqxstuiwnn.biz/XYKDOuQhQ9LxXeg6DeNZJ_ixDDxLm98AJc1TKaBjuE7ZRKwMJj7J8jxF0gJuvnaj.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] A:\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe -init
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .PNG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

**miekiemoes** · 03-01-05, 12:39

Volgende mag je nog fixen in hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.atfjahmfdaxqxstuiwnn.biz...jxF0gJuvnaj.php

Verder ziet het er idd terug goed uit.. Well done!!

Ccleaner dient om je overbodige bestanden te verwijderen zoals de inhoud van je temp-mappen, je prullenbak, je index.dat.
Ik heb je dit in veilige mode laten uitvoeren omdat er eventueel bestanden in die temp-mappen in normale mode in gebruik kunnen zijn en daardoor niet verwijderd geraken door Ccleaner. In veilige mode lukt dat dus meestal wel.

**Hugo** · 03-01-05, 14:43

De startpagina van IE blijft veranderen
en het is elke keer een andere lettercombinatie, het gaat altijd
naar http://searchweb2.com/

Logfile of HijackThis v1.98.2
Scan saved at 15:57:34, on 3/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ALCATEL\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.djaraqmbrcmjcmxpvol.us/XYKDOuQhQ9LxXeg6DeNZJ_ixDDxLm98AJc1TKaBjuE6ubUfKfIcQFTxF0gJuvnaj.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rswiqgowztsy.net/XYKDOuQhQ9JnHeDbRIpwfqII8JHu1vdGiwI4jqBOmRw.html
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4F59BF5B-003F-EFDF-E785-638962F52837} - C:\WINDOWS\APPLICATION DATA\ITCH DUMB ACID\BAITBOLT.EXE
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] A:\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [proc test skip regs] C:\WINDOWS\Application Data\global manager proc test\Blue love.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe -init
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [File Free] C:\WINDOWS\APPLIC~1\INFOST~1\JoyThat.exe
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .PNG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

**miekiemoes** · 03-01-05, 14:47

je hebt waarschijnlijk vorige keer vergeten een map manueel te verwijderen.
Heb je je verborgen mappen en bestanden laten weergeven zoals ik al eerder eens heb gevraagd? Als je dit niet doet, zal je de map die ik aangeef om te verwijderen ook niet vinden.

Fix terug in hijackthis: (zorg ervoor dat je browser zeker gesloten is wanneer je op fix checked klikt!!)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.djaraqmbrcmjcmxpvol.us/X...xF0gJuvnaj.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rswiqgowztsy.net/XYKDOuQ...wI4jqBOmRw.html

O2 - BHO: (no name) - {4F59BF5B-003F-EFDF-E785-638962F52837} - C:\WINDOWS\APPLICATION DATA\ITCH DUMB ACID\BAITBOLT.EXE

Verwijder daarna volgende map in veilige mode:

C:\WINDOWS\APPLICATION DATA\ITCH DUMB ACID <==deze map

Reboot daarna je pc en post een nieuw logje.

**Hugo** · 03-01-05, 15:16

Ik had precies gedaan wat je eerst gezegd had, en in het begin ging het wel, maar toen ik de computer nog een keer opnieuw had opgestart was het weer anders, nu heb ik gedaan wat je laatst gezegd hebt, maar ik heb het 2 keer moeten doen voor het werkte, nu gaat alles weer goed, hopelijk voor een tijdje

**miekiemoes** · 03-01-05, 15:25

Inderdaad... die R0 en R1 lijnen veranderen telkens na een reboot, maar ze gelijken allemaal wel op mekaar. Maw.. vreemde lettercombinaties. Deze moet je idd verwijderen in de log.

Ik hoop dat het nu wegblijft. Als het terugkomt, laat het me weten hé.
En als je msnplus terug wilt installeren, kies deze keer zeker om deze ZONDER sponsers te installeren (wordt gevraagd in het begin van de installatie).

Happy surfing again!!

**Hugo** · 03-01-05, 15:39

OK, de computer gaat nu bijna goed, de startpagina blijft normaal maar er komt nog een balk vanonder op het scherm als je IE opent, die blijft als je IE weer sluit, je kan het wel apart sluiten

"O4 - HKLM\..\Run: [proc test skip regs] C:\WINDOWS\Application Data\global manager proc test\Blue love.exe"-- dit stond er eerst niet op

Logfile of HijackThis v1.98.2
Scan saved at 16:55:21, on 3/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALCATEL\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fecnzywkjddtzj.com/XYKDOuQhQ9LxXeg6DeNZJ_ixDDxLm98AJc1TKaBjuE4LITQNrN_SBzxF0gJuvnaj.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] A:\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [proc test skip regs] C:\WINDOWS\Application Data\global manager proc test\Blue love.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe -init
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [File Free] C:\WINDOWS\APPLIC~1\INFOST~1\JoyThat.exe
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .PNG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

**miekiemoes** · 03-01-05, 15:43

Volgende terug fixen:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fecnzywkjddtzj.com/XYKDOuQhQ...xF0gJuvnaj.html
O4 - HKLM\..\Run: [proc test skip regs] C:\WINDOWS\Application Data\global manager proc test\Blue love.exe

En daarna in VEILIGE mode volgende map verwijderen:

C:\WINDOWS\Application Data\global manager proc test <==deze map

**miekiemoes** · 03-01-05, 15:51

Nog eentje over het hoofd gezien ook.. (thx buffy)

Deze mag je ook nog fixen:

O4 - HKCU\..\Run: [File Free] C:\WINDOWS\APPLIC~1\INFOST~1\JoyThat.exe

en daarna volgende map verwijderen:

C:\WINDOWS\APPLICATION DATA\INFOST.. <==deze map

Wil je eens iets nagaan voor me?
Ga naar Start > Programma's >Bureau- accessoires >Systeemwerkset >Geplande taken en vertel me wat je daar in die map ziet.

**Hugo** · 03-01-05, 16:05

in geplande taken:
-Norton AntiVirus - Mijn computer scannen
-Symantec NetDetect
-Toepassing Optimalisatie Start

Als ik ctrl alt delete doe zijn er meestal een paar Iexplorer vensters open, zonder dat ik IE heb geopend

En ik weet niet of dat dit daar iets mee te maken heeft, maar als ik de computer opstart (dit is al een tijdje) kijkt hij of er iets zit in de diskettedrive

**Hugo** · 03-01-05, 16:16

mrci, ik denk dat het nu helemaal weg is

Logfile of HijackThis v1.98.2
Scan saved at 17:33:02, on 3/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALCATEL\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] A:\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe -init
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .PNG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

Mededeling

icoontes + spyware stormer

icoontes + spyware stormer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment