Logfile + Probleem

Rudolf

28-10-2005 10:53

Hallo
Het probleem met deze pc is
Dat ik een ongewenste startpagina krijg namelijk
res://shdochop.dll/blank.html
Ondanks dat ik het stappenplan gebruik
Willen jullie even kijken of het probleem op te lossen is
Alvast bedankt
ogfile of HijackThis v1.99.0
Scan saved at 10:48:09, on 28-10-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\SVCHOP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ANDERS KJERSEM\POPKILLER\POPKILLER.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\BURO TROEP\HIJACK 2\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdochop.dll/blank.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: SysTray.ExE
O4 - HKLM\..\Run: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: loadqm.exe
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: starter.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\svchop.exe home
O4 - HKLM\..\RunServices: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: mstask.exe
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\PROGRAM FILES\ANDERS KJERSEM\POPKILLER\POPKILLER.EXE” /tray
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {113AB220-CCD5-11D9-9EE7-0001029F72C0} - (no file) (HKCU)
O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {113AB220-CCD5-11D9-9EE7-0001029F72C0} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.nl/activex/zylomloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.kennelclub.nl/media/scripts/ScriptX.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.142.28.66,212.142.28.67
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll
Zorba

28-10-2005 11:01

Doorloop eerst alle stappen onder de rode link dus ook stap 8
Hans
Rudolf

28-10-2005 11:08

sorry wist niet dat er een nieuwe versie was
Ik weet alle stappen uit me hoofd vandaar
Zal zo even de niewue dr op zetten
Kan ik dan gewoon eerst de oude verwijderen ?
Zorba

28-10-2005 11:09

Je kunt de oude gewoon verwijderen inderdaad.
Hans
Rudolf

28-10-2005 11:10

oke dank je
ga nu eerst even mijn dochter halen kom daarna terug
vriendelijke gr rudolf
Rudolf

28-10-2005 12:09

Logfile of HijackThis v1.99.1
Scan saved at 12:08:56, on 28-10-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\SVCHOP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ANDERS KJERSEM\POPKILLER\POPKILLER.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\BURO TROEP\HIJACK 2\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdochop.dll/blank.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: SysTray.ExE
O4 - HKLM\..\Run: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: loadqm.exe
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: starter.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\svchop.exe home
O4 - HKLM\..\RunServices: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: mstask.exe
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\PROGRAM FILES\ANDERS KJERSEM\POPKILLER\POPKILLER.EXE” /tray
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {113AB220-CCD5-11D9-9EE7-0001029F72C0} - (no file) (HKCU)
O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {113AB220-CCD5-11D9-9EE7-0001029F72C0} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.nl/activex/zylomloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.kennelclub.nl/media/scripts/ScriptX.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.142.28.66,212.142.28.67
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll
Erik

28-10-2005 12:16

Start op in veilige modus: http://www.virushelp.nl/partners/modus/index.htm
Start alleen Hijackthis en vink alleen de volgende regel aan:
O4 - HKLM\..\Run: C:\WINDOWS\system32\svchop.exe home
Verwijder het volgende bestand:
C:\WINDOWS\system32\svchop.exe <== bestand
Herstart in normale modus en doe een online scan bij Panda: http://www.pandasoftware.com/products/activescan.htm klik rechts boven op de pagina op free online virusscan. Bewaar het logje hier en post dat samen met een vers HJT logje svp.
Rudolf

28-10-2005 13:05

Hij staad nu panda de scannen schrik me helemaal naar
dacht dat adawere de meeste spywere wel pakte
maar zie nu dat er tog 10 gevonden zijn tot nu toe
ff kijken of ik er dadeloijk wel uit kom met wat ik moet doen ik ken bijna geen engels
ene hoe denk je over norman antivirus???
Rudolf

28-10-2005 13:40

ncident Status Location
Virus:Trj/Zhenya.A Disinfected Operating system
Adware:adware/adsmart No disinfected C:\WINDOWS\TEMP\pi.sys
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:adware/azesearch No disinfected C:\WINDOWS\SYSTEM\ztoolb011.dll
Dialer:dialer.dk No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\games.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\CONSCORR.INF
Adware:adware/msxmidi No disinfected C:\WINDOWS\msxmidi.exe
Adware:adware/psguard No disinfected C:\WINDOWS\warnhp.html
Adware:adware program No disinfected C:\WINDOWS\flag.bla
Adware:adware/wupd No disinfected C:\PROGRAM FILES\Windows SyncroAd
Spyware:spyware/heterofind No disinfected C:\spe
Adware:adware/bluescreenwarningNo disinfected Windows Registry
Virus:Trj/Zhenya.A Disinfected C:\WINDOWS\SYSTEM\8081.TMP
Virus:Trj/Zhenya.A Disinfected C:\WINDOWS\SYSTEM\birdihuy32.dll
Adware:Adware/PsGuard No disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\SYSTEM\ztoolb011.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\CONSCORR.INF
Dialer:Dialer.DK No disinfected C:\WINDOWS\Application Data\Microsoft\Internet Explorer\V0.26.dat
Adware:Adware/PurityScan No disinfected C:\WINDOWS\Desktop\Buro troep\backups\backup-20041122-122613-344.inf
Dialer:Dialer.ARP No disinfected C:\WINDOWS\Desktop\Buro troep\backups\backup-20041122-122613-199.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf
Dialer:Dialer.BRE No disinfected C:\WINDOWS\Downloaded Program Files\games.inf
Spyware:Spyware/Abcsearch No disinfected C:\WINDOWS\searchrepc4tb.dll
Adware:Adware/PsGuard No disinfected C:\RECYCLED\DC2.EXE
Adware:Adware/PurityScan No disinfected C:\x.cab
Adware:Adware/PurityScan No disinfected C:\x.cab
Adware:Adware/PurityScan No disinfected C:\x.cab
Virus:Trj/Downloader.AJM Disinfected C:\q387817.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:40:31, on 28-10-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ANDERS KJERSEM\POPKILLER\POPKILLER.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\BURO TROEP\HIJACK 2\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: SysTray.ExE
O4 - HKLM\..\Run: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: loadqm.exe
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: starter.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: mstask.exe
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM\..\RunOnce: C:\WINDOWS\SYSTEM\ACTIVESCAN\pavdr.exe 201755
O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\PROGRAM FILES\ANDERS KJERSEM\POPKILLER\POPKILLER.EXE” /tray
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {113AB220-CCD5-11D9-9EE7-0001029F72C0} - (no file) (HKCU)
O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {113AB220-CCD5-11D9-9EE7-0001029F72C0} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.nl/activex/zylomloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.kennelclub.nl/media/scripts/ScriptX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.142.28.66,212.142.28.67
Erik

28-10-2005 13:47

1. Download smitRem.zip en sla dit op op het Bureaublad. noahdfear.geekstogo.com/click%20counter/click.php?id=1
Klik met de rechtermuis op het bestand en pak het uit naar een eigen map op het Bureaublad.
2. Start op in Veilige modus www.virushelp.nl/partners/modus/index.htm
3. Open de SmitRem- map en dubbelklik op RunThis.bat om het programma uit te voeren.
je bureaublad zal waarschijnlijk even verdwijnen, maar dat is normaal
Volg de instrukties op het scherm. Wacht tot hij helemaal klaar is! Het kan even duren dus geduldig afwachten.
Herstart in normale modus.
Er wordt een logje gemaakt dat smitfiles.txt heet. Dit bestand kan je vinden op de schijf waarop je besturingssysteem geinstalleerd is (meestal c:\smitfiles.txt).
Plaats dat logje nog even svp

Logfile + Probleem

Rudolf

Zorba

Rudolf

Zorba

Rudolf

Rudolf

Erik

Rudolf

Rudolf

Erik