pjotr10 opstart w98se (ben benieuwd)

pjotr10 · 6 sep 2004

bijgaand mijn logfile;

Logfile of HijackThis v1.98.2
Scan saved at 22:44:13, on 6-9-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\NORTON ANTIVIRUS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\NORTON ANTIVIRUS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\TNT2-64\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\FINIWARE\INTERCENT 99\INTERCENT99.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\ZONE LABS\ZLCLIENT.EXE
C:\NETTRAFFIC\NETTRAFFIC.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\SRV2.EXE
C:\PROGRAM FILES\SCANBUTTON 3.0\SCANBUTTON.EXE
C:\NORTON ANTIVIRUS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\NORTON ANTIVIRUS\NORTON UTILITIES\SYSDOC32.EXE
D:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\Norton Antivirus\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\Twunk_16.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: load=C:\TNT2-64\vi_grm.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton Antivirus\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM\IEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton Antivirus\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Intercent] C:\PROGRAM FILES\FINIWARE\INTERCENT 99\INTERCENT99.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Norton Antivirus\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Norton Antivirus\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Zone Labs\zlclient.exe"
O4 - HKLM\..\Run: [NetTraffic] C:\NETTRAFFIC\NETTRAFFIC.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SRV2.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Norton Antivirus\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Norton Antivirus\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SwitchPointDialer] C:\PROGRAM FILES\KPN TELECOM\SWITCHPOINT\DIALER.EXE /HIDE
O4 - Startup: ScanButton 3.0.lnk = C:\Program Files\ScanButton 3.0\ScanButton.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Norton Antivirus\Norton CleanSweep\csinsm32.exe
O4 - Startup: Norton System Doctor.lnk = C:\Norton Antivirus\Norton Utilities\SYSDOC32.EXE
O4 - Startup: WinZip Quick Pick.lnk = D:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - User Startup: ScanButton 3.0.lnk = C:\Program Files\ScanButton 3.0\ScanButton.exe
O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - User Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Norton Antivirus\Norton CleanSweep\csinsm32.exe
O4 - User Startup: Norton System Doctor.lnk = C:\Norton Antivirus\Norton Utilities\SYSDOC32.EXE
O4 - User Startup: WinZip Quick Pick.lnk = D:\PROGRA~1\WINZIP\wzqkpick.exe
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab

zoals ik 't zie in dit onderwerp zijn er genoeg logjes om te bekijken! succes in ieder geval!
:thumb:

H@ns · 7 sep 2004

Geplaatst door pjotr10

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM\IEHelper.dll

O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SRV2.EXE

Hoi Pjotr,

1. Vink bovenstaande aan in HJT, sluit alle andere vensters en browsers, en klik op Fix Checked.

2. Start opnieuw op in veilige modus, en verwijder:
C:\WINDOWS\SYSTEM\SRV2.EXE << bestand

3. Start opnieuw op in normale modus, maak een niuew logje aan en post dat hier.

pjotr10 · 13 sep 2004

opstarten w98se deel 2

Hallo h@nsi panzzer, eindelijk weer tijd om je oplossing uit te voeren en log te plaatsen. Nadat ik je opdracht heb verwerkt keek ik even of de bewuste melding na 't verwijderen van "srv2.exe" verscheen. helaas dus wel.
Kortom; tijd voor deel 2??? Ik maak deze log vanuit de bewuste gebruiker en ik zie dat bij de derde 04 van onderop er voor de 2e keer een "user startup norton sysem doctor.pif = c:\mscdex.exe staat; erboven staat ie al!
is dat' t misschien?

Nou , ik wacht weer even af! succes er in ieder geval mee

Logfile of HijackThis v1.98.2
Scan saved at 22:32:52, on 13-9-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\NORTON ANTIVIRUS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\NORTON ANTIVIRUS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\TNT2-64\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\FINIWARE\INTERCENT 99\INTERCENT99.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\ZONE LABS\ZLCLIENT.EXE
C:\NETTRAFFIC\NETTRAFFIC.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\CDFOON\TRAYAPP.EXE
C:\PROGRAM FILES\SCANBUTTON 3.0\SCANBUTTON.EXE
C:\NORTON ANTIVIRUS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\Norton Antivirus\Norton CleanSweep\Monwow.exe
C:\WINDOWS\Twunk_16.exe
D:\PROGRAM FILES\WINZIP\WINZIP32.EXE
D:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: load=C:\TNT2-64\vi_grm.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton Antivirus\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton Antivirus\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Intercent] C:\PROGRAM FILES\FINIWARE\INTERCENT 99\INTERCENT99.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Norton Antivirus\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Norton Antivirus\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Zone Labs\zlclient.exe"
O4 - HKLM\..\Run: [NetTraffic] C:\NETTRAFFIC\NETTRAFFIC.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Norton Antivirus\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Norton Antivirus\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: ScanButton 3.0.lnk = C:\Program Files\ScanButton 3.0\ScanButton.exe
O4 - Startup: Norton System Doctor.pif = C:\MSCDEX.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Norton Antivirus\Norton CleanSweep\csinsm32.exe
O4 - Startup: WinZip Quick Pick.lnk = D:\PROGRA~1\WINZIP\wzqkpick.exe
O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - User Startup: ScanButton 3.0.lnk = C:\Program Files\ScanButton 3.0\ScanButton.exe
O4 - User Startup: Norton System Doctor.pif = C:\MSCDEX.EXE
O4 - User Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Norton Antivirus\Norton CleanSweep\csinsm32.exe
O4 - User Startup: WinZip Quick Pick.lnk = D:\PROGRA~1\WINZIP\wzqkpick.exe
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab

H@ns · 14 sep 2004

Re: opstarten w98se deel 2

Geplaatst door pjotr10

O4 - HKLM\..\Run: [Intercent] C:\PROGRAM FILES\FINIWARE\INTERCENT 99\INTERCENT99.EXE
O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe

Hoi Pjotr,

Heb jij enig idee waar bovenstaande van zouden kunnen zijn?

rodin · 14 sep 2004

De onderste lijkt me iig van de CD-foongids, dus de telefoongids maar dan op cd

buffy · 14 sep 2004

C:\PROGRAM FILES\FINIWARE\INTERCENT 99\INTERCENT99.EXE hoort bij een telefoonkostenteller: http://www.finiware.nl/nl/

pjotr10 · 14 sep 2004

opstart w98se

Hallo H@ansie panzzzer,

klopt wat Rodin en buffy veronderstellen. intercent is een analoge kostenteller. tot sept. jl had ik een analoge kostenteller. nu met adsl is ie zonder functie. eerder had ik een kopie van een cdfoongids, maar die bleek dus na een jaar of zo niet meer benaderbaar. Via start > instellingen> software verwijderd, maar bij enkele gebruikers staat het icoon nog in de taakbalk rechts onder. Dus beide meldingen komen me bekend voor.:thumb:

H@ns · 15 sep 2004

Dan is je logje schoon

pjotr10 · 16 sep 2004

opstartw98se

Heel hartelijk bedankt voor de moeite!:thumb:

pjotr10 opstart w98se (ben benieuwd)

pjotr10

Gebruiker

H@ns

Terugkerende gebruiker

pjotr10

Gebruiker

H@ns

Terugkerende gebruiker

rodin

Gebruiker

buffy

Meubilair

pjotr10

Gebruiker

H@ns

Terugkerende gebruiker

pjotr10

Gebruiker

Nieuwste berichten

Wij waarderen jouw privacy