ik heb een dualboot gemaakt bij kennis, 98 werkt perfect, windows xp krijgt foutmelding bij internet: c:\secure32.html en raakt dus niet verder
met de melding in ht blauw dat alles door anderen kan gezien worden en zo
na scannen kwam er ook de downloader.Generic.ZWM op, en nadien nog drsmartload46a;ex, 45a en l, ik heb die manueel verwijderd maar de foutmelding blijft.
Nu is die persoon van plan om norton antivirus aan te schaffen, maar ik zie dat daarvoor 2006 alleen voor xp is en dat er anders de 2005 moet aangeschaft worden voor 98.
Is er een oplossing daarvoor????
Nikolas
23 May 2006, 18:48
Je zit met een Smitfraud infectie, volgens mij, ik had hetzelfe probleem!
Je moet een HijackThis logje posten in het betreffende forum....
cruwero
23 May 2006, 19:03
Dit vond ik:
The file secure32.html is generated by a program called Paytime.exe.
Paytime.exe is located in C:\WINDOWS\system32\paytime.exe
How to solve this problem:
1. Bring up your taskmanager by pressing Control + Alt + Delete, in some Windows versions select the 'Processes' tab. Then click on 'Paytime.exe' and end the task.
2. Delete paytime.exe, which you should find under c:WindowsSystem32
3. Delete c:secure32.html
4. Run Explorer. It will tell you that it cannot find the path for secure32.html. Use the default configuration of Explorer and everything will be OK.
Henk
alvast bedankt! ik zal eerst het tweede proberen en dan het eerste.
Enig idee voor norton te installeren?? want die zou aangekocht worden dus met licentie of zo, maar kan dat dan twee keer geïnstalleerd worden, dus een keer op het 98systeem op de c-schijf en een keer op het xpsysteem op de d-schijf?
cruwero
23 May 2006, 20:52
Maak je niet druk wat betreft licentie gewoon op allebij installeren geen probleem:
Henk
tweede methode dus mislukt, geen paytime gevonden!
heb dan hijacklogje gemaakt: een van de opstart windows 98 en een van de opstart windows xp op de Dschijf: hier volgenze,
alvast op voorhand bedankt voor de hulp!!!!
Logfile of HijackThis v1.99.1
Scan saved at 16:31:26, on 24-5-06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 DUAL SCROLL\AMOUMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB10.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\NL-BE\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PHILIPS TOUCAM CAMERA\VPROPERTY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldonline.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=C:\WINDOWS\SYSTEM\CMMPU.EXE
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\NL-BE\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\NL-BE\MSNTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /startup
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\Ami Mouse 300 Dual Scroll\Amoumain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Search Using Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.be
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = rug.ac.be
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 157.193.40.42,157.193.40.10
en van xp:
Logfile of HijackThis v1.99.1
Scan saved at 16:44:48, on 24/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWSX\System32\smss.exe
D:\WINDOWSX\system32\winlogon.exe
D:\WINDOWSX\system32\services.exe
D:\WINDOWSX\system32\lsass.exe
D:\WINDOWSX\system32\svchost.exe
D:\WINDOWSX\System32\svchost.exe
D:\WINDOWSX\system32\spoolsv.exe
D:\WINDOWSX\Explorer.exe
D:\WINDOWSX\system32\krnelx86.exe
C:\defender22.exe
D:\WINDOWSX\System32\RUNDLL32.EXE
D:\WINDOWSX\System32\rundll32.exe
D:\WINDOWSX\System32\wuamguard.exe
C:\Program Files\kjea.exe
D:\WINDOWSX\System32\svchost.exe
D:\WINDOWSX\System32\SpySheriff.exe
D:\WINDOWSX\System32\ctfmon.exe
D:\WINDOWSX\winsock\csrss.exe
D:\WINDOWSX\System32\0mcamcap.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWSX\winsock\csrss.exe
F2 - REG:system.ini: UserInit=D:\WINDOWSX\System32\userinit.exe,D:\WIND OWSX\winsock\csrss.exe
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - D:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - D:\WINDOWSX\System32\mljkl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWSX\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft (R) Windows TCP/IP Socket Driver] D:\WINDOWSX\winsock\csrss.exe
O4 - HKLM\..\Run: [defender] C:\\defender22.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard22.exe
O4 - HKLM\..\Run: [newname] C:\\newname22.exe
O4 - HKLM\..\Run: [w0064a84.dll] RUNDLL32.EXE w0064a84.dll,I2 000e597800064a84
O4 - HKLM\..\Run: [flpwin] rundll32.exe D:\WINDOWSX\System32\flpwin.dll,start
O4 - HKLM\..\Run: [Windows modez Verifier] wuamguard.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\kjea.exe
O4 - HKLM\..\Run: [3b4043a4.exe] D:\WINDOWSX\System32\3b4043a4.exe
O4 - HKLM\..\Run: [Microsoft SpyWare Zapper] SpySheriff.exe
O4 - HKLM\..\Run: [webHancer Agent] D:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] D:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\RunServices: [Windows modez Verifier] wuamguard.exe
O4 - HKLM\..\RunServices: [Microsoft SpyWare Zapper] SpySheriff.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWSX\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [3b4043a4.exe] D:\Documents and Settings\wijlen\Local Settings\Application Data\3b4043a4.exe
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWSX\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWSX\web\related.htm
O10 - Broken Internet access because of LSP provider 'd:\program files\webhancer\programs\webhdll.dll' missing
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljkl - D:\WINDOWSX\SYSTEM32\mljkl.dll
O20 - Winlogon Notify: OptimalLayout - D:\WINDOWSX\system32\mxihnd.dll (file missing)
O20 - Winlogon Notify: RunOnce - D:\WINDOWSX\system32\hr0u05d9e.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWSX\ZGVuaXNl\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - D:\WINDOWSX\winsock\csrss.exe
dat waren ze
morgen of overmorgen wordt de nieuwe norton av geplaatst,
maar toch had ik graag dit opgelost tevoren, bedankt!