Helpmij tegen spyware offensief (deel 3)

Annetango · 28 mrt 2004

Het was inderdaad niet goed geupdated, vreemd, ik had het toch echt wel gedaan. Hopelijk is het nu beter.v Ik heb ook nog gescant met Spybot.

Logfile of HijackThis v1.97.7
Scan saved at 12:48:22, on 28-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Anne\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1059D2E2-EA3E-11D5-AF3C-0060085C9531} (CAX Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/MaxisVacationTeleX.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DABA57A8-B747-46F2-9E3F-CDCD4C6C6A33} (MetaInstaller Class) - http://webmixer.i-project.nl/packages/metainstaller.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Pieter Arntz · 28 mrt 2004

Geplaatst door oossie

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O16 - DPF: Win32 Classes -

Hoi oossie,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op en verwijder:
C:\WINDOWS\System32\bridge.dll
Tenzij die al weg was en de melding bij het opstarten daarover de reden dat je het log plaatste.

Groetjes,

Pieter

Pieter Arntz · 28 mrt 2004

Geplaatst door Annetango
Het was inderdaad niet goed geupdated, vreemd, ik had het toch echt wel gedaan. Hopelijk is het nu beter.v

Hoi Annetango,

Ziet er netjes uit. :thumb:
Maar is je probleem nu ook opgelost?

Groetjes,

Pieter

Annetango · 28 mrt 2004

Bedankt!
Nee, het probleem blijft bestaan, IE sluit nog steeds niet goed af. Wat kan ik nou nog doen?

keano · 28 mrt 2004

Ik heb me systeem ook ff gescand met ad-aware 6 en de log file opgeslagen, omdat ik bij www.ircspy.com geen gebruik kan maken van de links die daar staan nadat j op search hebt geklikt

wil iemand deze ff nakijken, ik heb heir al een paar weken last van

tintin · 28 mrt 2004

Geplaatst door Pieter Arntz

Hoi tintin,

Als het nou niet lukt of je snapt iets niet laat dan even duidelijk weten waar het misgaat.

Groetjes,

Pieter

oke hartelijk dank pieter :thumb: :thumb: :thumb: :thumb: :thumb:

gaat het ff proberen en na tig pogingen moet het me nu toch wel lukken dacht ik zo

.

en zo niet dan laat ik het wel weer weten!!

Pieter Arntz · 28 mrt 2004

Hoi Annetango,

Ga dan eens naar: http://www.turboware.com/WhatsHappening.htm en download en unzip WhatsHappening

Zorg dat er maar één IE venster open is en start WhatsHappening.

Selecteer dan iexplore.exe en klik op Edit > Copy Branch to Clipboard.
Klik hier op Reageer op bericht, rechtsklik in het venster en kies plakken.

Er moet dan zo´n soort log tevoorschijn komen:
(Ik post dat van mij even ter vergelijking.)

iexplore.exe
iexplore.exe (H:\Program Files\Internet Explorer)
<>
ntdll.dll (H:\WINDOWS\System32)
<>
msvcrt.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-7.0.2600.1106>
ADVAPI32.dll (H:\WINDOWS\system32)
<>
RPCRT4.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1254>
SHLWAPI.dll (H:\WINDOWS\system32)
<>
SHDOCVW.dll (H:\WINDOWS\System32)
<>
comctl32.dll (H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
SHELL32.dll (H:\WINDOWS\system32)
<>
comctl32.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ole32.dll (H:\WINDOWS\system32)
<>
uxtheme.dll (H:\WINDOWS\System32)
<>
BROWSEUI.dll (H:\WINDOWS\System32)
<>
browselc.dll (H:\WINDOWS\System32)
<>
appHelp.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
CLBCATQ.DLL (H:\WINDOWS\System32)
<Microsoft Corporation-COM Services-03.00.00.4414>
OLEAUT32.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems-3.50.5016.0>
COMRes.dll (H:\WINDOWS\System32)
<>
VERSION.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WININET.dll (H:\WINDOWS\system32)
<>
CRYPT32.dll (H:\WINDOWS\system32)
<>
MSASN1.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1274>
Secur32.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
SETUPAPI.dll (H:\WINDOWS\System32)
<>
AcroIEHelper.ocx (H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX)
<-AcroIEHelper Module-1, 0, 0, 1>
SXS.DLL (H:\WINDOWS\System32)
<>
dlprotect.dll (H:\Program Files\Javacool\SpywareGuard)
<>
MSVBVM60.DLL (H:\WINDOWS\System32)
<Microsoft Corporation-Visual Basic-6.00.9237>
SDHelper.dll (H:\PROGRA~1\SPYBOT~1)
<>
olepro32.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems-3.50>
wsbho2k0.dll (H:\Program Files\WS_FTP Pro)
<Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA-wsbho2k0 Module-7,5,0,1>
AdShield.dll (H:\PROGRA~1\AdShield\AdShield)
<AdShield, LLC-AdShield Dynamic Link Library-3, 0, 3, 0>
WS2_32.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WS2HELP.dll (H:\WINDOWS\System32)
<>
MFC42.DLL (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.0.400>
urlmon.dll (H:\WINDOWS\system32)
<>
MFC42LOC.DLL (H:\WINDOWS\System32)
<>
msi.dll (H:\WINDOWS\System32)
<>
NavShExt.dll (H:\Program Files\Norton AntiVirus)
<Symantec Corporation-Norton AntiVirus-9.05.15>
ccTrust.dll (H:\WINDOWS\System32)
<Symantec Corporation-Common Client-1.08.01>
MSVCP60.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.8972.0>
ATL.DLL (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.9435>
shdoclc.dll (H:\WINDOWS\System32)
<>
mlang.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2600.0000>
wsock32.dll (H:\WINDOWS\System32)
<>
imon.dll (H:\WINDOWS\System32)
<>
NTMARTA.DLL (H:\WINDOWS\System32)
<>
WLDAP32.dll (H:\WINDOWS\system32)
<>
SAMLIB.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
RASAPI32.DLL (H:\WINDOWS\System32)
<>
rasman.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
NETAPI32.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
TAPI32.dll (H:\WINDOWS\System32)
<>
rtutils.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WINMM.dll (H:\WINDOWS\System32)
<>
dcsws2.dll (H:\WINDOWS\System32)
<>
mswsock.dll (H:\WINDOWS\system32)
<>
USERENV.dll (H:\WINDOWS\system32)
<>
rsvpsp.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
wshtcpip.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
rsaenh.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1029>
DNSAPI.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
winrnr.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
rasadhlp.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
mshtml.dll (H:\WINDOWS\System32)
<>
IMM32.DLL (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
scrauth.dll (H:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
ScrBlock.dll (H:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
wintrust.dll (H:\WINDOWS\System32)
<>
IMAGEHLP.dll (H:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
cryptnet.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.131.2600.0>
jscript.dll (h:\windows\system32)
<Microsoft Corporation-Microsoft (r) JScript-5.6.0.8513>
MSLS31.DLL (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Line Services-3.10>
imgutil.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
mshtmled.dll (H:\WINDOWS\System32)
<>
wdmaud.drv (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
msacm32.drv (H:\WINDOWS\System32)
<>
MSACM32.dll (H:\WINDOWS\System32)
<>
midimap.dll (H:\WINDOWS\System32)
<>
mscoree.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft .NET Framework-1.1.4322.573>
mscorie.dll (H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322)
<Microsoft Corporation-Microsoft .NET Framework-1.1.4322.573>
MSVCR71.dll (H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322)
<Microsoft Corporation-Microsoft® Visual Studio .NET-7.10.3052.4>
mscorld.dll (H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322)
<Microsoft Corporation-Microsoft .NET Framework-1.1.4322.573>
MSRATING.DLL (H:\WINDOWS\System32)
<>
msratelc.dll (H:\WINDOWS\System32)
<>
actxprxy.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2600.0000>
pngfilt.dll (H:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>

Pieter Arntz · 28 mrt 2004

Geplaatst door keano
Ik heb me systeem ook ff gescand met ad-aware 6 en de log file opgeslagen, omdat ik bij www.ircspy.com geen gebruik kan maken van de links die daar staan nadat j op search hebt geklikt wil iemand deze ff nakijken, ik heb heir al een paar weken last van

keano,

Lees svp even het eerste bericht nog eens goed door.
Je AdAware log heb ik niets aan.
Post even je HijackThis log.

Groetjes,

Pieter

keano · 28 mrt 2004

Sorry, hier isie:
Logfile of HijackThis v1.97.7
Scan saved at 14:31:28, on 28-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\w5GmQ.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AdsGone\adsgone.exe
D:\Corel\Suite8\Programs\DAD8.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Robert\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2C2DD59D-E7C3-4316-9E56-17A22B87AD7C} - C:\WINDOWS\r85nCNiP6.dll
O2 - BHO: (no name) - {44AF5221-A43E-224E-56BA-ABCD43C344D1} - C:\PROGRA~1\MAGELL~1\DOWNLO~1\dboostie.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [lgQCZU5A] C:\WINDOWS\w5GmQ.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = D:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.makro.nl/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035ca2b03a98e64fd316/netzip/RdxIE601.cab
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://bins.roings.com/crack.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37914.4382407407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Lillian · 28 mrt 2004

Kun je ook even naar mijn log kijken het opstarten duurt extreem lang en mijn internet is met vlagen mega traag. Als ik de computer opstart is het 5 minuten normale snelheid daarna is mis. Ik heb al gescand met Spybot S&D maar die vond nix.

Logfile of HijackThis v1.97.7
Scan saved at 14:28:21, on 28-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
E:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrator\Bureaublad\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://signup.wanadoo.nl/cgi-bin/Web_Mod_W/ihm_authentication.cgi.pl?LOGIN=
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\Msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA3F6AE5-EEB9-4556-BE05-1955C9430719}: NameServer = 195.96.96.97 195.96.96.33

Pieter Arntz · 28 mrt 2004

Geplaatst door keano

C:\DOCUME~1\Robert\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {2C2DD59D-E7C3-4316-9E56-17A22B87AD7C} - C:\WINDOWS\r85nCNiP6.dll

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [lgQCZU5A] C:\WINDOWS\w5GmQ.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035ca2b03a98e64fd316/netzip/RdxIE601.cab
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://bins.roings.com/crack.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab

Hoi keano,

Voor je begint wil ik je aanraden om HijackThis naar een aparte map uit te pakken. Het programma maakt backups in de map waar het staat en in een Temp map ziojn die snel verdwenen.

Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\INCREDIFIND <= de hele map
C:\WINDOWS\System32\bridge.dll
C:\WINDOWS\Belt.exe
C:\WINDOWS\System32\a.exe
C:\WINDOWS\w5GmQ.exe
C:\Program Files\Power Scan <= de hele map
C:\Program Files\Common files\updater <= de hele map
C:\WINDOWS\alchem.exe
C:\Program Files\Common Files\GMT <= de hele map

Groetjes,

Pieter

Pieter Arntz · 28 mrt 2004

Geplaatst door Lillian

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime ***

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ***

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" ***
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL ***

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ***

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE ***
0
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

Hoi Lillian,

Omdat Alexa de enige spyweare was die ik kon vinden en die niet de symptromen veroorzaakt die je noemde, heb ik tevens een zwikkie onnodige opstarters genoemd. Deze zijn aangegeven met ***

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op.

Groetjes,

Pieter

Pieter Arntz · 28 mrt 2004

Geplaatst door keano
Ik heb me systeem ook ff gescand met ad-aware 6 en de log file opgeslagen, omdat ik bij www.ircspy.com geen gebruik kan maken van de links die daar staan nadat j op search hebt geklikt wil iemand deze ff nakijken, ik heb heir al een paar weken last van

Oh, en mocht je je afvragen waarom AdAware al die troep niet vond:

Using reference-file :01R217 08.09.2003
Laatste update: 01R276 27.03.2004

Groetjes,

Pieter

keano · 28 mrt 2004

Hey pieter hartstikke bedankt, 't is gelukt

Pieter Arntz · 28 mrt 2004

Geplaatst door keano
Hey pieter hartstikke bedankt, 't is gelukt

Mooi zo. Als je problemen hebt met het updaten van AdAware moet je het nog even melden.

Groetjes,

Pieter

Annetango · 28 mrt 2004

ok, hier is ie

iexplore.exe
iexplore.exe (C:\Program Files\Internet Explorer)
<>
ntdll.dll (C:\WINDOWS\System32)
<>
msvcrt.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-7.0.2600.1106>
ADVAPI32.dll (C:\WINDOWS\system32)
<>
RPCRT4.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1254>
SHLWAPI.dll (C:\WINDOWS\system32)
<>
SHDOCVW.dll (C:\WINDOWS\System32)
<>
IMM32.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
LPK.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
USP10.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft(R) Uniscribe Unicode script processor-1.0409.2600.1106>
comctl32.dll (C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
SHELL32.dll (C:\WINDOWS\system32)
<>
comctl32.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ole32.dll (C:\WINDOWS\system32)
<>
uxtheme.dll (C:\WINDOWS\System32)
<>
MSCTF.dll (C:\WINDOWS\System32)
<>
SynTPFcs.dll (C:\WINDOWS\System32)
<Synaptics, Inc.-Progressive Touch-6.2.14 01Apr02>
VERSION.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
BROWSEUI.dll (C:\WINDOWS\System32)
<>
browselc.dll (C:\WINDOWS\System32)
<>
appHelp.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
CLBCATQ.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-COM Services-03.00.00.4414>
OLEAUT32.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems-3.50.5016.0>
COMRes.dll (C:\WINDOWS\System32)
<>
msctfime.ime (C:\WINDOWS\System32)
<>
Msimtf.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
WININET.dll (C:\WINDOWS\system32)
<>
CRYPT32.dll (C:\WINDOWS\system32)
<>
MSASN1.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1274>
Secur32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
cscui.dll (C:\WINDOWS\System32)
<>
CSCDLL.dll (C:\WINDOWS\System32)
<>
SETUPAPI.dll (C:\WINDOWS\System32)
<>
NavShExt.dll (C:\Program Files\Norton AntiVirus)
<Symantec Corporation-Norton AntiVirus-9.05.15>
ccTrust.dll (C:\WINDOWS\System32)
<Symantec Corporation-Common Client-1.08.01>
MSVCP60.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.8972.0>
ATL.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.9435>
AcroIEHelper.ocx (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX)
<-AcroIEHelper Module-1, 0, 0, 1>
SXS.DLL (C:\WINDOWS\System32)
<>
urlmon.dll (C:\WINDOWS\system32)
<>
shdoclc.dll (C:\WINDOWS\System32)
<>
mlang.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2600.0000>
wsock32.dll (C:\WINDOWS\System32)
<>
WS2_32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WS2HELP.dll (C:\WINDOWS\System32)
<>
mswsock.dll (C:\WINDOWS\system32)
<>
wshtcpip.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
RASAPI32.DLL (C:\WINDOWS\System32)
<>
rasman.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
NETAPI32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
TAPI32.dll (C:\WINDOWS\System32)
<>
rtutils.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WINMM.dll (C:\WINDOWS\System32)
<>
sensapi.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
USERENV.dll (C:\WINDOWS\system32)
<>
DNSAPI.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
winrnr.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WLDAP32.dll (C:\WINDOWS\system32)
<>
msi.dll (C:\WINDOWS\System32)
<>
rasadhlp.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
iphlpapi.dll (C:\WINDOWS\System32)
<>
mshtml.dll (C:\WINDOWS\System32)
<>
scrauth.dll (C:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
ScrBlock.dll (C:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
wintrust.dll (C:\WINDOWS\System32)
<>
IMAGEHLP.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
rsaenh.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1029>
cryptnet.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.131.2600.0>
jscript.dll (c:\windows\system32)
<Microsoft Corporation-Microsoft (r) JScript-5.6.0.8513>
MSLS31.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Line Services-3.10>
wdmaud.drv (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
msacm32.drv (C:\WINDOWS\System32)
<>
MSACM32.dll (C:\WINDOWS\System32)
<>
midimap.dll (C:\WINDOWS\System32)
<>
Dadkeyb.dll (C:\PROGRA~1\Dell\ACCESS~1)
<>
MPR.dll (C:\WINDOWS\system32)
<>
drprov.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
ntlanman.dll (C:\WINDOWS\System32)
<>
NETUI0.dll (C:\WINDOWS\System32)
<>
NETUI1.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
NETRAP.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
SAMLIB.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
davclnt.dll (C:\WINDOWS\System32)
<>
MSGINA.dll (C:\WINDOWS\System32)
<>
WINSTA.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
ODBC32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft Open Database Connectivity-3.520.9042.0>
comdlg32.dll (C:\WINDOWS\system32)
<>
odbcint.dll (C:\WINDOWS\System32)
<>
mshtmled.dll (C:\WINDOWS\System32)
<>
dxtrans.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ddrawex.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
DDRAW.dll (C:\WINDOWS\System32)
<>
DCIMAN32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
dxtmsft.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
MSRATING.DLL (C:\WINDOWS\System32)
<>
msratelc.dll (C:\WINDOWS\System32)
<>
actxprxy.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2600.0000>
plugin.ocx (C:\WINDOWS\System32)
<>
ntshrui.dll (C:\WINDOWS\System32)
<>

Angel1985 · 28 mrt 2004

Kun je ook eens naar mijn log kijken? Er zijn al een paar dingetjes uit, ook al werd dat afgeraden. Ik gebruikte Ad Aware 6 namelijk al een tijdje, ik hoop dat dat geen probleem is

ArchiveData(auto-quarantine- 28-03-2004 15-39-41.bckp)
======================================================

HOTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}
obj[1]=RegKey : CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519}
obj[2]=RegKey : CLSID\{013A482E-1893-4f49-8D41-AC89156A6955}
obj[3]=RegKey : AppID\{B701A705-F828-11D4-A466-00508B5BA2DF}
obj[4]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[5]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
obj[6]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar
obj[7]=RegValue : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

Pieter Arntz · 28 mrt 2004

Geplaatst door Annetango

plugin.ocx (C:\WINDOWS\System32)
<>
ntshrui.dll (C:\WINDOWS\System32)
<>

Hoi Annetango,

Download en installeer Advanced Process Management van:
http://www.diamondcs.com.au/index.php?page=apm

Gebruik het om bovenstaande twee dll's uit iexplore.exe the "unload"en.

Daarna het IE venster afsluiten en me even laten weten of dat helpt.

Groetjes,

Pieter

Pieter Arntz · 28 mrt 2004

Geplaatst door Angel1985
Kun je ook eens naar mijn log kijken? Er zijn al een paar dingetjes uit, ook al werd dat afgeraden. Ik gebruikte Ad Aware 6 namelijk al een tijdje, ik hoop dat dat geen probleem is

Geen probleem hoor. Post je log maar.

Groetjes,

Pieter

illie · 28 mrt 2004

Mijn Logfile....

Logfile of HijackThis v1.97.7
Scan saved at 16:15:03, on 2004-03-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GEORGES\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IncredimailDownloader] C:\WINDOWS\DOWNLO~1\imloader.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.1768287037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F3AA59-2D17-4CB6-852D-915404B6203F}: NameServer = 195.238.2.22 195.238.2.21

Groeten
Hilde

Helpmij tegen spyware offensief (deel 3)

Gebruiker

Spywareslayer

Spywareslayer

Gebruiker

Gebruiker

Bijlagen

Gebruiker

Spywareslayer

Spywareslayer

Gebruiker

Gebruiker

Spywareslayer

Spywareslayer

Spywareslayer

Gebruiker

Spywareslayer

Gebruiker

Gebruiker

Spywareslayer

Spywareslayer

Gebruiker

Wij waarderen jouw privacy