Helpmij tegen spyware offensief (deel 3)

Status
Niet open voor verdere reacties.
Geplaatst door StierHerman

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoisk.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dootio.t.muxa.cc/s.php?aid=240 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dootio.t.muxa.cc/h.php?aid=240 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dootio.t.muxa.cc/s.php?aid=240 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dootio.t.muxa.cc/s.php?aid=240 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#31377
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#31377
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoisk.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://dootio.t.muxa.cc/h.php?aid=240 (obfuscated)

O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRAM FILES\GOZILLA\GOIEHLP.DLL

O2 - BHO: (no name) - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\MSNU\MSNU.DLL (file missing)
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\MSNU\MSIESH.DLL (file missing)
O2 - BHO: (no name) - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\MSNU\MSSEARCH.DLL (file missing)

O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\PROGRAM FILES\GOZILLA\GO.EXE" /FIXRAS

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install

O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe

O4 - HKLM\..\RunServices: [Driver32] C:\WINDOWS\SYSTEM\SCam32.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install

O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://petite-virgins.biz/dl/adv14/x.chm::/load.exe
Klik om te vergroten...

Hoi StierHerman,

Ik vraag me af of Ad-Aware wel goed geupdate was, maar vooruit.

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Download en run http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Gebruik de Fix knop en let goed op de aanwijzingen van het programma.

Start dan opnieuw op en verwijder:
C:\WINDOWS\IMAGE.DLL
C:\WINDOWS\dl.exe
 
hallo pieter hier het gevraagde logje.
windows updates zijn inmiddels geinstalleerd.
had ik meteen moeten doen natuurlijk maar ja de pc is pas 3 dagen oud en dan dit alweer.

groetjes chila


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1015808 C:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Windows Verkenner
ntdll.dll 77f40000 716800 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor NT-laag
kernel32.dll 77e40000 978944 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
ADVAPI32.dll 77da0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Geavanceerde Windows 32 basis-API
RPCRT4.dll 77c90000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
USER32.dll 77d10000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 77290000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8388608 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 77170000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f20000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 76970000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand Microsoft UxTheme
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
iphlpapi.dll 76d20000 86016 C:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP-helper-API
netman.dll 76da0000 155648 C:\WINDOWS\System32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Netwerkverbindingsbeheer
MPRAPI.dll 76d00000 90112 C:\WINDOWS\System32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 147456 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL-bestand
NETAPI32.dll 71bb0000 323584 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
SETUPAPI.dll 76620000 950272 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.0 (xpclient.010817-1148) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
WS2_32.dll 71a30000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
TAPI32.dll 76e70000 172032 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor Microsoft® Windows(TM) TAPI-client
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
WZCSvc.DLL 76d60000 196608 C:\WINDOWS\System32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration-service
WMI.dll 76cf0000 16384 C:\WINDOWS\System32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality
DHCPCSVC.DLL 76d40000 106496 C:\WINDOWS\System32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client-service
DNSAPI.dll 76ee0000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
CRYPT32.dll 76260000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto-API32
MSASN1.dll 76240000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
comctl32.dll 8a0000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
appHelp.dll 75ee0000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76f90000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Thema-API
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL
USERENV.dll 75a10000 671744 C:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv
msutb.dll 60070000 221184 C:\WINDOWS\System32\msutb.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor MSUTB-server
MSCTF.dll 746a0000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor MSCTF-server
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell-uitbreidingen voor delen
NETSHELL.dll 75c90000 1654784 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Gebruikersinterface van referentiebeheer
wininet.dll 761a0000 622592 C:\WINDOWS\system32\wininet.dll 6.00.2600.0000 (xpclient.010817-1148) Internet-extensies voor Win32
msi.dll 763a0000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer
mtwirl.dll 10000000 40960 C:\WINDOWS\System32\mtwirl.dll
CRTDLL.DLL 73d00000 159744 C:\WINDOWS\System32\CRTDLL.DLL 4.00 Microsoft C Runtime Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
SXS.DLL 75e30000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spoolerstuurprogramma
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft-geluidstoewijzing
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Audiofilter voor Microsoft Audiocompressiebeheer
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-mapper
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser-bibliotheek voor gebruikersinterface
urlmon.dll 76090000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32-extensies voor Win32
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
mshelper.dll 3050000 28672 C:\WINDOWS\System32\mshelper.dll 1, 0, 0, 1 asd3 Module
MSGINA.dll 75910000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.128 (xpclnt_qfe.021108-2107) Dll-bestand GINA voor Windows NT-aanmelding
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.7713.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) DLL voor gedeelde dialoogvensters
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen
DUSER.dll 6c6a0000 274432 C:\WINDOWS\System32\DUSER.dll 5.1.2600.0 (xpclient.010817-1148) Windows DirectUser Engine
NavShExt.dll af0000 114688 C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll 9.05.15 Norton AntiVirusNAVShellExt Module
ccTrust.dll 1df0000 106496 C:\WINDOWS\System32\ccTrust.dll 1.01.08 Common Client ccTrust
MSVCP60.dll 76020000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
wintrust.dll 76bf0000 176128 C:\WINDOWS\System32\wintrust.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
rsaenh.dll ffd0000 139264 C:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider
cryptnet.dll 73cc0000 65536 C:\WINDOWS\System32\cryptnet.dll 5.131.2600.0 (xpclient.010817-1148) Crypto Network Related API
wsock32.dll 71a50000 36864 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-bits DLL-bestand
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.0 (xpclient.010817-1148) Windows NT MARTA-provider
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2600.101 (xpclnt_qfe.020823-2005) Gecomprimeerde mappen
RoboForm.dll 47f0000 2473984 C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll 5-6-5 RoboForm Main Module
OLEPRO32.DLL 5f230000 106496 C:\WINDOWS\System32\OLEPRO32.DLL 5.0.5014 Microsoft (R) OLE Property Support DLL
oledlg.dll 74cb0000 131072 C:\WINDOWS\System32\oledlg.dll 1.0 (XPClient.010817-1148) Ondersteuning voor Microsoft Windows(TM) OLE 2.0-gebruikersinterface
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft (r) Windows Script Host
ScrTrust.dll 2fd0000 53248 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll 1, 1, 0, 126 ScriptBlocking Trust Verifier
 
Beste Pieter,
Ik heb de door jou aangegeven regels via hijacklog aangevinkt en vervolgens op Fix checked geklikt.
Vervolgens gaf je me aan pv.zip te downloaden, unzippen naar bureaublad, map pv openen en runme.bat te draaien.
zover lukt alles.
Echter: na het enteren van runme.bat krijg ik de melding:
Winoldap heeft fout veroorzaakt in IFHLPAPI.DLL (bestand staat in c\windows\system).
Vervolgens krijg ik een dos venster met PV menu bij Shadowwar. Echter keuze 1 kan ik niet kiezen, sessie is steeds al op status beeindigd.
Hoe verder te gaan ?

p.s. about: blank startpagina is nog niet verdwenen.
Maar wellicht dat dat terecht is.
Hoor het wel.
Math
 
Pieter kleine aanvulling:
foutregel na openen dos reeds opgelost.
Overige blijft van kracht.
 
Bijgesloten nieuwe hijacklog.
Valt me op pieter dat enkele regels weer terug zijn ondanks Fix checked bij eerste keer.
Hoor het wel.
 

Bijlagen

  • hijackthis3.txt
    5,1 KB · Weergaven: 17
nog geen reactie

Hallo Pieter,

ik moest een nieuwe topic openen maar ik heb nog steeds geen reactie. ik begrijp dat je het druk heb, maar zou je toch even naar mijn topic kunnen kijken.

bvd Pim

ps ik plaats het bericht hier ook nog een keer.

Hallo Pieter,

Dit is de log van het progje PV met als keuze optie 1 enter.
Ik moest een nieuwe topic beginnen van pieter dus aub geen reacties van verkeerde topic.
Ik hoop dat jij er iets mee kan Pieter.
bvd Pim


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1019904 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner
ntdll.dll 77f40000 708608 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor NT-laag
kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77da0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API
RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Procedure Call Runtime
GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 77290000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8400896 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 270000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f20000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 76970000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
iphlpapi.dll 76d20000 94208 C:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP-helper-API
WS2_32.dll 71a30000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75ee0000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 76f90000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a10000 679936 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
NETAPI32.dll 71bb0000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76620000 962560 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
urlmon.dll 76090000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32-extensies voor Win32
NETSHELL.dll 75c90000 1658880 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows(TM) TAPI-client
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
wininet.dll 761a0000 626688 C:\WINDOWS\system32\wininet.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet-extensies voor Win32
CRYPT32.dll 76260000 573440 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto-API32
MSASN1.dll 76240000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
msi.dll 18a0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
MSCTF.dll 746a0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor MSCTF-server
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
LgMsgHk.dll 1750000 122880 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll 1.1.0 Logitech Message Hook Library
LgWndHk.dll 1770000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll 9.75.302 Logitech Call Window Hook Library
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
iTchHk.dll 20c0000 28672 C:\Program Files\Logitech\iTouch\iTchHk.dll 1.0.0 iTouch Hook Library
ctagent.dll 21c0000 65536 C:\WINDOWS\System32\ctagent.dll 1, 0, 0, 8 ctagent
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
SXS.DLL 75e30000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
kbdhook.dll 1470000 28672 C:\Program Files\Logitech\iTouch\kbdhook.dll 2.22.289 Keyboard Hook Library
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
DUSER.dll 6c6a0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
MSGINA.dll 75910000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1106 (xpsp1.020828-1920) Dll-bestand GINA voor Windows NT-aanmelding
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen
mshelper.dll 2060000 28672 C:\WINDOWS\System32\mshelper.dll 1, 0, 0, 1 asd3 Module
mscms.dll 73aa0000 77824 C:\WINDOWS\System32\mscms.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Color Matching System DLL
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
if.dnt 6ab0000 1630208 C:\PROGRA~1\Photodex\COMPUP~1\if.dnt
WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WinZip\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL
NavShExt.dll 10000000 98304 C:\Program Files\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
MSVCP70.dll 7c080000 487424 C:\WINDOWS\System32\MSVCP70.dll 7.00.9466.0 Microsoft® C++ Runtime Library
MSVCR70.dll 7c000000 344064 C:\WINDOWS\System32\MSVCR70.dll 7.00.9466.0 Microsoft® C Runtime Library
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1106 (xpsp1.020828-1920) Gecomprimeerde mappen
mydocs.dll 723a0000 102400 C:\WINDOWS\System32\mydocs.dll 6.00.2600.0000 (xpclient.010817-1148) De gebruikersinterface van de map Mijn documenten
AcroIEHelper.ocx c30000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
jpnip.dll cf0000 53248 C:\WINDOWS\System32\jpnip.dll
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows script Host
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft (r) Windows script Host
ScrTrust.dll f00000 65536 C:\Program Files\Common Files\Symantec Shared\script Blocking\ScrTrust.dll 1, 1, 1, 131 scriptBlocking Trust Verifier
MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76020000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft (R) C++ Runtime Library
 
Nou Pieter, alles draait weer zoals het hoort volgens mij! Hartstikke bedankt voor de moeite man! Als ik een keer in Rotterdam ben pakken we een biertje :thumb:
 
Beste Pieter,
In de map PV kon ik runme.bat niet draaien zoals aangegeven.
Echter wel runme9x.bat
deze gedraaid met volgend resultaat:

Module information for 'EXPLORER.EXE'
MODULE BASE SIZE PATH
OCCACHE.DLL 4650000 98304 C:\WINDOWS\SYSTEM\OCCACHE.DLL 6.00.2800.1106 Objectbesturing Viewer
COMDLG32.DLL 7fe00000 212992 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 DLL voor gedeelde dialoogvensters
DXTMSFT.DLL 35cb0000 364544 C:\WINDOWS\SYSTEM\DXTMSFT.DLL 6.00.2800.1106 DirectX Media -- Image DirectX Transforms
DDRAWEX.DLL 65000000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 389120 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.09.00.0900 Microsoft DirectDraw
DXTRANS.DLL 35c50000 208896 C:\WINDOWS\SYSTEM\DXTRANS.DLL 6.00.2800.1106 DirectX Media -- DirectX Transform Core
MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft (R)-onderdeel voor HTML-bewerking
JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.8513 Microsoft (r) JScript
SCRBLOCK.DLL 4630000 122880 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL 1, 1, 0, 126 ScriptBlocking
SCRAUTH.DLL 4610000 110592 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL 1, 1, 0, 126 ScriptBlocking Authenticator
RNR20.DLL 76290000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
SYNCUI.DLL 75380000 184320 C:\WINDOWS\SYSTEM\SYNCUI.DLL 5.00.2136.1 Windows Werkmap
MSONSEXT.DLL 785a0000 573440 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
WZSHLSTB.DLL 16200000 24576 C:\ZIP EN UNZIP\WINZIP\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL
RSAENH.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSAENH.DLL 5.00.2133.2 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
WINTRUST.DLL 73ce0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.DLL 7b5f0000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL
WEBVW.DLL 7f170000 2142208 C:\WINDOWS\SYSTEM\WEBVW.DLL 5.50.4134.100 Shell Inhoud van Webweergave en controlebibliotheek
DOCPROP2.DLL 7cb10000 331776 C:\WINDOWS\SYSTEM\DOCPROP2.DLL 5.00.2136.1 DocProp2
AVIFIL32.DLL 7e410000 98304 C:\WINDOWS\SYSTEM\AVIFIL32.DLL 4.90.3000 Microsoft AVI-bestandsondersteuningsbibliotheek
MSACM32.DLL 79df0000 102400 C:\WINDOWS\SYSTEM\MSACM32.DLL 4.90.3000 Microsoft Audiocompressiebeheer
CRTDLL.DLL 7fb10000 180224 C:\WINDOWS\SYSTEM\CRTDLL.DLL 3.50 Microsoft C Runtime Library
MSVFW32.DLL 77ad0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video voor Windows-DLL
WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
DCIMAN32.DLL 7d130000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
KNCGBE.DLL 3500000 53248 C:\WINDOWS\SYSTEM\KNCGBE.DLL
ACROIEHELPER.DLL 34f0000 49152 C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
MYIEMONITOR.DLL 2e60000 450560 C:\PROGRAM FILES\OPINIONBAR\MYIEMONITOR.DLL 1.2.3.50
OLEPRO32.DLL 76ed0000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4515
NAVSHEXT.DLL 10000000 114688 C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL 9.05.15 Norton AntiVirusNAVShellExt Module
ATL.DLL 5f3e0000 73728 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8449 ATL Module for Windows (ANSI)
CCTRUST.DLL 2d40000 106496 C:\WINDOWS\SYSTEM\CCTRUST.DLL 1.08.01 Common Client ccTrust
MSVCP60.DLL 780c0000 397312 C:\WINDOWS\SYSTEM\MSVCP60.DLL 6.00.8168.0 Microsoft (R) C++ Runtime Library
SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser-bibliotheek voor gebruikersinterface
ES.DLL 2800000 118784 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library
SENS.DLL 60100000 69632 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4807.2300 System Event Notification Service (SENS)
ESTIER2.DLL 2650000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library
ESSHARED.DLL 2660000 69632 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities
CFGMGR32.DLL 7f700000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
UPNP.DLL 2550000 143360 C:\WINDOWS\SYSTEM\UPNP.DLL 4.90.3002.0 Universal Plug and Play API
SSDPAPI.DLL 2580000 49152 C:\WINDOWS\SYSTEM\SSDPAPI.DLL 4.90.3002.0 SSDP Client API DLL
AUHOOK.DLL 2420000 53248 C:\WINDOWS\SYSTEM\AUHOOK.DLL 5.4.5681.0 Microsoft AutoUpdate
UPNPUI.DLL 74d40000 69632 C:\WINDOWS\SYSTEM\UPNPUI.DLL 4.90.3000.1 UPNP-monitor en -map
WEBCHECK.DLL 70340000 270336 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Website Monitor
ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
LINKINFO.DLL 7fa90000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.90.3000 Windows Volume Tracking
MSI.DLL 1f60000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
SHDOCLC.DLL 1e00000 561152 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Objecten- en besturingselementenbibliotheek Shell Doc
MSSHRUI.DLL 7f820000 98304 C:\WINDOWS\SYSTEM\MSSHRUI.DLL 4.90.3000 Shell-extensies voor delen
MYDOCS.DLL 77770000 81920 C:\WINDOWS\SYSTEM\MYDOCS.DLL 5.50.4134.100 De gebruikersinterface van de map Mijn documenten
WININET.DLL 70200000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1106 Internet-extensies voor Win32
CRYPT32.DLL 5cf00000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.6 Crypto API32
MSASN1.DLL 79b90000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
MSHTML.DLL 63580000 2822144 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1276 Microsoft (R) HTML-viewer
MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1282 OLE32-extensies voor Win32
VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
BROWSEUI.DLL 71160000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1106 Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1276 Objecten- en besturingselementenbibliotheek Shell Doc
OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
COMKLO.DLL 2ae60000 131072 C:\WINDOWS\SYSTEM\COMKLO.DLL
IPHLPAPI.DLL 4c50000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3001.2 IP Helper API
MSAFD.DLL 79bc0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service-aanbieder
DHCPCSVC.DLL 7ce80000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
ICMP.DLL 7b860000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
WS2_32.DLL 73200000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
RASAPI32.DLL 7f780000 253952 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 DLL-bestand van Inbelnetwerk
WSOCK32.DLL 731c0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
MSWSOCK.DLL 77960000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
SECUR32.DLL 7f760000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
SVRAPI.DLL 7f850000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
MSNET32.DLL 7fa20000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bits Netwerk-API-bibliotheek
MSPWL32.DLL 7fa60000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
TAPI32.DLL 7f860000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows(TM) Telephony API Client DLL
RPCRT4.DLL 7faa0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
NETAPI32.DLL 7f890000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
NETBIOS.DLL 7f730000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
MPR.DLL 7f120000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Netwerk-interface-DLL
WS2HELP.DLL 731f0000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
SHELL32.DLL 7fbc0000 2306048 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Gemeenschappelijk DLL-bestand van Windows Shell
EXPLORER.EXE 400000 225280 C:\WINDOWS\EXPLORER.EXE 5.50.4134.100 Windows Verkenner
COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1276 Shell lichtgewicht hulpprogrammabibliotheek
MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft (R) C Runtime Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 544768 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel-kerncomponent
 
Geplaatst door Pieter Arntz


Hoi JolandaC,

In je log komt hij niet tevoorschijn.
Ga eens via de verkenner naar deze map:
C:\Documents and Settings\Bossinkjes\Bureaublad
Als je hem daar ziet staan, probeer er eens op rechts te klikken en dan met de Shift knop ingedrukt Verwijderen kiezen.

Laat maar even weten of dat werkte.

Groetjes,

Pieter
Klik om te vergroten...

Hallo Pieter,

Nee, dit werkt niet helaas.
Ik weet ook niet wat voor vreemd bestandje het is hoor.
Maar ik krijg het dus met geen mogelijkheid weg.
Het moet een grappig bestandje zijn genaamd ' condens in je pc' .
Ik hoop dat je mij verder kunt helpen.
Jolanda
 
Geplaatst door math678
Bijgesloten nieuwe hijacklog.
Valt me op pieter dat enkele regels weer terug zijn ondanks Fix checked bij eerste keer.
Hoor het wel.
Klik om te vergroten...

Hoi math678,

Had je dat bestandje gerdraaid waar ik je een link naar gegeven had?
Zo ja gebruik Killbox om C:\WINDOWS\SYSTEM\KNCGBE.DLL te verwijderen bij Reboot.

Laat dan door HijckTHis deze fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\KNCGBE.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\KNCGBE.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\KNCGBE.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\KNCGBE.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\KNCGBE.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\KNCGBE.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {9190E5FD-7592-4AD5-A645-D5DDCCE5301F} - C:\WINDOWS\SYSTEM\KNCGBE.DLL

Groetjes,

Pieter
 
Pieter, mijn eigen pc-tje :)
Heb daar regprot ook maar opgezet voor alle zekerheid. Had al spywareguard, Waarin verschillen deze programma´s?

O ja, natuurlijk gescand met adware en spybot

Logfile of HijackThis v1.97.7
Scan saved at 10:57:21, on 23-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\Msimn.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Marga No\Mijn documenten\computer hulpprogramma´s\regprot\regprot.exe
C:\Documents and Settings\Marga No\Mijn documenten\computer hulpprogramma´s\regprot\regprot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marga No\Mijn documenten\computer hulpprogramma´s\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_nl_2.0.108-deleon.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_nl_2.0.108-deleon.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegProt] c:\documents and settings\marga no\mijn documenten\computer hulpprogramma´s\regprot\regprot.exe /start
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar_nl_2.0.108-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar_nl_2.0.108-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar_nl_2.0.108-deleon.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar_nl_2.0.108-deleon.dll/cmsimilar.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37935.2106365741
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64ACC928-7E60-48A6-83C6-F86FB24BB9E6}: NameServer = 195.241.48.33 195.241.49.33
 
Geplaatst door JolandaC


Hallo Pieter,

Nee, dit werkt niet helaas.
Ik weet ook niet wat voor vreemd bestandje het is hoor.
Maar ik krijg het dus met geen mogelijkheid weg.
Het moet een grappig bestandje zijn genaamd ' condens in je pc' .
Ik hoop dat je mij verder kunt helpen.
Jolanda
Klik om te vergroten...

Jij had The Killbox gelook ik al he?
Zoniet: http://download.broadbandmedic.com/VbStuff/KillBox.zip

Draai het programma en klik op de knop met het map Symbool achter het venster. Zoek daarin het bestand op waar je vanaf wil en klik dan op "Kill file".

Groetjes,

Pieter
 
Geplaatst door margaNo
Pieter, mijn eigen pc-tje :)
Heb daar regprot ook maar opgezet voor alle zekerheid. Had al spywareguard, Waarin verschillen deze programma´s?
Klik om te vergroten...

Hoi margaNo,

Log is netjes. :thumb:

Beide progjes melden als er iets veranderd en vragen of je dat goed vindt of dat de oude instelling terug moet.
Regprot maakt geen onderscheid tussen goed en slecht, en SpywareGuard heeft een zeer beperkte database van spyware-bestanden. Hun voornaamste taak is dat ze veranderingen signaleren.

Het verschil: Regprot houdt voornamelijk opstart-locaties in de gaten en SpywareGuard voornamelijk browserinstellingen, zolas BHO's je start- en zoekpagina's.

Groetjes,

Pieter
 
PC van een vriend van mij. Spybot en Ad-aware al gerund. Zelf kwam ik nog wat overbodige startuprommel tegen die ik weggehaalt heb maar er zit naar mijn mening nog meer "zooi" tussen.

Logfile of HijackThis v1.97.7
Scan saved at 18:08:20, on 23-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Mark\Bureaublad\Nieuwe map\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [KB826939] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [Q814995] rundll32.exe apphelp.dll,ShimFlushCache
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.3163541667
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab


J-P
 
Re: Re: logfile Hijack this

Geplaatst door Pieter Arntz


Hoi Peppie2,

Medeliefhebber?
Klik om te vergroten...

Yep!
Pieter alles is schoon harstikke bedankt:thumb:
Heb inmiddels spywareblaster en spywareguard als preventie. Belachelijk dat dit moet om een beetje te kunnen surfen.

groetjes Peppie
 
Hallo pieter,

zou je dit weer voor me willen nakijken?

Logfile of HijackThis v1.97.7
Scan saved at 18:43:21, on 23-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Fam. Mulder\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [svshostdriver] svshost.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Startup: ZIM SMS Chat.lnk = C:\Program Files\ZIM\SMS Chat\ZimChat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38056.4712615741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

Norton vind de volgende bestanden die ik niet kan verwijderen:
Dc4.exe
ls.exe

Alvast bedankt!
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan Onderaan