Helpmij tegen spyware offensief (deel 3)
- Onderwerp starter Eagle Creek
- Startdatum
- Status
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi illie,
Enig idee waar die voor is?
Het log is schoon, maar deze heb ik nog nooit eerder gezien.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Geplaatst door Annetango
het heeft niet geholpen, heb je nog meer trucjes?
Ik weet niet zeker of dit werkt.
Als je IE op de normale manier afsluit en dan de procedure met WhatsHappening herhaalt, komt er dan nog wat in het lijstje tevoorschijn?
Zoja, post dat dan eens.
Groetjes,
Pieter
Ja, hij staat dan nog in het lijstje, hier is wat ik heb gekopieerd
iexplore.exe
iexplore.exe (C:\Program Files\Internet Explorer)
<>
ntdll.dll (C:\WINDOWS\System32)
<>
msvcrt.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-7.0.2600.1106>
ADVAPI32.dll (C:\WINDOWS\system32)
<>
RPCRT4.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1254>
SHLWAPI.dll (C:\WINDOWS\system32)
<>
SHDOCVW.dll (C:\WINDOWS\System32)
<>
IMM32.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
LPK.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
USP10.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft(R) Uniscribe Unicode script processor-1.0409.2600.1106>
comctl32.dll (C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
SHELL32.dll (C:\WINDOWS\system32)
<>
comctl32.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ole32.dll (C:\WINDOWS\system32)
<>
uxtheme.dll (C:\WINDOWS\System32)
<>
MSCTF.dll (C:\WINDOWS\System32)
<>
SynTPFcs.dll (C:\WINDOWS\System32)
<Synaptics, Inc.-Progressive Touch-6.2.14 01Apr02>
VERSION.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
BROWSEUI.dll (C:\WINDOWS\System32)
<>
browselc.dll (C:\WINDOWS\System32)
<>
appHelp.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
CLBCATQ.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-COM Services-03.00.00.4414>
OLEAUT32.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems-3.50.5016.0>
COMRes.dll (C:\WINDOWS\System32)
<>
msctfime.ime (C:\WINDOWS\System32)
<>
Msimtf.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
WININET.dll (C:\WINDOWS\system32)
<>
CRYPT32.dll (C:\WINDOWS\system32)
<>
MSASN1.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1274>
Secur32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
cscui.dll (C:\WINDOWS\System32)
<>
CSCDLL.dll (C:\WINDOWS\System32)
<>
SETUPAPI.dll (C:\WINDOWS\System32)
<>
NavShExt.dll (C:\Program Files\Norton AntiVirus)
<Symantec Corporation-Norton AntiVirus-9.05.15>
ccTrust.dll (C:\WINDOWS\System32)
<Symantec Corporation-Common Client-1.08.01>
MSVCP60.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.8972.0>
ATL.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.9435>
AcroIEHelper.ocx (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX)
<-AcroIEHelper Module-1, 0, 0, 1>
SXS.DLL (C:\WINDOWS\System32)
<>
msi.dll (C:\WINDOWS\System32)
<>
urlmon.dll (C:\WINDOWS\system32)
<>
shdoclc.dll (C:\WINDOWS\System32)
<>
mlang.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2600.0000>
wsock32.dll (C:\WINDOWS\System32)
<>
WS2_32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WS2HELP.dll (C:\WINDOWS\System32)
<>
mswsock.dll (C:\WINDOWS\system32)
<>
wshtcpip.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
RASAPI32.DLL (C:\WINDOWS\System32)
<>
rasman.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
NETAPI32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
TAPI32.dll (C:\WINDOWS\System32)
<>
rtutils.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WINMM.dll (C:\WINDOWS\System32)
<>
sensapi.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
USERENV.dll (C:\WINDOWS\system32)
<>
DNSAPI.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
winrnr.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WLDAP32.dll (C:\WINDOWS\system32)
<>
rasadhlp.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
iphlpapi.dll (C:\WINDOWS\System32)
<>
mshtml.dll (C:\WINDOWS\System32)
<>
scrauth.dll (C:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
ScrBlock.dll (C:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
wintrust.dll (C:\WINDOWS\System32)
<>
IMAGEHLP.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
rsaenh.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1029>
cryptnet.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.131.2600.0>
jscript.dll (c:\windows\system32)
<Microsoft Corporation-Microsoft (r) JScript-5.6.0.8513>
MSLS31.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Line Services-3.10>
imgutil.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
mshtmled.dll (C:\WINDOWS\System32)
<>
wdmaud.drv (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
msacm32.drv (C:\WINDOWS\System32)
<>
MSACM32.dll (C:\WINDOWS\System32)
<>
midimap.dll (C:\WINDOWS\System32)
<>
dxtrans.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ddrawex.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
DDRAW.dll (C:\WINDOWS\System32)
<>
DCIMAN32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
dxtmsft.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
Dadkeyb.dll (C:\PROGRA~1\Dell\ACCESS~1)
<>
MPR.dll (C:\WINDOWS\system32)
<>
drprov.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
ntlanman.dll (C:\WINDOWS\System32)
<>
NETUI0.dll (C:\WINDOWS\System32)
<>
NETUI1.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
NETRAP.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
SAMLIB.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
davclnt.dll (C:\WINDOWS\System32)
<>
MSGINA.dll (C:\WINDOWS\System32)
<>
WINSTA.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
ODBC32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft Open Database Connectivity-3.520.9042.0>
comdlg32.dll (C:\WINDOWS\system32)
<>
odbcint.dll (C:\WINDOWS\System32)
<>
HLINK.DLL (C:\WINDOWS\System32)
<>
faultrep.dll (C:\WINDOWS\System32)
<>
WTSAPI32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
iexplore.exe
iexplore.exe (C:\Program Files\Internet Explorer)
<>
ntdll.dll (C:\WINDOWS\System32)
<>
msvcrt.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-7.0.2600.1106>
ADVAPI32.dll (C:\WINDOWS\system32)
<>
RPCRT4.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1254>
SHLWAPI.dll (C:\WINDOWS\system32)
<>
SHDOCVW.dll (C:\WINDOWS\System32)
<>
IMM32.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
LPK.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
USP10.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft(R) Uniscribe Unicode script processor-1.0409.2600.1106>
comctl32.dll (C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
SHELL32.dll (C:\WINDOWS\system32)
<>
comctl32.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ole32.dll (C:\WINDOWS\system32)
<>
uxtheme.dll (C:\WINDOWS\System32)
<>
MSCTF.dll (C:\WINDOWS\System32)
<>
SynTPFcs.dll (C:\WINDOWS\System32)
<Synaptics, Inc.-Progressive Touch-6.2.14 01Apr02>
VERSION.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
BROWSEUI.dll (C:\WINDOWS\System32)
<>
browselc.dll (C:\WINDOWS\System32)
<>
appHelp.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
CLBCATQ.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-COM Services-03.00.00.4414>
OLEAUT32.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems-3.50.5016.0>
COMRes.dll (C:\WINDOWS\System32)
<>
msctfime.ime (C:\WINDOWS\System32)
<>
Msimtf.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
WININET.dll (C:\WINDOWS\system32)
<>
CRYPT32.dll (C:\WINDOWS\system32)
<>
MSASN1.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1274>
Secur32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
cscui.dll (C:\WINDOWS\System32)
<>
CSCDLL.dll (C:\WINDOWS\System32)
<>
SETUPAPI.dll (C:\WINDOWS\System32)
<>
NavShExt.dll (C:\Program Files\Norton AntiVirus)
<Symantec Corporation-Norton AntiVirus-9.05.15>
ccTrust.dll (C:\WINDOWS\System32)
<Symantec Corporation-Common Client-1.08.01>
MSVCP60.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.8972.0>
ATL.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft (R) Visual C++-6.00.9435>
AcroIEHelper.ocx (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX)
<-AcroIEHelper Module-1, 0, 0, 1>
SXS.DLL (C:\WINDOWS\System32)
<>
msi.dll (C:\WINDOWS\System32)
<>
urlmon.dll (C:\WINDOWS\system32)
<>
shdoclc.dll (C:\WINDOWS\System32)
<>
mlang.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2600.0000>
wsock32.dll (C:\WINDOWS\System32)
<>
WS2_32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WS2HELP.dll (C:\WINDOWS\System32)
<>
mswsock.dll (C:\WINDOWS\system32)
<>
wshtcpip.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
RASAPI32.DLL (C:\WINDOWS\System32)
<>
rasman.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
NETAPI32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
TAPI32.dll (C:\WINDOWS\System32)
<>
rtutils.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WINMM.dll (C:\WINDOWS\System32)
<>
sensapi.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
USERENV.dll (C:\WINDOWS\system32)
<>
DNSAPI.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
winrnr.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
WLDAP32.dll (C:\WINDOWS\system32)
<>
rasadhlp.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
iphlpapi.dll (C:\WINDOWS\System32)
<>
mshtml.dll (C:\WINDOWS\System32)
<>
scrauth.dll (C:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
ScrBlock.dll (C:\Program Files\Common Files\Symantec Shared\Script Blocking)
<Symantec Corporation-Symantec ScriptBlocking-1, 1, 0, 126>
wintrust.dll (C:\WINDOWS\System32)
<>
IMAGEHLP.dll (C:\WINDOWS\system32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
rsaenh.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1029>
cryptnet.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.131.2600.0>
jscript.dll (c:\windows\system32)
<Microsoft Corporation-Microsoft (r) JScript-5.6.0.8513>
MSLS31.DLL (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Line Services-3.10>
imgutil.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
mshtmled.dll (C:\WINDOWS\System32)
<>
wdmaud.drv (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
msacm32.drv (C:\WINDOWS\System32)
<>
MSACM32.dll (C:\WINDOWS\System32)
<>
midimap.dll (C:\WINDOWS\System32)
<>
dxtrans.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
ddrawex.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
DDRAW.dll (C:\WINDOWS\System32)
<>
DCIMAN32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
dxtmsft.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-6.00.2800.1106>
Dadkeyb.dll (C:\PROGRA~1\Dell\ACCESS~1)
<>
MPR.dll (C:\WINDOWS\system32)
<>
drprov.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
ntlanman.dll (C:\WINDOWS\System32)
<>
NETUI0.dll (C:\WINDOWS\System32)
<>
NETUI1.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
NETRAP.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.0>
SAMLIB.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
davclnt.dll (C:\WINDOWS\System32)
<>
MSGINA.dll (C:\WINDOWS\System32)
<>
WINSTA.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
ODBC32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft Open Database Connectivity-3.520.9042.0>
comdlg32.dll (C:\WINDOWS\system32)
<>
odbcint.dll (C:\WINDOWS\System32)
<>
HLINK.DLL (C:\WINDOWS\System32)
<>
faultrep.dll (C:\WINDOWS\System32)
<>
WTSAPI32.dll (C:\WINDOWS\System32)
<Microsoft Corporation-Microsoft® Windows® Operating System-5.1.2600.1106>
herbert
Gebruiker
- Lid geworden
- 16 nov 2002
- Berichten
- 160
imslsp.dll
hierbij mijn hyjackthis log, wat mag er weg? Er staat ook iets van imslsp.dll missing ????? Bedankt lLogfile of HijackThis v1.97.7
Scan saved at 19:54:05, on 28/03/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\MRU-BLASTER\SCHEDULER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\FAST DEFRAG\FAST2.EXE
C:\PROGRAM FILES\SECRETMAKER\SECRETMAKER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\ICONOID\ICONOID.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\PROGRAM FILES\IE URL SPOOFING PATCH\IEWORKAROUND3.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\SYSTEM\SMIEHLP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [MRU Blaste] C:\Program Files\MRU-Blaster\scheduler.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\SpywareGuard\sgmain.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Iconoid] "C:\PROGRAM FILES\ICONOID\ICONOID.EXE" -wait 0
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\PROGRAM FILES\MRU-BLASTER\indexcleaner.exe -CC
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
O4 - Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: I&mage List - file://C:\Program Files\ImageList\ImageList.htm
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37955.1655787037
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
hierbij mijn hyjackthis log, wat mag er weg? Er staat ook iets van imslsp.dll missing ????? Bedankt lLogfile of HijackThis v1.97.7
Scan saved at 19:54:05, on 28/03/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\MRU-BLASTER\SCHEDULER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\FAST DEFRAG\FAST2.EXE
C:\PROGRAM FILES\SECRETMAKER\SECRETMAKER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\ICONOID\ICONOID.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
C:\PROGRAM FILES\CRAZY BROWSER\CRAZY BROWSER.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\PROGRAM FILES\IE URL SPOOFING PATCH\IEWORKAROUND3.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\SYSTEM\SMIEHLP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [MRU Blaste] C:\Program Files\MRU-Blaster\scheduler.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\SpywareGuard\sgmain.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Iconoid] "C:\PROGRAM FILES\ICONOID\ICONOID.EXE" -wait 0
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\PROGRAM FILES\MRU-BLASTER\indexcleaner.exe -CC
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
O4 - Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: I&mage List - file://C:\Program Files\ImageList\ImageList.htm
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37955.1655787037
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: imslsp.dll
Je log ziet er hartstikke netjes uit.
Als je met IE updates bij bent is de boven genoemde patch niet meer nodig.
Ik weet niet zeker of het gebruik van Crazy Browser daar nog invloed op heeft.<
Heb je al gezocht of het bestand imslsp.dll inderdaad weg is?
Zoniet rechtsklik er dan eens op en laat me weten wat er op het versie tabblad te vinden is.
Groetjes,
Pieter
Je log ziet er hartstikke netjes uit.
Als je met IE updates bij bent is de boven genoemde patch niet meer nodig.
Ik weet niet zeker of het gebruik van Crazy Browser daar nog invloed op heeft.<
Heb je al gezocht of het bestand imslsp.dll inderdaad weg is?
Zoniet rechtsklik er dan eens op en laat me weten wat er op het versie tabblad te vinden is.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: imslsp.dll
En heb je dat geinstalleerd?
Dat is die MSN bewaker van ZoneAlarm toch?
Groetjes,
Pieter
En heb je dat geinstalleerd?
Dat is die MSN bewaker van ZoneAlarm toch?
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: imslsp.dll
Dank. Even aan Merijn doorgeven dat er nog zo'n raar apparaat verkeerd weergegeven wordt.
Want in jouw log staat "missing" en hij is dus wel degelijk aanwezig en actief.
Groetjes,
Pieter
Dank. Even aan Merijn doorgeven dat er nog zo'n raar apparaat verkeerd weergegeven wordt.
Want in jouw log staat "missing" en hij is dus wel degelijk aanwezig en actief.
Groetjes,
Pieter
spyware
hallo,
wil er iemand hier naar kijken,
alvast bedankt,
gr. jawenawe
Logfile of HijackThis v1.97.7
Scan saved at 13:18:47, on 29-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/176c6f5...ip/RdxIE601.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000XP/bridge.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8002.1299305556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/active...ol_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/content...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A3281CF-A83E-4F84-A731-DB482A94052E}: NameServer = 194.134.5.5 194.134.0.97
__________________
jawenawe
hallo,
wil er iemand hier naar kijken,
alvast bedankt,
gr. jawenawe
Logfile of HijackThis v1.97.7
Scan saved at 13:18:47, on 29-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/176c6f5...ip/RdxIE601.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/2000XP/bridge.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8002.1299305556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/active...ol_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/content...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A3281CF-A83E-4F84-A731-DB482A94052E}: NameServer = 194.134.5.5 194.134.0.97
__________________
jawenawe
jeronimopaulio
Nieuwe gebruiker
- Lid geworden
- 29 mrt 2004
- Berichten
- 1
hoi hoi,
Hier Jos (ad-aware)weer vanaf een andere PC waar ook heel wat spyware op staat. Misschien dat crash ook even wil kijken naar het aantal processen wat uitgezet kan worden. Misschien dat de snelheid nog flink omhoog kan hier. Dit werkte prima vorige keer. En natuurlijk aan pieter of ie de spyware wil aanwijzen.
Alvast bedankt en groetjes
Jos
Logfile of HijackThis v1.97.7
Scan saved at 13:45:36, on 29-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeroen\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/Lycos/Sidesearch.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
Hier Jos (ad-aware)weer vanaf een andere PC waar ook heel wat spyware op staat. Misschien dat crash ook even wil kijken naar het aantal processen wat uitgezet kan worden. Misschien dat de snelheid nog flink omhoog kan hier. Dit werkte prima vorige keer. En natuurlijk aan pieter of ie de spyware wil aanwijzen.
Alvast bedankt en groetjes
Jos
Logfile of HijackThis v1.97.7
Scan saved at 13:45:36, on 29-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeroen\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/Lycos/Sidesearch.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: spyware
Hoi jawenawe,
Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start daarna opnieuw op en verwijder:
C:\Program Files\MyWebSearch <= de hele map
Groetjes,
Pieter
Hoi jawenawe,
Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start daarna opnieuw op en verwijder:
C:\Program Files\MyWebSearch <= de hele map
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi jeronimopaulio,
Voor je begint wil ik je aanraden om HijackThis naar een aparte map uit te pakken. Het programma maakt backups in de map waar het staat en
zoals jij het nu draait (uit de zipmap) gaat dat niet.
Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start daarna opnieuw op en verwijder:
C:\WINDOWS\Downloaded Program Files\bridge.dll
Groetjes,
Pieter
G.I. Jane
Gebruiker
- Lid geworden
- 24 mrt 2004
- Berichten
- 145
Hijack This Log
Logfile of HijackThis v1.97.7
Scan saved at 15:16:50, on 29-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRAM FILES\nvc\BIN\nvcoas.exe
C:\PROGRAM FILES\nvc\BIN\NJEEVES.EXE
C:\PROGRAM FILES\nvc\BIN\NVCSCHED.EXE
C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\PROGRAM FILES\Nvc\BIN\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRAM FILES\Nvc\BIN\NYMSE.EXE
C:\PROGRAM FILES\Nvc\BIN\cclaw.exe
C:\PROGRAM FILES\Nvc\BIN\NIP.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Suzanne Molleman\Mijn documenten\Documenten Suzanne\Logfiles & Spyware programma's\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dafclub.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Frank & Suzanne & Stijn
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAM FILES\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
O16 - DPF: {06EE5631-8B69-4BF6-A531-91BDDF785734} (chelloInstall.Install) - http://quickfix.chello.nl/esupport/asp/chelloInstall.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....com/abarth/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.3070023148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444554340000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4344/mcfscan.cab
Bij running processes staat:
C:\WINDOWS\system32\pcs\pcsvc.exe
Ik krijg dit bestand niet verwijderd uit system32.
Met CWshredder werd er gevraagd of dit een random programma is (ik vul altijd Nee in zoals aangeduid staat): C:\WINDOWS\Dit.exe
Had ik eerst na allerlei Adware en Spyware verwijderd te hebben geen foutmeldingen meer met opstarten.
Echter daar heb ik nu weer last van met:
zlclient.exe kan het bestand niet vinden in Harddisk device 12 etc. kan jij me misschien helpen?
Het kan ook zijn dat dit verholpen was door updates van Microsoft. Ik krijg de foutmelding alleen als ik de pc voor het eerst opstart op de dag.
Groetjes G.I. Jane
Logfile of HijackThis v1.97.7
Scan saved at 15:16:50, on 29-3-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRAM FILES\nvc\BIN\nvcoas.exe
C:\PROGRAM FILES\nvc\BIN\NJEEVES.EXE
C:\PROGRAM FILES\nvc\BIN\NVCSCHED.EXE
C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\PROGRAM FILES\Nvc\BIN\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRAM FILES\Nvc\BIN\NYMSE.EXE
C:\PROGRAM FILES\Nvc\BIN\cclaw.exe
C:\PROGRAM FILES\Nvc\BIN\NIP.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Suzanne Molleman\Mijn documenten\Documenten Suzanne\Logfiles & Spyware programma's\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dafclub.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Frank & Suzanne & Stijn
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAM FILES\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
O16 - DPF: {06EE5631-8B69-4BF6-A531-91BDDF785734} (chelloInstall.Install) - http://quickfix.chello.nl/esupport/asp/chelloInstall.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....com/abarth/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.3070023148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444554340000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4344/mcfscan.cab
Bij running processes staat:
C:\WINDOWS\system32\pcs\pcsvc.exe
Ik krijg dit bestand niet verwijderd uit system32.
Met CWshredder werd er gevraagd of dit een random programma is (ik vul altijd Nee in zoals aangeduid staat): C:\WINDOWS\Dit.exe
Had ik eerst na allerlei Adware en Spyware verwijderd te hebben geen foutmeldingen meer met opstarten.
Echter daar heb ik nu weer last van met:
zlclient.exe kan het bestand niet vinden in Harddisk device 12 etc. kan jij me misschien helpen?
Het kan ook zijn dat dit verholpen was door updates van Microsoft. Ik krijg de foutmelding alleen als ik de pc voor het eerst opstart op de dag.
Groetjes G.I. Jane
Zou je naar deze logfile willen kijken, alvast bedankt
groeten
fox10
Logfile of HijackThis v1.97.7
Scan saved at 16:13:17, on 29-3-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MX\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Open Universiteit Nederland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.zeelandnet.nl/cache.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = zeelandnet.nl:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: load=C:\MX\vi_grm.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [warez] "C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE" -h
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37992.1956712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
groeten
fox10
Logfile of HijackThis v1.97.7
Scan saved at 16:13:17, on 29-3-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MX\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Open Universiteit Nederland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.zeelandnet.nl/cache.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = zeelandnet.nl:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: load=C:\MX\vi_grm.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [warez] "C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE" -h
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37992.1956712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Hijack This Log
Verwijder de hele map in veilige modus:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
Met CWshredder werd er gevraagd of dit een random programma is (ik vul altijd Nee in zoals aangeduid staat): C:\WINDOWS\Dit.exe
Dat is goed. Dit.exe is geen CWS bestand en ook geen random genoemd bestand.
Als je het probleem met opstarten daarna nog steeds hebt wil je dan even een StartUpList posten?
In HijackThis klik je op Config > MISC tools > Generate Startuplist.
Dat produceert een tekstbestand. Post dat maar even.
Groetjes,
Pieter
Verwijder de hele map in veilige modus:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
Met CWshredder werd er gevraagd of dit een random programma is (ik vul altijd Nee in zoals aangeduid staat): C:\WINDOWS\Dit.exe
Dat is goed. Dit.exe is geen CWS bestand en ook geen random genoemd bestand.
Als je het probleem met opstarten daarna nog steeds hebt wil je dan even een StartUpList posten?
In HijackThis klik je op Config > MISC tools > Generate Startuplist.
Dat produceert een tekstbestand. Post dat maar even.
Groetjes,
Pieter
- Status
Nieuwste berichten
-
Hallo heeft iemand ervaring met een website aanmaken- Nieuwste: Gouwepeer
-
-
