Helpmij tegen spyware offensief
- Onderwerp starter Pieter Arntz
- Startdatum
- Status
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi kvessen,
Download en run: http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98Me/EN-US/vbrun60sp5.exe
Groetjes,
Pieter
Download en run: http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98Me/EN-US/vbrun60sp5.exe
Groetjes,
Pieter
verkeerd geplaatst dus... sorry, staat onder spyware
Zou je deze even kunnen bekijken Pieter, alvast bedankt
Logfile of HijackThis v1.97.3
Scan saved at 14:16:46, on 1-11-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\A4TECH\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAM FILES\NETMEETING\CONF.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bridge.pagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.109.94.63:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {bce47100-8e4e-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O2 - BHO: (no name) - {98b1d480-a4a1-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O2 - BHO: (no name) - {c4aa9120-bbe0-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: BONZI.COM Web Compass - {71B8AB7E-CB3F-4471-878E-8E1DFDF49B8B} - C:\PROGRAM FILES\BONZI.COM WEB COMPASS\WEBCOMPASSBAR.DLL (file missing)
O3 - Toolbar: ruchqllwshi - {bce47101-8e4e-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: ruchqllwshi - {98b1d481-a4a1-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: ruchqllwshi - {c4aa9121-bbe0-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE&SOUND\FBMOUNT.EXE
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\SUPPORT.COM\BIN\TGCMD.EXE" /server
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [prgzbl] C:\WINDOWS\APPLIC~1\wulybshp.exe -QuieT
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee Instant Update Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ActiveMultiWallpaper] C:\Program Files\BlackMoon\ActiveMultiWallpaper\Changer.exe
O4 - HKCU\..\Run: [Talking Messenger] C:\PROGRAM FILES\TALKING MESSENGER\TALKINGMESSENGER.EXE
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: XMOUSE.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1040997984640
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4240/mcfscan.cab
Zou je deze even kunnen bekijken Pieter, alvast bedankt
Logfile of HijackThis v1.97.3
Scan saved at 14:16:46, on 1-11-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\A4TECH\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAM FILES\NETMEETING\CONF.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bridge.pagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.109.94.63:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {bce47100-8e4e-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O2 - BHO: (no name) - {98b1d480-a4a1-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O2 - BHO: (no name) - {c4aa9120-bbe0-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: BONZI.COM Web Compass - {71B8AB7E-CB3F-4471-878E-8E1DFDF49B8B} - C:\PROGRAM FILES\BONZI.COM WEB COMPASS\WEBCOMPASSBAR.DLL (file missing)
O3 - Toolbar: ruchqllwshi - {bce47101-8e4e-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: ruchqllwshi - {98b1d481-a4a1-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: ruchqllwshi - {c4aa9121-bbe0-11d7-b05f-000795bb487b} - C:\WINDOWS\APPLICATION DATA\PBLTLLGZF.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE&SOUND\FBMOUNT.EXE
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\SUPPORT.COM\BIN\TGCMD.EXE" /server
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [prgzbl] C:\WINDOWS\APPLIC~1\wulybshp.exe -QuieT
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee Instant Update Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ActiveMultiWallpaper] C:\Program Files\BlackMoon\ActiveMultiWallpaper\Changer.exe
O4 - HKCU\..\Run: [Talking Messenger] C:\PROGRAM FILES\TALKING MESSENGER\TALKINGMESSENGER.EXE
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: XMOUSE.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1040997984640
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4240/mcfscan.cab
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: verkeerd geplaatst dus... sorry, staat onder spyware
Hoi Ron196,
De bovenstaande aanvinken, alle venster behalve HijackThis sluiten en op Fix checked klikken.
Dan opnieuw opstarten en deze verwijderen:
C:\WINDOWS\APPLICATION DATA\wulybshp.exe
Groetjes,
Pieter
Hoi Ron196,
De bovenstaande aanvinken, alle venster behalve HijackThis sluiten en op Fix checked klikken.
Dan opnieuw opstarten en deze verwijderen:
C:\WINDOWS\APPLICATION DATA\wulybshp.exe
Groetjes,
Pieter
jippiejajee
Terugkerende gebruiker
- Lid geworden
- 1 okt 2003
- Berichten
- 1.136
hier is de Hijackthis log vande computer van mijn vader. wil iemand effe kijken
Logfile of HijackThis v1.97.3
Scan saved at 14:25:04, on 1-11-03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATWMODEM.101\atwmodem.exe
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.nl/spbasic.htm?cp=1252&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thko.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compuserve.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:80;https=cache.zeelandnet.nl:800;ftp=cache.zeelandnet.nl:800;gopher=cache.zeelandnet.nl:800;socks=cache.zeelandnet.nl:800
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\WINDOWS\APPLICATION DATA\PLG_IE0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Mediascape\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [RegisterLead] C:\WINDOWS\SYSTEM\REGSVR32 /S C:\WINDOWS\SYSTEM\LTOCX70N.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft NetMeeting] "C:\PROGRA~1\NETMEE~1\conf.exe" background
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\ATWMODEM.101\atwmodem.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Postvak IN.lnk = C:\Program Files\Microsoft Exchange\EXCHNG32.EXE
O4 - Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\OFFICE\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\OFFICE\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .qt: C:\Program Files\Netscape\Navigator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .mov: C:\Program Files\Netscape\Navigator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .ram: C:\Program Files\Netscape\Navigator\Program\PLUGINS\nppl3260.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/intl/nl/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compuserve.nl/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://x0.nl/install/dial.ocx
Logfile of HijackThis v1.97.3
Scan saved at 14:25:04, on 1-11-03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATWMODEM.101\atwmodem.exe
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.nl/spbasic.htm?cp=1252&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thko.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compuserve.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:80;https=cache.zeelandnet.nl:800;ftp=cache.zeelandnet.nl:800;gopher=cache.zeelandnet.nl:800;socks=cache.zeelandnet.nl:800
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\WINDOWS\APPLICATION DATA\PLG_IE0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Mediascape\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [RegisterLead] C:\WINDOWS\SYSTEM\REGSVR32 /S C:\WINDOWS\SYSTEM\LTOCX70N.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft NetMeeting] "C:\PROGRA~1\NETMEE~1\conf.exe" background
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\ATWMODEM.101\atwmodem.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Postvak IN.lnk = C:\Program Files\Microsoft Exchange\EXCHNG32.EXE
O4 - Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\OFFICE\MSOFFICE.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\OFFICE\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .qt: C:\Program Files\Netscape\Navigator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .mov: C:\Program Files\Netscape\Navigator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .ram: C:\Program Files\Netscape\Navigator\Program\PLUGINS\nppl3260.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/intl/nl/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compuserve.nl/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://x0.nl/install/dial.ocx
super, bedankt pieter, hij doet het nu.
Hier is mijn log file, iemand die er voor mij even in wil vroeten???
Logfile of HijackThis v1.97.3
Scan saved at 15:01:23, on 1-11-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\MIJN DOCUMENTEN\PROGRAMMA'S\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.modelbouwforum.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O7 "EPUSB1:" /M "Stylus C44"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
alvast bedankt,
groet, Kor
Hier is mijn log file, iemand die er voor mij even in wil vroeten???
Logfile of HijackThis v1.97.3
Scan saved at 15:01:23, on 1-11-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\MIJN DOCUMENTEN\PROGRAMMA'S\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.modelbouwforum.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O7 "EPUSB1:" /M "Stylus C44"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
alvast bedankt,
groet, Kor
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi jippiejajee,
De bovenstaande aanvinken, alle venster behalve HijackThis sluiten en op Fix checked klikken.
Dan opnieuw opstarten.
Groetjes,
Pieter
jippiejajee
Terugkerende gebruiker
- Lid geworden
- 1 okt 2003
- Berichten
- 1.136
Bedankt
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Graag gedaan, allemaal. 
Pieter
Pieter
Hoi zou je a.u.b even hier naar kunnen kijken?
b.v.d.
Logfile of HijackThis v1.97.3
Scan saved at 17:28:14, on 1-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\........\LOCALS~1\Temp\Rar$EX00.188\HijackThis.exe
C:\DOCUME~1\.........\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37926.3453819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A171B2-5295-4FA5-8D94-5F60D649809C}: NameServer = 213.218.75.90 213.218.75.91
b.v.d.
Logfile of HijackThis v1.97.3
Scan saved at 17:28:14, on 1-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\........\LOCALS~1\Temp\Rar$EX00.188\HijackThis.exe
C:\DOCUME~1\.........\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37926.3453819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A171B2-5295-4FA5-8D94-5F60D649809C}: NameServer = 213.218.75.90 213.218.75.91
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi smitsje,
Je log is schoon, maar er staat een rare regel in, die je nog even NIET moet Fixen:
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
Voor zover mij bekend behoort dat bestand aan Sygate PF en die zie ik ook starten, maar niet draaien.
Is er misschien iets misgegaan bij de installatie daarvan?
Groetjes,
Pieter
Je log is schoon, maar er staat een rare regel in, die je nog even NIET moet Fixen:
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
Voor zover mij bekend behoort dat bestand aan Sygate PF en die zie ik ook starten, maar niet draaien.
Is er misschien iets misgegaan bij de installatie daarvan?
Groetjes,
Pieter
mijn nieuwe log
Logfile of HijackThis v1.95.1
Scan saved at 18:02:04, on 1-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37926.3453819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A171B2-5295-4FA5-8D94-5F60D649809C}: NameServer = 213.218.75.90 213.218.75.91
Logfile of HijackThis v1.95.1
Scan saved at 18:02:04, on 1-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37926.3453819444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A171B2-5295-4FA5-8D94-5F60D649809C}: NameServer = 213.218.75.90 213.218.75.91
Eagle Creek
Verenigingslid
- Lid geworden
- 3 okt 2002
- Berichten
- 26.338
JahaGeplaatst door Pieter Arntz
Je weet toch waar je die op kunt zoeken.
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
Uit mijn hoofd, deze in ieder geval:
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
Groetjes,
Pieter
, maar misschien dat je meteen wat dingies zag .Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Sorry smitsje,
Maar ik volg je even niet meer.
Dit is in ieder geval de opstart voor Sygate:
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
Die kun je laten fixen als je het niet meer gebruikt, samen met deze:
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
Maar waarom plaatste je een log van een oudere versie van HijackThis en welke iexplore.exe fout krijg je steeds?
Groetjes,
Pieter
Maar ik volg je even niet meer.
Dit is in ieder geval de opstart voor Sygate:
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
Die kun je laten fixen als je het niet meer gebruikt, samen met deze:
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
Maar waarom plaatste je een log van een oudere versie van HijackThis en welke iexplore.exe fout krijg je steeds?
Groetjes,
Pieter
khk464
Terugkerende gebruiker
- Lid geworden
- 5 feb 2003
- Berichten
- 1.154
Hoi, hier vind je de .dll:
http://www.dll-files.com/dllindex/dll-files.shtml?msvbvm60
groetjes
Sorry heb getracht dit te verwijderen maar dat lukt niet omdat ik de melding krijg dat ik geen rechten heb of zoiets. Het intenet gaat vanavond zooooo traag dat ik er beter mee stop want er zijn al 5 antwoorden gegeven voor ik iets te zien krijg.
groetjes
http://www.dll-files.com/dllindex/dll-files.shtml?msvbvm60
groetjes
Sorry heb getracht dit te verwijderen maar dat lukt niet omdat ik de melding krijg dat ik geen rechten heb of zoiets. Het intenet gaat vanavond zooooo traag dat ik er beter mee stop want er zijn al 5 antwoorden gegeven voor ik iets te zien krijg.
groetjes
Laatst bewerkt:
- Status
