PDA

Volledige versie bekijken : hijackthis



Drjoeri
23 augustus 2004, 08:52
hier een hijackthis, wat kan ik verwijderen want ik krijg regelmatig veel popups nadat ik ie heb gesloten of gwoon popups als ik nixs doe of de pc idle is

Logfile of HijackThis v1.97.7
Scan saved at 8:49:50, on 23/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\GlobalSCAPE\Secure FTP Server\cftpstes.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Common Files\WinTools\WToolsS.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\MMTray.exe
D:\WINDOWS\System32\MMTray2k.exe
D:\WINDOWS\System32\MMTrayLSI.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\joeri\Tekst bestanden\ssmon3\ssmgr.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\WINDOWS\kdx\KHost.exe
D:\WINDOWS\System32\rundll32.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Motherboard Monitor 5\MBM5.EXE
D:\Program Files\WindowsSA\omniscient.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\ISTsvc\istsvc.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\Program Files\WindUpdates\WinUpdt.exe
D:\WINDOWS\System32\RUNDLL32.exe
D:\WINDOWS\System32\csjqymf.exe
D:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
D:\Program Files\Common Files\WinTools\WToolsA.exe
D:\program files\zango\zango.exe
D:\WINDOWS\System32\intl.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\WindUpdates\WinKA.exe
D:\Program Files\Common Files\WinTools\WSup.exe
D:\WINDOWS\System32\SFLEX3V.exe
D:\WINDOWS\System32\lhlbwl.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\SysMetrix\SysMetrix.exe
D:\joeri\programma's\Winamp\winamp.exe
D:\Program Files\Xfire\Xfire.exe
D:\Program Files\Web_Rebates\WebRebates1.exe
D:\Program Files\Web_Rebates\WebRebates0.exe
D:\Documents and Settings\Joeri\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50181
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50181
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///D:/Program%20Files/Plus18Point/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://games.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50181
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
F2 - REG:system.ini: UserInit=D:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - D:\WINDOWS\System32\ATPART~1.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll (disabled by BHODemon)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\joeri\programma's\DAP1\DAPBHO.dll
O2 - BHO: (no name) - {00a67041-135f-4f38-a3ed-8a1a0cbbc534} - D:\DOCUME~1\Joeri\APPLIC~1\nmousttrshbl.dll (disabled by BHODemon)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (disabled by BHODemon)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {1FAB4505-C712-22EC-8755-15557BA77C47} - D:\WINDOWS\System32\bzwwgn.dll (disabled by BHODemon)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - D:\WINDOWS\system32\IEHelper.dll (disabled by BHODemon)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - D:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {71ed4fba-4024-4bbe-91dc-9704c93f453e} - (no file)
O2 - BHO: (no name) - {83de62e0-5805-11d8-9b25-00e04c60faf2} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem301.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - D:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - D:\WINDOWS\System32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: prlylyquchx - {ff9ed21a-a2e9-4be6-a2d5-07eab28b850e} - D:\DOCUME~1\Joeri\APPLIC~1\nmousttrshbl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {71ed4fba-4024-4bbe-91dc-9704c93f453e} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ssmgr] ssmon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler StartupHelper] D:\jasper\WallpaperCycler\StartupHelper.exe
O4 - HKLM\..\Run: [zSPGuard] d:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [kdx] D:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [PSDrvCheck] D:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] D:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [vtrshm] D:\DOCUME~1\Joeri\APPLIC~1\oacrlprl.exe -QuieT
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [rundll] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [systray] D:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [belt] D:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MBM 5] "D:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Windows SA] D:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WindUpdates] D:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [tgiqsvj] D:\WINDOWS\System32\csjqymf.exe
O4 - HKLM\..\Run: [DM_Server] D:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [zango] d:\program files\zango\zango.exe
O4 - HKLM\..\Run: [Classes] D:\WINDOWS\System32\intl.exe
O4 - HKLM\..\Run: [SFLEX3V] D:\WINDOWS\System32\SFLEX3V.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Atle] D:\Documents and Settings\Joeri\Application Data\trce.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Llgwxsa] D:\WINDOWS\System32\lhlbwl.exe
O4 - HKCU\..\Run: [DU meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Sysmetrix] D:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: MBM 5.lnk = D:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Startup: Winamp.lnk = D:\joeri\programma's\Winamp\winamp.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\JOERI\PROGRA~1\DAP1\dapextie.htm
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Download &all with DAP - D:\JOERI\PROGRA~1\DAP1\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ontvang alles met FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

Drjoeri
23 augustus 2004, 08:54
vervolg:

O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/j7834g.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.irobotmovie.com/english/atmosphere/index.html
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dcd2633dba1f9b95b13b118831cfe9ece61d79f19cdd455f 568999b2787a06c32733112e199360a1962852521f89af3c24 9b5dadcd7fcbf2d2af98c90395ae:88108003dd8134b2e1acd 8fbd906de4c
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {356E71A0-B0F1-4AF7-877C-A4E9B4D6BED5} (RWViewer Control) - http://www.righthemisphere.com/gallery/3d/radishworks/RWViewer.cab
O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/inetdl.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.iseemedia.com/activex/LPControl.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/be/2/060208be.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.telenet.be/gamezone/classes/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50181/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/be/games4.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.advnt01.com/dialer/belgio_ver3.CAB
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://infinity.zango.com/gateway/resources/default/zangoinstaller.cab?productid=542
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D470E751-134E-4CD3-8F69-66A5A74AF533} - http://www.twilightzones.be/dutch_warez.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/download.CAB
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

°°K!€ndj€°°
23 augustus 2004, 09:47
wtf? zovele jamai....
srry maar ik kan u nie helpen, de vorige keer datik men hiackthis log poste waser niemand die mij hielp :sad:

Drjoeri
23 augustus 2004, 09:48
ik weet et dat is juist het probleem

st3ph3n
23 augustus 2004, 10:34
Te fixen:
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
D:\Program Files\WindowsSA\omniscient.exe
D:\Program Files\ISTsvc\istsvc.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\Program Files\WindUpdates\WinUpdt.exe
D:\WINDOWS\System32\csjqymf.exe
D:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
D:\Program Files\Common Files\WinTools\WToolsA.exe
D:\program files\zango\zango.exe
D:\WINDOWS\System32\intl.exe
D:\Program Files\WindUpdates\WinKA.exe
D:\Program Files\Common Files\WinTools\WSup.exe
D:\WINDOWS\System32\SFLEX3V.exe
D:\WINDOWS\System32\lhlbwl.exe
D:\Program Files\Web_Rebates\WebRebates1.exe
D:\Program Files\Web_Rebates\WebRebates0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50181
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50181
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///D:/Program%20Files/Plus18Point/Portal/portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50181
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
F2 - REG:system.ini: UserInit=D:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - D:\WINDOWS\System32\ATPART~1.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll (disabled by BHODemon)
O2 - BHO: (no name) - {00a67041-135f-4f38-a3ed-8a1a0cbbc534} - D:\DOCUME~1\Joeri\APPLIC~1\nmousttrshbl.dll (disabled by BHODemon)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {1FAB4505-C712-22EC-8755-15557BA77C47} - D:\WINDOWS\System32\bzwwgn.dll (disabled by BHODemon)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - D:\WINDOWS\system32\IEHelper.dll (disabled by BHODemon)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - D:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {71ed4fba-4024-4bbe-91dc-9704c93f453e} - (no file)
O2 - BHO: (no name) - {83de62e0-5805-11d8-9b25-00e04c60faf2} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem301.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - D:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - D:\WINDOWS\System32\apuc.dll
O3 - Toolbar: prlylyquchx - {ff9ed21a-a2e9-4be6-a2d5-07eab28b850e} - D:\DOCUME~1\Joeri\APPLIC~1\nmousttrshbl.dll (file missing)
O3 - Toolbar: (no name) - {71ed4fba-4024-4bbe-91dc-9704c93f453e} - (no file)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [AceGain LiveUpdate] D:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [vtrshm] D:\DOCUME~1\Joeri\APPLIC~1\oacrlprl.exe -QuieT
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [rundll] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [systray] D:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [belt] D:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [Windows SA] D:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WindUpdates] D:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [tgiqsvj] D:\WINDOWS\System32\csjqymf.exe
O4 - HKLM\..\Run: [DM_Server] D:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [zango] d:\program files\zango\zango.exe
O4 - HKLM\..\Run: [Classes] D:\WINDOWS\System32\intl.exe
O4 - HKLM\..\Run: [SFLEX3V] D:\WINDOWS\System32\SFLEX3V.exe
O4 - HKCU\..\Run: [Atle] D:\Documents and Settings\Joeri\Application Data\trce.exe
O4 - HKCU\..\Run: [Llgwxsa] D:\WINDOWS\System32\lhlbwl.exe
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/j7834g.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...cd 8fbd906de4c
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/inetdl.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/be/2/060208be.exe
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50181/QDow_AS2.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.advnt01.com/dialer/belgio_ver3.CAB
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://infinity.zango.com/gateway/r...b?productid=542
O16 - DPF: {D470E751-134E-4CD3-8F69-66A5A74AF533} - http://www.twilightzones.be/dutch_warez.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/download.CAB


Andere:
D:\joeri\Tekst bestanden\ssmon3\ssmgr.exe (=> Spysoftware, mogelijk bewust geïnstalleerd ?)
O4 - HKLM\..\Run: [ssmgr] ssmon (=> idem als hierboven)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing (=> probeer deze ook eens te fixen)

Post na fixen en reboot eens een nieuwe logfile...

Steven

Drjoeri
23 augustus 2004, 10:59
ja bedankt

PS: ja het is bewust :rofl: