Vraag & Antwoord

Beveiliging & privacy

Even hulp bij hjackthis

Anoniem
None
6 antwoorden
 • Graag even hulp bij onderstaande logfile.
  Op de betreffende PC kan ik geen Internet en Mail ophalen en ontvangen.
  Er is wel verbinding.

  Logfile of HijackThis v1.97.7
  Scan saved at 10:46:10, on 7-10-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\igfxtray.exe
  C:\WINDOWS\System32\hkcmd.exe
  C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
  C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
  C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\WINDOWS\updatetc.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
  C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
  C:\Compaq\EAKDRV\EAUSBKBD.EXE
  C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
  C:\Documents and Settings\Administrator\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
  C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
  C:\WINDOWS\msagent\AgentSvr.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joosten.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0413/bl7.asp
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
  O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Games toolbar - {02ffc86e-283e-4faa-95d6-addca024f30a} - C:\Program Files\Games\tbGame.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
  O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
  O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
  O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [tpcupdater] C:\WINDOWS\updatetc.exe
  O4 - HKLM\..\Run: [Games toolbar] rundll32.exe "C:\PROGRA~1\Games\tbGame.dll" DllShowTB
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
  O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/[x].CHM::/sp.exe
  O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
  O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37902.1361226852
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{CE88923E-D691-4452-8B62-E7CA7C08BED8}: NameServer = 212.142.28.66
 • Download LSPFix.
  Start het programma.
  Plaats een vinkje bij I know what I am doing.
  Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: [b:23f8716056]lspak.dll[/b:23f8716056]
  (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!)
  Klik op Finish en start de computer opnieuw.

 • Marc, je bent geweldig. Het werkt weer.

  Hierbij de nieuwe log.

  Logfile of HijackThis v1.98.2
  Scan saved at 16:58:27, on 7-10-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\igfxtray.exe
  C:\WINDOWS\System32\hkcmd.exe
  C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
  C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
  C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
  C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
  C:\Compaq\EAKDRV\EAUSBKBD.EXE
  C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joosten.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0413/bl7.asp
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Games toolbar - {02ffc86e-283e-4faa-95d6-addca024f30a} - C:\Program Files\Games\tbGame.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
  O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
  O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
  O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [Games toolbar] rundll32.exe "C:\PROGRA~1\Games\tbGame.dll" DllShowTB
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O17 - HKLM\System\CCS\Services\Tcpip\..\{CE88923E-D691-4452-8B62-E7CA7C08BED8}: NameServer = 212.142.28.66
 • Hallo Gerben1,

  Deze toolbar ken je?
  O3 - Toolbar: Games toolbar - {02ffc86e-283e-4faa-95d6-addca024f30a} - C:\Program Files\Games\tbGame.dll

  groeten,
  Marc
 • Ja, die had ik al gezien.
  Kan volgens mij via programma,s verwijderd worden. Ik hou hem in de gaten (Het is gelukkig niet mijn eigen PC.
 • Als je die O2 fixt met Hijackthis, deze hoort er ook bij:
  O4 - HKLM\..\Run: [Games toolbar] rundll32.exe "C:\PROGRA~1\Games\tbGame.dll" DllShowTB

  groeten,

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.