Archief - hijackthis log plz check

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Smrt617

Legacy Member
Logfile of HijackThis v1.99.1
Scan saved at 20:26:31, on 9/05/2005
Platform: Windows 2003 SP1, v.1218 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.0000)

Running processes:
D:\WINDOWS\SysWOW64\svchost.exe
D:\Program Files (x86)\MSN Messenger\msnmsgr.exe
D:\WINDOWS\syswow64\ctfmon.exe
D:\Program Files (x86)\Messenger\msmsgs.exe
D:\WINDOWS\syswow64\rundll32.exe
D:\Program Files (x86)\SETI@home\[email protected]
D:\Program Files (x86)\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files (x86)\Telemeter 3.0\telemeter3.exe
D:\Program Files (x86)\Java\j2re1.4.2_06\bin\jucheck.exe
D:\WINDOWS\switpb.exe
D:\WINDOWS\syswow64\rundll32.exe
D:\WINDOWS\system32\wini.exe
D:\Program Files\AdTools Service\AdTools.exe
D:\temp\salm.exe
D:\Program Files (x86)\ISTsvc\istsvc.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\WINDOWS\ypkz.exe
D:\Program Files\Preview AdService\PrevAdServ.exe
D:\Program Files (x86)\Common Files\InterVideo\SchSvr\SchSvr.exe
D:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Preview AdService\PrevAdKeep.exe
D:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Program Files\Bfmrkeg\Yyynmwo.exe
D:\Program Files (x86)\QuickTime\qttask.exe
D:\WINDOWS\hlypmih.exe
D:\WINDOWS\SysWow64\nsvsvc\nsvsvc.exe
D:\WINDOWS\SysWow64\picsvr\picsvr.exe
D:\PROGRA~2\MOZILL~1\FIREFOX.EXE
C:\Program Files\Teamspeak2_RC2\teamsp.exe
D:\DOCUME~1\admin\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wwwysbweb.com/uninstall/removed.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINDOWS\BTGrab.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem303.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files (x86)\SideFind\sfbho.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - D:\Program Files (x86)\AV VCS 3.0 GOLD\Vcs3RT.dll
O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - D:\WINDOWS\SysWow64\srchbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\j2re1.4.2_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "D:\Program Files (x86)\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [switp] D:\WINDOWS\switpb.exe
O4 - HKLM\..\Run: [chhpstx] d:\windows\SysWow64\chhpstx.exe
O4 - HKLM\..\Run: [farmmext] D:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [virtual-machine] wini.exe
O4 - HKLM\..\Run: [AdTools Service] D:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
O4 - HKLM\..\Run: [IST Service] "D:\Program Files (x86)\ISTsvc\istsvc.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ypkz] D:\WINDOWS\ypkz.exe
O4 - HKLM\..\Run: [Preview AdService] D:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "D:\Program Files (x86)\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "D:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Lokmeg] C:\Program Files\Bfmrkeg\Yyynmwo.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [crvcT] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] D:\Program Files (x86)\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
O4 - HKLM\..\Run: [PowerStrip] d:\program files (x86)\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [crvÉ‹š/‚²™ï0ßb#\bIŠD:\Program Files (x86)\ISTsvc\istsvc.exe] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [firlnin] D:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\6BMLM7Q7\delf061225[1].exe
O4 - HKLM\..\Run: [Nsv] D:\WINDOWS\SysWow64\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINDOWS\SysWow64\picsvr\picsvr.exe
O4 - HKLM\..\Run: [crvÉ‹š/‚²™ï0ßbIŠ•ˆõD:\Program Files (x86)\ISTsvc\istsvc.exe] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKLM\..\RunServices: [virtual-machine] wini.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [virtual-machine] wini.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files (x86)\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [seticlient] D:\Program Files (x86)\SETI@home\[email protected] -min
O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKCU\..\RunServices: [virtual-machine] wini.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: IDW Logging Tool.lnk = D:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: [email protected] = D:\Program Files (x86)\SETI@home\[email protected]
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Web Rebates - file://D:\Program Files (x86)\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files (x86)\SideFind\sidefind.dll
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - D:\Program Files (x86)\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - D:\Program Files (x86)\Magic NetTrace\MTIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files (x86)\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files (x86)\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\wshbth.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6201E654-A808-4502-B2DB-EC8D4E2103E2}: NameServer = 209.47.15.118,64.157.143.38,
O17 - HKLM\System\CS1\Services\Tcpip\..\{6201E654-A808-4502-B2DB-EC8D4E2103E2}: NameServer = 209.47.15.118,64.157.143.38,
O17 - HKLM\System\CS2\Services\Tcpip\..\{6201E654-A808-4502-B2DB-EC8D4E2103E2}: NameServer = 209.47.15.118,64.157.143.38,
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - D:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Thread Master (ThreadMaster) - Unknown owner - D:\WINDOWS\system32\ThreadMaster\ThreadMast.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - D:\WINDOWS\zeta.exe (file missing)

Ik zit zo met het probleem dat men internet altijd aan het uploaden is (30kb /s) en ik kan daardoor niet deftig online gamen of is surfen ik vind het programma of ding :p zelf niet mss vinden jullie dit (dit word wel op men telemeter aangerekend en das echt klote aan die teleslet shit die telemeter.)

j .

Legacy Member
Ik ga ervan uit dat je zelf windows-toepassingen in de map D:\WINDOWS\SysWOW64 hebt laten installeren, en sommige programma's in D:\Program Files (x86)\

Zet hijackthis in een eigen folder, en maak het log opnieuw.
Backup onmisbare bestanden.(scan die backup later op virussen)
Gebruik spybot.

Verwijder in veilige modus met netwerkondersteuning:
D:\WINDOWS\switpb.exe
D:\WINDOWS\system32\wini.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wwwysbweb.com/uninstall/removed.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REGystem.ini: UserInit=userinit
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINDOWS\BTGrab.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem303.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files (x86)\SideFind\sfbho.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - D:\WINDOWS\SysWow64\srchbar.dll
O4 - HKLM\..\Run: [switp] D:\WINDOWS\switpb.exe
O4 - HKLM\..\Run: [chhpstx] d:\windows\SysWow64\chhpstx.exe
O4 - HKLM\..\Run: [farmmext] D:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [virtual-machine] wini.exe
O4 - HKLM\..\Run: [AdTools Service] D:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
O4 - HKLM\..\Run: [IST Service] "D:\Program Files (x86)\ISTsvc\istsvc.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ypkz] D:\WINDOWS\ypkz.exe
O4 - HKLM\..\Run: [Preview AdService] D:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [Lokmeg] C:\Program Files\Bfmrkeg\Yyynmwo.exe
O4 - HKLM\..\Run: [crvcT] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] D:\Program Files (x86)\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
O4 - HKLM\..\Run: [crvÉ‹š/‚²™ï0ßb#\bIŠD:\Program Files (x86)\ISTsvc\istsvc.exe] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [firlnin] D:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\6BMLM7Q7\delf061225[1].exe
O4 - HKLM\..\Run: [Nsv] D:\WINDOWS\SysWow64\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINDOWS\SysWow64\picsvr\picsvr.exe
O4 - HKLM\..\Run: [crvÉ‹š/‚²™ï0ßbIŠ•ˆõD:\Program Files (x86)\ISTsvc\istsvc.exe] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKLM\..\RunServices: [virtual-machine] wini.exe
O4 - HKCU\..\Run: [virtual-machine] wini.exe
O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKCU\..\RunServices: [virtual-machine] wini.exe
O8 - Extra context menu item: Web Rebates - file://D:\Program Files (x86)\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files (x86)\SideFind\sidefind.dll
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\wshbth.dll' missing

Overbodig:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\j2re1.4.2_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\qttask.exe" -atboottime


Onbekend:
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - D:\Program Files (x86)\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - D:\Program Files (x86)\Magic NetTrace\MTIE.exe


Scan nu on line op virussen: OPTIX.04.D, en nog een paar...

Gebruik nu ad aware/spybot.

Ik zie nog veel sporen van een windows-installatie in c:\windows\system, heb je misschien overgeïnstalleerd in een andere directory/geüpdatet in de andere directory syswow64?
Normaal worden de volgende services niet meer gebruikt, maar er zitten wel vrij onmisbare services tussen indien gebruikt, dus alleen wissen als je zeker bent dat die programma's verwijderd zijn. (N.B. Hijackthis heeft een backupfunctie waarmee je instructies kunt terugzetten).

EDIT: een aantal van die services zijn toch verdacht: lsass.exe wordt 5 keer opgestart met telkens een andere naam?

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Thread Master (ThreadMaster) - Unknown owner - D:\WINDOWS\system32\ThreadMaster\ThreadMast.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - D:\WINDOWS\zeta.exe (file missing)

Post nu een nieuw log.
Ik zou ook een antivirus/firewall/anti-spyware overwegen.

Skeddie

Legacy Member
1. Verwijder via Add/Remove Software:
-EES of OL0.4
-Internet Optimizer
-Wind Updates en/of Preview AdService en/of AdTools Service
-SideFind
-Web Rebates

2. Volg deze instructies bij Removal, deze, deze en deze.

3. Clean Temp files via start-->run-->cleanmgr

4. Reboot in Safe Mode (F8 bij boot) met netwerkverbinding

5. Fix in HJT:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wwwysbweb.com/uninstall/removed.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REGystem.ini: UserInit=userinit
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINDOWS\BTGrab.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINDOWS\wsem303.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files (x86)\SideFind\sfbho.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - D:\WINDOWS\SysWow64\srchbar.dll
O4 - HKLM\..\Run: [switp] D:\WINDOWS\switpb.exe
O4 - HKLM\..\Run: [chhpstx] d:\windows\SysWow64\chhpstx.exe
O4 - HKLM\..\Run: [farmmext] D:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [virtual-machine] wini.exe
O4 - HKLM\..\Run: [AdTools Service] D:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
O4 - HKLM\..\Run: [IST Service] "D:\Program Files (x86)\ISTsvc\istsvc.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ypkz] D:\WINDOWS\ypkz.exe
O4 - HKLM\..\Run: [Preview AdService] D:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [Lokmeg] C:\Program Files\Bfmrkeg\Yyynmwo.exe
O4 - HKLM\..\Run: [crvcT] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] D:\Program Files (x86)\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
O4 - HKLM\..\Run: [crvÉ‹š/‚²™ï0ßb#\bIŠD:\Program Files (x86)\ISTsvc\istsvc.exe] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [firlnin] D:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\6BMLM7Q7\delf061225[1].exe
O4 - HKLM\..\Run: [Nsv] D:\WINDOWS\SysWow64\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINDOWS\SysWow64\picsvr\picsvr.exe
O4 - HKLM\..\Run: [crvÉ‹š/‚²™ï0ßbIŠ•ˆõD:\Program Files (x86)\ISTsvc\istsvc.exe] D:\WINDOWS\hlypmih.exe
O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKLM\..\RunServices: [virtual-machine] wini.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [virtual-machine] wini.exe
O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKCU\..\RunServices: [virtual-machine] wini.exe
O8 - Extra context menu item: Web Rebates - file://D:\Program Files (x86)\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files (x86)\SideFind\sidefind.dll
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\wshbth.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{6201E654-A808-4502-B2DB-EC8D4E2103E2}: NameServer = 209.47.15.118,64.157.143.38,
O17 - HKLM\System\CS1\Services\Tcpip\..\{6201E654-A808-4502-B2DB-EC8D4E2103E2}: NameServer = 209.47.15.118,64.157.143.38,
O17 - HKLM\System\CS2\Services\Tcpip\..\{6201E654-A808-4502-B2DB-EC8D4E2103E2}: NameServer = 209.47.15.118,64.157.143.38,
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Thread Master (ThreadMaster) - Unknown owner - D:\WINDOWS\system32\ThreadMaster\ThreadMast.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - D:\WINDOWS\zeta.exe (file missing)

6. Verwijder manueel of via KillBox als ze er nog zijn.
Voor killbox: selecteer het bestand, kies unregister en eventueel remove at boot als het bestand niet weg wil.
D:\WINDOWS\switpb.exe
D:\WINDOWS\system32\wini.exe
D:\temp\salm.exe
D:\Program Files (x86)\ISTsvc\
D:\Program Files\AdTools Service\
D:\Program Files\Internet Optimizer\
D:\WINDOWS\ypkz.exe
D:\Program Files\Preview AdService\
C:\Program Files\Bfmrkeg\
D:\WINDOWS\hlypmih.exe
D:\WINDOWS\SysWow64\nsvsvc\
D:\WINDOWS\SysWow64\picsvr\
D:\WINDOWS\BTGrab.dll
D:\WINDOWS\nem220.dll
D:\WINDOWS\wsem303.dll
D:\Program Files (x86)\SideFind\
D:\WINDOWS\SysWow64\srchbar.dll
d:\windows\SysWow64\chhpstx.exe
D:\WINDOWS\farmmext.exe
D:\WINDOWS\SysWow64\winis.exe of D:\WINDOWS\winis.exe
D:\WINDOWS\hlypmih.exe
D:\WINDOWS\SYSTEM32\sclgntfy.dll

7. Fix 'd:\windows\system32\wshbth.dll' met LSPFix

8. Fix via HJT-->Config-->Misc Tools-->Delete an NT Service de services die file missing hebben.

9. Doe virusscan via Panda of TrendMicro

10. Reboot en post nieuwe log.

EDIT: meuh ja, hjt logs checken duurt tijdje, daarom de ietwat dubbele logcheck-lijkende post :)

Smrt617

Legacy Member
Ik weet niet o je dat ziet een die programfiles(x86) maar i kheb vergeten te melden dat ik onder windows xp pro 64 bit edition draai eb game enzo maar ik denk dat het door mozilla of steam komt ik zal eerst ff die dingen doen dat jullie gezegd hebben

bedankt voor de moeite
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan