Mededeling

Collapse
No announcement yet.

hijack log

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    hijack log

    hier is de mijne ..

    Logfile of HijackThis v1.98.2
    Scan saved at 10:16:03, on 23-10-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Util\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SYSTEM32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Util\NORTON~1\navapw32.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
    C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Util\WinZip\WZQKPICK.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Temporary Internet Files\Content.IE5\Q38JXU7E\HijackThis19802[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ratten.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://runonce.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: MyTotalSearch Search Assistant BHO - {00BD2861-C654-4694-A44A-98642D73247D} - C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Util\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mtsBar BHO - {094176F1-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Util\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Util\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
    O3 - Toolbar: My &Total Search - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\sistray.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\Util\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Util\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusearch.html?p=VNxmk14246NL
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
    O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} - http://sls.switchpoint.com/Connect/switchpoint/5.1/Starter.cab
    Labels: Geen
  • #2
    Oorspronkelijk geplaatst door Sanne

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    R3 - Default URLSearchHook is missing

    O2 - BHO: MyTotalSearch Search Assistant BHO - {00BD2861-C654-4694-A44A-98642D73247D} - C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.DLL (file missing)
    O2 - BHO: mtsBar BHO - {094176F1-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL (file missing)

    O3 - Toolbar: My &Total Search - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL (file missing)

    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
    O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE

    O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusea...p=VNxmk14246NL

    O16 - DPF: {F630A6F3-F89E-4374-99CC-28A8AA003208} - http://sls.switchpoint.com/Connect/s....1/Starter.cab


    Hoi Sanne,

    Je draait HijackThis vanuit de map met tijdelijke internetbestanden. Dat is onverstandig, want die map wordt nogal eens geleegd en dan raak je dus het programma alsmede de back-ups die het aanmaakt kwijt. Maak dus even een eigen, permanente map voor HijackThis, bijvoorbeeld C:\Program Files\HJT. Plaats HijackThis in die map en draai het nu dus vanuit die map.


    1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

    2. Herstart de pc in veilige modus.
    Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

    Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
    Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

    Verwijder nu, in veilige modus dus, de volgende mappen (voor zover nog aanwezig):

    C:\Program Files\180solutions <- die map
    C:\Program Files\MyTotalSearch <- die map

    3. Herstart de pc in 'normale modus'.

    4. Maak een nieuw log en plaats dat hier.

    Comment

    • #3
      oke thnx buffy!

      K zal t zo snel mogelijk doen en het dan opnieuwe hier neerzetten

      Comment

      • #4
        Aangezien reactie is uitgebleven, veronderstel ik dat het probleem is opgelost en sluit ik deze thread.

        Comment

        Vorige template Volgende
        Working...
        X