Mededeling

Collapse
No announcement yet.

Log

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Log

    Kheb shortcuts op mijn desktop die niet wegwillen en een search toolbar
    Dit is mijn hijack log;

    Logfile of HijackThis v1.99.0
    Scan saved at 15:05:08, on 30-12-2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\WINNT\Explorer.EXE
    C:\Program Files\Sygate\SHN\sgserv.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Sygate\SHN\Sygate.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINNT\Mixer.exe
    C:\WINNT\NCLAUNCH.EXe
    C:\Documents and Settings\Ron Bakker\Application Data\thes.exe
    C:\WINNT\system32\??oolsv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\B414B7E9.DLL
    C:\Documents and Settings\Ron Bakker\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dnegigwzzwhqp.com/i_76LWI9/R3Uy2tME93843GT3GmJeBcXMLrT9io/oNbIockCrzyTap2OCxG9FQB5.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insidegamer.nl/
    R3 - Default URLSearchHook is missing
    O1 - Hosts file is located at: C:\WINNT\help\hosts
    O2 - BHO: (no name) - {9493A301-6AED-1043-E95F-3C7615635097} - C:\WINNT\system32\szy.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {D8BE9F67-52DF-2179-D93F-0FC53E704696} - C:\WINNT\system32\nspxjue.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TISDNMonitor] C:\Program Files\TELES\ISDN Tools\tisdnmon.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SyGateManager] C:\Program Files\Sygate\SHN\Sygate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ezqncxit] C:\WINNT\ezqncxit.exe
    O4 - HKLM\..\Run: [efoh] C:\WINNT\efoh.exe
    O4 - HKLM\..\Run: [userpartmodevc] C:\Documents and Settings\All Users\Application Data\Waysurfuserpart\HOPE SIZE.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Eggs manager] C:\DOCUME~1\RONBAK~1\APPLIC~1\WMADEB~1\Wipe idle regs.exe
    O4 - HKCU\..\Run: [Tnct] C:\Documents and Settings\Ron Bakker\Application Data\thes.exe
    O4 - HKCU\..\Run: [Shfyfxjo] C:\WINNT\system32\??oolsv.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATBrowser.ocx
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3376F408-56A4-11D2-8151-0060080BE220} (NATOptionsFrame) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATOptionsFrame.ocx
    O16 - DPF: {371A7A46-F599-11D3-B7BD-005004612419} (NATSystemInfo Control) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATSystemInfo.ocx
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/nl/win/QuickTimeInstaller.exe
    O16 - DPF: {4463B7D8-4DFA-11D2-8149-0060080BE220} (NATTab) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATTab.ocx
    O16 - DPF: {4980E716-1E2F-11D2-A7E4-006097AF4716} (NATTree) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATTree.ocx
    O16 - DPF: {50BC707B-4BA0-11D2-8146-0060080BE220} (NATEditBox) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATEditBox.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02ad5ff52d22895cd322/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9769EE28-4D2F-11D2-8148-0060080BE220} (NATList) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATList.ocx
    O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
    O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATGrid.ocx
    O16 - DPF: {B3106D38-576C-11D2-8152-0060080BE220} (NATCombo) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATCombo.ocx
    O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\RONBAK~1\LOCALS~1\Temp\NATMeeting.dll
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC356DF-9640-43FA-9A5E-3151B0A480AE}: NameServer = 195.121.1.34 195.121.1.66
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
    O23 - Service: F-Secure BackWeb - Unknown - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SyGateService - Sygate technologies Inc. - C:\Program Files\Sygate\SHN\sgserv.exe
    Labels: Geen
  • #2
    Ik zie dat hijackthis.exe nog in je temp-map staat. Dit is geen goede plaats aangezien hijackthis backups maakt en die backups kunnen verwijderd worden zolang die in je tempmap blijven staan.
    Maak daarvoor een permanente map aan:
    Ga naar Deze Computer > C > Program Files. Klik op Bestand > Nieuw > Map. Noem deze map HijackThis.
    Plaats nu de HijackThis.exe in die map.

    Je hebt blijkbaar messenger plus met sponsers geïnstalleerd. Dus, ik raad je aan om eerst messenger plus te deïnstalleren. Die kan je wanneer je systeem terug clean is terug installeren, maar deze keer zonder sponsers. (Deze optie kan je kiezen bij het begin van de installatie).

    Tijdens de uninstall ervan zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
    Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
    Dan gewoon verdere instructies opvolgen die gegeven worden.

    Daarna deïnstalleer je SpywareRemover (BPS Spyware & Adware Remover)
    Lees hier waarom: http://www.spywarewarrior.com/rogue_...e.htm#products

    REBOOT je pc daarna en plaats hier een nieuw hijackthislogje.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog

    Comment

    • #3
      Aangezien reactie is uitgebleven, veronderstel ik dat het probleem is opgelost en sluit ik deze thread.

      Comment

      Vorige template Volgende
      Working...
      X