ff checken

Status
Niet open voor verdere reacties.
I

ingi20

Gebruiker
Lid geworden
12 jul 2003
Berichten
12
Wil iemand voor mij effe checken wat ik hier kan verwijderen.
Bedankt!

[mod]
klein stukje ingekort om het wat overzichtelijker te houden. en aangezien het log toch twee berichten hier onder staat...
[/mod]
 
Laatst bewerkt door een moderator:
ik heb je instructie's gedaan

Logfile of HijackThis v1.95.0
Scan saved at 22:14:26, on 12-7-2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TEMP\ICSUPP95.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\MLH\LAUNCHER.EXE
C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1043\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBINST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=+s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=+s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=+s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=+s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer van Het Net
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBHOSTIE.DLL
O3 - Toolbar: Gouden Gids - {165EAF06-A068-4BE1-8418-D92B2A196878} - C:\WINDOWS\SYSTEM\GOUDENGIDSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBHOSTIE.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\MLH\launcher.exe" /P
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBINST.EXE /Upgrade
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Suggestions (HKLM)
O9 - Extra button: Vind! (HKLM)
O9 - Extra 'Tools' menuitem: Gouden Gids Toolbar (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\csesck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\csesck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\csesck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\csesck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\csesck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\csesck32.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.cavello.com/dialxs/plugins/d/1/251/nl.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37654.4877546296
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {3964E4B3-0B68-11D7-AAED-0003473E3F3F} (WBMController Object) - http://www.metrixlab.com/download/WBMLib.CAB
 
Hoi ingi20,

Vink de onderstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=+s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=+s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=+s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=+s
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBHOSTIE.DLL
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBHOSTIE.DLL
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\MLH\launcher.exe" /P
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.1.0\HBINST.EXE /Upgrade
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.cavello.com/dialxs/plugins/d/1/251/nl.exe
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {3964E4B3-0B68-11D7-AAED-0003473E3F3F} (WBMController Object) - http://www.metrixlab.com/download/WBMLib.CAB

Start dan opnieuw op, liefts in veilige modus en verwijder:
C:\Program Files\DelFin <= volledige map
C:\PROGRAM FILES\HOTBAR <= volledige map
C:\Program Files\Common Files\Teknum Systems <= volledige map
C:\Program Files\PrecisionTime <= volledige map
C:\Program Files\Date Manager <= volledige map

Groetjes,

Pieter
 
Ik heb ze verwijderd, alleen

C:\Program Files\Common Files\Teknum Systems <= volledige map

niet. hier krijg ik een melding of ik het zeker weet dat ik deze wil verwijderen zo ja dan kan je bepaalde programma's niet meer gebruiken. Moet ik dan alleen die teknum systems verwijderen of de hele map common files??????????
(teknum systems staat niet in de comp).

en
C:\Program Files\PrecisionTime <= volledige map

staat ook niet in de comp.


Groetjes ingi
 
Niet de hele map Common Files verwijderen!!
Van die waarschuwing hoef je je niks aan te trekken. Het is juist de bedoeling om Teknum niet meer te gebruiken.
Als Precision Time al weg is, des te beter.

Groetjes,

Pieter
 
Deze kan ook nog weg:

C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE

Groetjes,
Bennie
 
5blij.gif


Groetjes,
Bennie
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan