Vraag & Antwoord

Anders (software)

HiJackThis

4 antwoorden
  • Met HiJackThis heb ik een log-file van de instellingen op mijn PC. Ik kan mij voorstellen dat er processen worden opgestart waarvan ik vind dat dit niet moet. Nu is het moeilijk voor mij om te beoordelen welke processen niet opgestart mogen worden. Wie kan mij de juiste info aanreiken zodat de overbodige processen niet meer worden opgestart? Logfile of HijackThis v1.97.7 Scan saved at 11:29:43, on 22-2-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Documents and Settings\Theo de Laat.CP250696-A\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tefs.com/passthrough/index.html?http://www.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.aldi.com/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [cousl] C:\DOCUME~1\THEODE~1.CP2\APPLIC~1\stvieemc.exe -QuieT O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - Startup: Registration-Instant VideoAlbum.lnk = C:\Program Files\Pinnacle\Instant VideoAlbum\Register\RegTool.exe O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1069953486687 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
  • Sluit alle open vensters, run HijackTHis nog een keer en laat volgende items zeker repareren: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tefs.com/passthrough/index.html?http://www.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB Deze moeten niet mee opstarten O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - Startup: Registration-Instant VideoAlbum.lnk = C:\Program Files\Pinnacle\Instant VideoAlbum\Register\RegTool.exe O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe Messenger moet ook niet mee opstarten. Dit kan ik niet direct thuisbrengen maar ziet er wel verdacht uit: O4 - HKLM\..\Run: [cousl] C:\DOCUME~1\THEODE~1.CP2\APPLIC~1\stvieemc.exe -QuieT
  • Dit ruimt lekker op, bedankt voor je reactie.
  • wat doet dit ? O4 - HKLM\..\Run: [Dit] Dit.exe Peter

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.