Vraag & Antwoord

Anders (software)

HiJackThis

Anoniem
M@rc
4 antwoorden
 • Met HiJackThis heb ik een log-file van de instellingen op mijn PC. Ik kan mij voorstellen dat er processen worden opgestart waarvan ik vind dat dit niet moet. Nu is het moeilijk voor mij om te beoordelen welke processen niet opgestart mogen worden. Wie kan mij de juiste info aanreiken zodat de overbodige processen niet meer worden opgestart?

  Logfile of HijackThis v1.97.7
  Scan saved at 11:29:43, on 22-2-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
  C:\Program Files\CA\eTrust Antivirus\InoRT.exe
  C:\Program Files\CA\eTrust Antivirus\InoTask.exe
  C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Crazy Browser\Crazy Browser.exe
  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
  C:\Documents and Settings\Theo de Laat.CP250696-A\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tefs.com/passthrough/index.html?http://www.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.aldi.com/
  R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
  O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
  O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe
  O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
  O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  O4 - HKLM\..\Run: [cousl] C:\DOCUME~1\THEODE~1.CP2\APPLIC~1\stvieemc.exe -QuieT
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe
  O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
  O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
  O4 - Startup: Registration-Instant VideoAlbum.lnk = C:\Program Files\Pinnacle\Instant VideoAlbum\Register\RegTool.exe
  O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
  O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
  O9 - Extra button: Real.com (HKLM)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
  O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1069953486687
  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
 • Sluit alle open vensters, run HijackTHis nog een keer en laat volgende items zeker repareren:

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tefs.com/passthrough/index.html?http://www.home.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tefs.com/searchbar.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://tefs.com/searchbar.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tefs.com/searchbar.html

  R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB


  Deze moeten niet mee opstarten
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - Startup: Registration-Instant VideoAlbum.lnk = C:\Program Files\Pinnacle\Instant VideoAlbum\Register\RegTool.exe
  O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
  O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

  Messenger moet ook niet mee opstarten.

  Dit kan ik niet direct thuisbrengen maar ziet er wel verdacht uit:
  O4 - HKLM\..\Run: [cousl] C:\DOCUME~1\THEODE~1.CP2\APPLIC~1\stvieemc.exe -QuieT
 • Dit ruimt lekker op, bedankt voor je reactie.
 • wat doet dit ?

  O4 - HKLM\..\Run: [Dit] Dit.exe


  Peter

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.