Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack-log in verband met onwisbare exe.file in temp

haakman
5 antwoorden
  • Logfile of HijackThis v1.99.0
    Scan saved at 13:30:29, on 1-1-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    C:\Program Files\Everstrike Software\Universal Shield 3.2.0\US30Service.exe
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\system32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SysDate\SysDate.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Spam CSI - Crime Scene Investigator\Spam CSI.exe
    C:\Program Files\Teletekstbrowser\Teletekst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Eset
    od32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\All Users\Application Data\CDROM TRUST BASH TWO\HOLD KIND.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\All Users\Application Data\CDROM TRUST BASH TWO\HOLD KIND.exe
    C:\Documents and Settings\All Users\Application Data\CDROM TRUST BASH TWO\HOLD KIND.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spyware Stormer\SpywareStormer.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krantenkoppen.be/?rub=koppen&cat=nedkr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
    R3 - URLSearchHook: HyperSearchHook - {AA736426-ED36-49CF-83A6-4C87A9ECEBF4} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {A743A1C7-EC5E-B87B-5CD5-DB41372BBEE1} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\USERCA~1\adminiso.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [Bash Two Poke Rect] C:\Documents and Settings\All Users\Application Data\CDROM TRUST BASH TWO\Size heart.exe
    O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STORE WMA] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GLUEDE~1\Creative regs.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
    O4 - HKCU\..\Run: [SysDate] "C:\Program Files\SysDate\SysDate.exe"
    O4 - Startup: Sitecom WL-112.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe
    O4 - Startup: Spam CSI.exe.lnk = C:\Program Files\Spam CSI - Crime Scene Investigator\Spam CSI.exe
    O4 - Startup: Teletekst.lnk = C:\Program Files\Teletekstbrowser\Teletekst.exe
    O4 - Global Startup: SysDate.exe
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: eReference - C:\eRef\ahd.htm
    O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092985887855
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: IomegaAccess - Unknown - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Tmesbs32 - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    O23 - Service: US30Service - Unknown - C:\Program Files\Everstrike Software\Universal Shield 3.2.0\US30Service.exe
    O23 - Service: Virtual CD v5 Security service - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: ZipToA - Unknown - C:\WINDOWS\System32\ZipToA.exe







  • Zorg dat alle verborgen bestanden weergegeven worden.

    Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
    Spyware Stormer
    Messengerplus
    Run nadien deze uninstaller:
    http://lop.com/new_uninstall.exe
    http://lop.com/toolbar_uninstall.exe

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:4dc2b5a7a4]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

    R3 - URLSearchHook: HyperSearchHook - {AA736426-ED36-49CF-83A6-4C87A9ECEBF4} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    O2 - BHO: (no name) - {A743A1C7-EC5E-B87B-5CD5-DB41372BBEE1} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\USERCA~1\adminiso.exe

    O4 - HKLM\..\Run: [Bash Two Poke Rect] C:\Documents and Settings\All Users\Application Data\CDROM TRUST BASH TWO\Size heart.exe
    O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
    O4 - HKCU\..\Run: [STORE WMA] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GLUEDE~1\Creative regs.exe

    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

    [/b:4dc2b5a7a4]

    Verwijder de volgende bestanden en/of mappen indien aanwezig:
    C:\Program Files\Spyware Stormer
    C:\Documents and Settings\All Users\Application Data\CDROM TRUST BASH TWO
    C:\Program Files\Common Files\Hyperbar

    Ga naar start - uitvoeren en tik in: %TEMP%
    Je Temp-map wordt geopend. Selecteer alle bestanden en verwijder ze.

    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • Hier is mijn nieuwe hijack. Hartelijk dank voor alle moeite. Momenteel zit het exe bestand niet meer in mijn Temp folder. AH

    Logfile of HijackThis v1.99.0
    Scan saved at 20:46:48, on 1-1-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    C:\Program Files\Everstrike Software\Universal Shield 3.2.0\US30Service.exe
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\system32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
    C:\Program Files\SysDate\SysDate.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SysDate.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe
    C:\Program Files\Spam CSI - Crime Scene Investigator\Spam CSI.exe
    C:\Program Files\Teletekstbrowser\Teletekst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krantenkoppen.be/?rub=koppen&cat=nedkr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
    O4 - HKCU\..\Run: [SysDate] "C:\Program Files\SysDate\SysDate.exe"
    O4 - Startup: Sitecom WL-112.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe
    O4 - Startup: Spam CSI.exe.lnk = C:\Program Files\Spam CSI - Crime Scene Investigator\Spam CSI.exe
    O4 - Startup: Teletekst.lnk = C:\Program Files\Teletekstbrowser\Teletekst.exe
    O4 - Global Startup: SysDate.exe
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: eReference - C:\eRef\ahd.htm
    O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092985887855
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Tmesbs32 - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    O23 - Service: US30Service - Unknown - C:\Program Files\Everstrike Software\Universal Shield 3.2.0\US30Service.exe
    O23 - Service: Virtual CD v5 Security service - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe






  • Ik heb de nieuwe log gepost als antwoord op de eerdere. Dank!
  • Ziet er goed uit.
    Als alle problemen opgelost zijn doe het volgende:
    Maak de map met tijdelijke internetbestanden leeg: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.

    Maak je Prullenbak leeg.

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Systeemherstel uitschakelen.

    Bezoek regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

    Installeer ook SpywareBlaster en Spywareguard.
    Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.