Vraag & Antwoord

Beveiliging & privacy

graag controle hijackthislog

10 antwoorden
  • [b:9bff348fc4]Logfile of HijackThis v1.99.0[/b:9bff348fc4] Scan saved at 20:08:41, on 3/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe D:\Geert\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/klanten.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.belgacom.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/ R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [setupaxiscastmanager] C:\Documents and Settings\All Users\Application Data\slow poll setup axis\Eqscr.exe O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bofwlsl] C:\WINDOWS\bofwlsl.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe O4 - HKLM\..\Run: [Grid Five Log Open] C:\Documents and Settings\All Users\Application Data\sixth hold grid five\MeetTest.exe O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess O4 - HKCU\..\Run: [Mail Scanner] D:\Geert\Geert-files\Web\SpamOff.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing) O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Alvast bedankt, Guft. :wink:
  • Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: Messengerplus Clocksync New.net Application en NewDotNet (Domains) Staan deze er niet tussen, dan kijk je in de dan map c:\Progam Files\NewDotNet. Zoek een in die map naar een bestand uninstallX_XX.exe. De waarde van X (een cijfer) hangt af van de versie van New.net die geïnstalleerd is op de computer. Vind je de uninstaller ook niet in de map c:\Progam Files\NewDotNet, dan kijk je in de map C:\Windows naar een bestand NDNuninstallX_XX.exe. (zelfde verhaal voor de X.) Is deze ook niet aanwezig dan kan je deze uninstaller downloaden: http://www.new.net/support/uninstall6_38.exe Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:b9566be658] O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE O4 - HKLM\..\Run: [setupaxiscastmanager] C:\Documents and Settings\All Users\Application Data\slow poll setup axis\Eqscr.exe O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe O4 - HKLM\..\Run: [bofwlsl] C:\WINDOWS\bofwlsl.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess O4 - HKLM\..\Run: [Grid Five Log Open] C:\Documents and Settings\All Users\Application Data\sixth hold grid five\MeetTest.exe O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing) O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) [/b:b9566be658] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\jawa32.exe C:\WINDOWS\bofwlsl.exe Verwijder de volgende mappen indien aanwezig: C:\Documents and Settings\All Users\Application Data\sixth hold grid five C:\Documents and Settings\All Users\Application Data\slow poll setup axis Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Download vindjob.zip: http://users.telenet.be/marcvn/tools/vindjob.zip Unzip het naar je bureaublad, dubbelklik op vindjob.bat. Er opent een kladblokbestand. Post de inhoud van dit bestand ook.
  • Nog geen stappen uitgevoerd. Welke processen moet ik beëindigen via taakbeheer? Guft.
  • [quote:925c09bcaa="guft"]Welke stappen moet ik beëindigen via taakbeheer? [/quote:925c09bcaa] Dat mag je negeren. Vergeten te deleten in de fix. edit: aangepast.
  • -------------------- De volumenaam van station C is BOOT Het volumenummer is A03B-3B78 Map van C:\WINDOWS\tasks 29/01/2005 19:00 <DIR> . 29/01/2005 19:00 <DIR> .. 05/02/2005 15:00 234 A59EE28591819DF9.job 05/02/2005 15:00 268 A997AE88918425EC.job 05/02/2005 15:00 264 AB18CE18918343F4.job 05/02/2005 15:00 276 AC58B10B9123275B.job 05/02/2005 15:00 284 ACD24EE791B9C387.job 05/02/2005 15:00 236 AF97BFAB91803103.job 11/09/2002 13:00 65 desktop.ini 05/02/2005 14:48 6 SA.DAT 8 bestand(en) 1.633 bytes Map van C:\unzipped\vindjob -------------------- Logfile of HijackThis v1.99.0 Scan saved at 14:57:40, on 5/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe D:\Geert\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/klanten.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.belgacom.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/ R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess O4 - HKCU\..\Run: [Mail Scanner] D:\Geert\Geert-files\Web\SpamOff.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---------------- Alvast bedankt, Guft.
  • Open een kladblok bestand en kopieer onderstaande code in dit bestand. Sla het op als deljob.bat. [code:1:120674a8fa] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A59EE28591819DF9.job del A59EE28591819DF9.job attrib -r -s -h A997AE88918425EC.job del A997AE88918425EC.job attrib -r -s -h AB18CE18918343F4.job del AB18CE18918343F4.job attrib -r -s -h AC58B10B9123275B.job del AC58B10B9123275B.job attrib -r -s -h ACD24EE791B9C387.job del ACD24EE791B9C387.job attrib -r -s -h AF97BFAB91803103.job del AF97BFAB91803103.job [/code:1:120674a8fa] Dubbelklik op deljob.bat Fix deze sleutels deze met hijackthis: [b:120674a8fa] R3 - Default URLSearchHook is missing O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess [/b:120674a8fa] Herstart de computer, en maak een nieuwe hijackthislog. Maak ook een nieuwe log met vindjob. Post beide resultaten.
  • [b:9e8209c50d]Logfile of HijackThis v1.99.0[/b:9e8209c50d] Scan saved at 23:25:03, on 6/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe D:\Geert\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/klanten.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.belgacom.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/ O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe" O4 - HKCU\..\Run: [Mail Scanner] D:\Geert\Geert-files\Web\SpamOff.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -------------------- De volumenaam van station C is BOOT Het volumenummer is A03B-3B78 Map van C:\WINDOWS\tasks 06/02/2005 23:13 <DIR> . 06/02/2005 23:13 <DIR> .. 06/02/2005 14:00 284 A23166B191EB1AD1.job 06/02/2005 14:00 268 A8570146918CB7E6.job 11/09/2002 13:00 65 desktop.ini 06/02/2005 23:23 6 SA.DAT 4 bestand(en) 623 bytes 2 map(pen) 67.110.694.912 bytes beschikbaar De volumenaam van station D is BACKUP Het volumenummer is D042-2572 ------------------------ Alvast bedankt, Guft. :wink:
  • Open een kladblok bestand en kopieer onderstaande code in dit bestand. Sla het op als deljob.bat. [code:1:39bf40570a] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A23166B191EB1AD1.job del A23166B191EB1AD1.job attrib -r -s -h A8570146918CB7E6.job del A8570146918CB7E6.job [/code:1:39bf40570a] Run deljob.bat Herstart de computer en maak 2 nieuwe logjes.
  • [b:c95bce248c]Logfile of HijackThis v1.99.0[/b:c95bce248c] Scan saved at 13:27:45, on 7/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Geert\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/klanten.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.belgacom.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/ O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe" O4 - HKCU\..\Run: [Mail Scanner] D:\Geert\Geert-files\Web\SpamOff.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ------------------- De volumenaam van station C is BOOT Het volumenummer is A03B-3B78 Map van C:\WINDOWS\tasks 07/02/2005 13:14 <DIR> . 07/02/2005 13:14 <DIR> .. 11/09/2002 13:00 65 desktop.ini 07/02/2005 13:15 6 SA.DAT 2 bestand(en) 71 bytes 2 map(pen) 67.106.996.224 bytes beschikbaar De volumenaam van station D is BACKUP Het volumenummer is D042-2572 -------------- Alvast bedankt, Guft. :wink:
  • Ziet er weer goed uit guft. Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%. Selecteer alle bestanden in deze map en verwijder ze. Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen. Maak je Prullenbak leeg. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Systeemherstel uitschakelen[/url]. Bezoek regelmatig de [url=http://www.windowsupdate.com]Windows Update Site[/url]. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Installeer ook [url=http://www.javacoolsoftware.com/spywareblaster.html]SpywareBlaster[/url] en [url=http://www.javacoolsoftware.com/spywareguard.html]Spywareguard[/url]. Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Meer info over hoe je een nieuwe infectie kan voorkomen vind je [url=http://users.pandora.be/marcvn/spyware/1564073.htm]hier[/url].

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.