Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis.log ivm trojan

None
15 antwoorden
  • Sinds enige tijd krijg ik een melding van ZoneAlarm dat een programma verbinding zoekt met een website die ik nog nooit had bezocht. Op het oog is het een onschuldige vereniging, waarschijnlijk is hun computer gehackt. Ik zal het ze melden… maar hoe kom ik nou van die trojan af? Ik heb (volgens mij) een NAT in mijn modem en en op elke computer van mijn netwerkje zit ZoneAlarm en een dagelijks bijgewerkte Norton AV 2005, alsmede Windows Defender. Tevens draai ik 1x per week HitmanPro. Nooit een virusmelding gehad. Ik heb een proefversie van TrojanHunter gedraaid, maar die gaf geen afwijkingen aan.
    Wil iemand eens naar mijn HijachTis log kijken of daar wat in te zien is?

    Logfile of HijackThis v1.99.1
    Scan saved at 9:24:49, on 26-6-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe
    C:\windows\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Progs\Norton SystemWorks 2005\Norton AntiVirus
    avapsvc.exe
    C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\Explorer.EXE
    C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\windows\SOUNDMAN.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Progs\Medionkeyboard\KbdAp32A.exe
    C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
    C:\Progs\HandyFind\HandyFind.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Progs\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Progs\TrojanHunter 4.5\THGuard.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Progs\Nuria\Nuria.exe
    C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe
    C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe
    C:\windows\system32\fxssvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\windows\system32\svchost.exe
    C:\Progs\TotalCmd\TOTALCMD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\R5DEB~1.BOR\LOCALS~1\Temp\_tc\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -

    C:\Progs\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Progs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

    Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton SystemWorks

    2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton

    SystemWorks 2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator

    5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Progs\Medionkeyboard\KbdAp32A.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Progs\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L

    ElbyCDFL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
    O4 - HKLM\..\Run: [HandyFind Utility] C:\Progs\HandyFind\HandyFind.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Progs\Norton SystemWorks 2005\Norton

    Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AcctMgr] C:\Progs\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Progs\TrojanHunter 4.5\THGuard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Progs\Norton SystemWorks 2005\cfgwiz.exe" /GUID

    {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [Nuria] C:\Progs\Nuria\Nuria.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat

    7.0\Reader\reader_sl.exe
    O4 - Global Startup: Elsevier Bedrijfsinformatie bv.lnk = C:\Progs\Kramers Talen cd-rom

    2.0\KT_quickstart.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Progs\Norton SystemWorks 2005\Norton

    GoBack\GBTray.exe
    O8 - Extra context menu item: &Google Zoeken - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Download with GetRight - C:\Progs\GetRight\GRdownload.htm
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Open with GetRight Browser - C:\Progs\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

    C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) -

    https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

    Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -

    https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

    https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

    http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11294

    05640000
    O16 - DPF: {A0D8CBD7-1223-4A64-B603-D6680A055A08} (FRSActiveX) -

    https://secured.payvisionbilling.com/DownloadManager/FRSActiveX.ocx
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information

    Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

    https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -

    https://www.p3.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Progs\Norton

    SystemWorks 2005\Norton GoBack\GBPoll.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation -

    C:\Progs\Norton SystemWorks 2005\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton

    Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -

    C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation -

    C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. -

    C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton

    AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation -

    C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 -

    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Alvast bedankt,
    Rob
  • * [u:9e6a1b44ba]Clean de Cache and Cookies in IE[/color:9e6a1b44ba][/u:9e6a1b44ba]:[list:9e6a1b44ba][*:9e6a1b44ba][b:9e6a1b44ba]Sluit[/b:9e6a1b44ba] Internet Explorer.
    [*:9e6a1b44ba]Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    [*:9e6a1b44ba]Klik de [b:9e6a1b44ba]Cookies verwijderen[/b:9e6a1b44ba] knop
    [*:9e6a1b44ba]Klik op de [b:9e6a1b44ba]Bestanden verwijderen[/b:9e6a1b44ba] knop ernaast
    [*:9e6a1b44ba][b:9e6a1b44ba]Vink aan[/b:9e6a1b44ba]: Ook alle off line items verwijderen, klik OK[/list:u:9e6a1b44ba]* [u:9e6a1b44ba]Clean de Cache and Cookies in Firefox[/color:9e6a1b44ba][/u:9e6a1b44ba] (In geval Firefox geïnstalleerd is):[list:9e6a1b44ba][*:9e6a1b44ba]Go to Extra > Opties.
    [*:9e6a1b44ba]Klik [b:9e6a1b44ba]Privacy[/b:9e6a1b44ba] in het menu.
    [*:9e6a1b44ba]Klik op de knop [b:9e6a1b44ba]Wissen[/b:9e6a1b44ba] (Geschiedenis, Cookies, Cache).
    [*:9e6a1b44ba]Klik OK om het venster opnieuw te sluiten.[/list:u:9e6a1b44ba] * [u:9e6a1b44ba]Clean andere Temporary files + Prullenbak[/color:9e6a1b44ba][/u:9e6a1b44ba][list:9e6a1b44ba][*:9e6a1b44ba]Ga naar Start > Uitvoeren en typ: [b:9e6a1b44ba]cleanmgr[/b:9e6a1b44ba] en klik ok.
    [*:9e6a1b44ba]Laat het je systeem scannen op bestanden die moeten verwijderd worden
    [*:9e6a1b44ba]Zorg er wel voor dat je daar [b:9e6a1b44ba]enkel[/b:9e6a1b44ba] maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    [*:9e6a1b44ba]Klik daarna op OK.[/list:u:9e6a1b44ba]

    wil je daarna een nieuw logje maken aub.
  • Ik heb alleen C: laten opruimen, waar alle programmafiles staan. Of moet ik de andere partities/schijven ook doen?

    Logfile of HijackThis v1.99.1
    Scan saved at 13:17:24, on 26-6-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe
    C:\windows\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Progs\Norton SystemWorks 2005\Norton AntiVirus
    avapsvc.exe
    C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\Explorer.EXE
    C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\windows\SOUNDMAN.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Progs\Medionkeyboard\KbdAp32A.exe
    C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
    C:\Progs\HandyFind\HandyFind.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Progs\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Progs\TrojanHunter 4.5\THGuard.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Progs\Nuria\Nuria.exe
    C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe
    C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe
    C:\windows\system32\fxssvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\windows\system32\svchost.exe
    C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Progs\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Progs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Progs\Medionkeyboard\KbdAp32A.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Progs\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
    O4 - HKLM\..\Run: [HandyFind Utility] C:\Progs\HandyFind\HandyFind.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AcctMgr] C:\Progs\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Progs\TrojanHunter 4.5\THGuard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Progs\Norton SystemWorks 2005\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [Nuria] C:\Progs\Nuria\Nuria.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Elsevier Bedrijfsinformatie bv.lnk = C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Download with GetRight - C:\Progs\GetRight\GRdownload.htm
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Open with GetRight Browser - C:\Progs\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129405640000
    O16 - DPF: {A0D8CBD7-1223-4A64-B603-D6680A055A08} (FRSActiveX) - https://secured.payvisionbilling.com/DownloadManager/FRSActiveX.ocx
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Tja schoonmaken bedoel ik wel eigenlijk alles mee, maar doe eerst onderstaand tooltje even.



    * Download [b:a6fecc8380]Dr.Web CureIt[/b:a6fecc8380] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    [list:a6fecc8380]
    [*:a6fecc8380]Dubbelklik [b:a6fecc8380]drweb-cureit.exe[/b:a6fecc8380] en sta het toe om de express scan te starten.
    [*:a6fecc8380]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    [*:a6fecc8380]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
    [*:a6fecc8380]Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    [*:a6fecc8380]Klik daarna de [b:a6fecc8380]groene pijl[/b:a6fecc8380] rechts om de scan te starten.
    [*:a6fecc8380]Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    [*:a6fecc8380]Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:a6fecc8380]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:a6fecc8380]
    [*:a6fecc8380]Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:a6fecc8380]Move incurable[/b:a6fecc8380] zoals je zal zien in volgende afbeelding:
    [img:a6fecc8380]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:a6fecc8380]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    [*:a6fecc8380]Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:a6fecc8380]file[/b:a6fecc8380] en kies [b:a6fecc8380]save report list[/b:a6fecc8380]. Bewaar de log op je bureaublad.
    [*:a6fecc8380]Sluit daarna Dr.Web Cureit.
    [*:a6fecc8380][b:a6fecc8380]Herstart[/b:a6fecc8380] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    [*:a6fecc8380]Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.
    [/list:u:a6fecc8380]

    Zijn er meerdere accounts op deze pc, zo ja dan van elk account een HJT logje.


    bvd
    Juisterr
  • Hallo Eric,

    Het is een csv file-tje, ik weet niet of en hoe ik dat hier aan kan hechten. Maar er staat er maar één in, en dat is deze:

    LUINSDLL.DLL C:\Program Files\Symantec\LiveUpdate Probably BACKDOOR.Trojan Moved.

    Er stond ook nog een 111.mtf in, van een helpfile die bij de Consumentenbond Belastinggids 2003 hoorde. Die is "gemoved", maar waar naar toe zie ik niet, maar ik heb 'm sowieso niet meer nodig!
    Is die LUINSDLLL.DLL ook niet de gewone Live Update flie?

    Alvast bedankt voor je suggesties!
  • Hallo Eric,
    Stom, ik had gelijk even kunnen Googelen. Dat heb ik alsnog gedaan, het blijkt Trojan.Tooso.O te zijn :-( Als ik bij virusalert kijk dan word ik niet vrolijk van de lijst wat je allemaal moet doen om er van af te komen. Volgens Symantec vangt NAV het virus af - bij mij dus mooi niet…
    Voorlopig laat ik Norton nog maar eens draaien met "alle bestanden".
    Je hoort nog hoe het afgelopen is.
    Rob
  • Ik blijk het toch te simpel gezien te hebben… Het was geen 1-op-1 vermelding, maar meer dat dat virus de LUINSDLL.DLL zou kunnen uitschakelen :-(
    Ook de wijzigingen die de trojan zou aanbrengen tref ik niet aan.
    Maar wat kan het dan zijn?

    Rob
  • Uit wanhoop heb ik maar eens RootkitRevealer gedraaid, die ik in dit forum genoemd zag. Maar uit de resultaten kan ik niet wijs worden. Kan jij er iets over zeggen - of heb ik het niet goed gedaan? Het is een hele waslijst…

    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 27-6-2006 13:57 80 bytes Data mismatch between Windows API and raw hive data.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Application Data\Microsoft\Messenger\mail@r-bornkamp.speedlinq.nl\SharingMetadata\Working\database_7E18_6304_1862_BAB3\fsr000B7.log 27-6-2006 14:33 128.00 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\_tc\RootkitRevealer.chm 7-12-2005 15:19 99.77 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Cookies\r. bornkamp@computertotaal[1].txt 27-6-2006 13:52 211 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Cookies\r. bornkamp@computertotaal[2].txt 27-6-2006 14:36 212 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\134518512144201763bb71e[1].jpg 27-6-2006 14:36 1.46 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\arrow[1].gif 27-6-2006 14:23 99 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\CAG1MZM7.net%2Fforum%2Flist_messages%2F1142561&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true 27-6-2006 14:23 2.61 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\CAMJCTIN.htm 27-6-2006 14:23 5.52 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\forum;tile=1;dcopt=ist;sz=468x60;ord=9405930929022508[2] 27-6-2006 14:36 326 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\forum[1].htm 27-6-2006 13:49 31.12 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\kaspersky1zu.th[1].jpg 27-6-2006 14:36 3.88 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\search[10].htm 27-6-2006 14:23 14 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\search[11].htm 27-6-2006 14:23 14 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\viewtopic[1].htm 27-6-2006 13:52 75.29 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\CA10RYN7.net%2Fforum%2Flist_messages%2F1142561&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true 27-6-2006 14:23 2.04 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\CA3ORHQV.htm 27-6-2006 14:23 8.40 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\icon_confused[2].gif 27-6-2006 14:36 171 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\icon_hand[1].gif 27-6-2006 14:23 147 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\laatstefout8of.th[1].jpg 27-6-2006 14:36 4.54 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\online[1].gif 27-6-2006 14:23 120 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\search[11].htm 27-6-2006 14:23 14 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\73[1].htm 27-6-2006 14:23 19.08 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\CAKOMYLZ.htm 27-6-2006 14:23 5.24 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\forum;tile=1;dcopt=ist;sz=468x60;ord=7331640295533738[2] 27-6-2006 14:36 299 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\myreact[1].gif 27-6-2006 14:23 173 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\Open_off[1].gif 27-6-2006 14:23 116 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\search[8].htm 27-6-2006 14:36 14 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\search[9].htm 27-6-2006 14:36 14 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\viewtopic[1].htm 27-6-2006 14:36 56.20 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAJKUTWV.htm 27-6-2006 14:23 5.37 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAO16VWT.gif 27-6-2006 14:36 43 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAOQ8Q26.htm 27-6-2006 14:23 9.58 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAU7C12Z.gif 27-6-2006 14:36 43 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0
    b-myreact[1].gif 27-6-2006 14:23 1.12 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\post[2].gif 27-6-2006 14:23 101 bytes Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~DFE639.tmp 27-6-2006 13:59 16.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~DFE69D.tmp 27-6-2006 13:59 512 bytes Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~WRF0001.tmp 27-6-2006 14:20 16.00 KB Hidden from Windows API.
    C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~WRS0000.tmp 27-6-2006 14:17 49.15 KB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00010311.RDB 24-6-2006 9:07 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010312.RDB 24-6-2006 9:09 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010313.RDB 24-6-2006 9:17 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010314.RDB 24-6-2006 9:19 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010315.lnk 13-5-2006 21:52 618 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010316.exe 23-4-2006 14:24 1.54 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010317.exe 13-5-2006 21:52 658.94 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010318.000 24-6-2006 9:25 1.18 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010319.RDB 24-6-2006 9:22 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010320.000 24-6-2006 9:26 1.18 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010321.000 24-6-2006 9:29 1.65 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010322.RDB 24-6-2006 9:26 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010323.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010324.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010325.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010326.dot 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010327.LNK 19-6-2006 15:55 890 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010328.lnk 19-6-2006 15:55 775 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010329.LNK 24-6-2006 8:45 1.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010330.lnk 24-6-2006 8:45 896 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010331.LNK 24-6-2006 8:45 1.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010332.lnk 24-6-2006 9:35 896 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010333.LNK 24-6-2006 8:45 1.01 KB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010334.lnk 24-6-2006 9:35 896 bytes Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010335.RDB 24-6-2006 9:33 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010336.RDB 24-6-2006 9:37 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010337.RDB 24-6-2006 9:39 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00010338.RDB 24-6-2006 9:43 2.94 MB Visible in Windows API, but not in MFT or directory index.
    C:\RECYCLER\NPROTECT\00011882.RDB 27-6-2006 13:53 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011883 27-6-2006 14:00 5.55 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011884.RDB 27-6-2006 13:59 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011885.RDB 27-6-2006 14:02 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011886.DIC 27-6-2006 14:05 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011887.DIC 27-6-2006 14:05 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011888.RDB 27-6-2006 14:04 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011889.RDB 27-6-2006 14:10 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011890.RDB 27-6-2006 14:15 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011891.DIC 27-6-2006 14:20 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011892.DIC 27-6-2006 14:20 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011893.RDB 27-6-2006 14:18 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011894.RDB 27-6-2006 14:22 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011895.DIC 27-6-2006 14:29 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011896.RDB 27-6-2006 14:24 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011897.RDB 27-6-2006 14:28 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011898.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011899.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011900.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011901.RDB 27-6-2006 14:34 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011902.RDB 27-6-2006 14:35 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011903.RDB 27-6-2006 14:37 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011904.RDB 27-6-2006 14:42 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011905.RDB 27-6-2006 14:44 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011906.RDB 27-6-2006 14:45 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011907.RDB 27-6-2006 14:48 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011908.RDB 27-6-2006 14:50 2.95 MB Hidden from Windows API.
    C:\RECYCLER\NPROTECT\00011909.RDB 27-6-2006 14:52 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165316.RDB 27-6-2006 13:53 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165317.RDB 24-6-2006 9:07 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165318.RDB 24-6-2006 9:09 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165319.RDB 27-6-2006 13:59 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165320.RDB 24-6-2006 9:17 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165321.RDB 27-6-2006 14:02 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165322.RDB 24-6-2006 9:19 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165323.lnk 13-5-2006 21:52 618 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165324.exe 23-4-2006 14:24 1.54 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165325.RDB 27-6-2006 14:04 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165326.exe 13-5-2006 21:52 658.94 KB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165327.RDB 27-6-2006 14:10 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165328.RDB 27-6-2006 14:15 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165329.RDB 24-6-2006 9:22 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165330.lnk 26-6-2006 13:18 606 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165331.lnk 26-6-2006 13:18 439 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165332.RDB 27-6-2006 14:18 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165333.RDB 24-6-2006 9:26 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165334.RDB 27-6-2006 14:22 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165335.RDB 27-6-2006 14:24 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165336.RDB 27-6-2006 14:28 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165337.LNK 19-6-2006 15:55 890 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165338.lnk 19-6-2006 15:55 775 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165339.LNK 24-6-2006 8:45 1.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165340.RDB 27-6-2006 14:31 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165341.lnk 24-6-2006 8:45 896 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165342.RDB 27-6-2006 14:34 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165343.LNK 27-6-2006 14:35 1.00 KB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165344.RDB 27-6-2006 14:35 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165345.lnk 27-6-2006 14:37 896 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165346.RDB 27-6-2006 14:37 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165347.LNK 27-6-2006 14:42 1.01 KB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165348.dll 27-6-2006 13:43 340.97 KB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165349.RDB 27-6-2006 14:42 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165350.lnk 27-6-2006 14:44 896 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165351.RDB 27-6-2006 14:44 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165352.RDB 27-6-2006 14:45 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165353.RDB 27-6-2006 14:45 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165354.RDB 27-6-2006 14:48 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165355.RDB 27-6-2006 14:48 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165356.RDB 27-6-2006 14:50 2.94 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165357.RDB 27-6-2006 14:50 2.95 MB Hidden from Windows API.
    C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165358.RDB 27-6-2006 14:52 2.94 MB Hidden from Windows API.
    C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 26-5-2006 7:08 252.00 KB Visible in Windows API, but not in MFT or directory index.
    C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 26-5-2006 7:08 111.50 KB Visible in Windows API, but not in MFT or directory index.
  • even goed kijken hoor. :-?
  • (Local Settings\Temp\Cookies
    Local Settings\Temp\Temporary Internet Files\Content.IE5
    C:\RECYCLER\NPROTECT
    C:\System Volume Information\_restore)

    Doe onderstaande even om eens goed op te ruimen.


    Leeg je temp-mappen ( NB de mappen leegmaken, niet verwijderen[/color:b1a1cf9462] !):

    C:\Documents and Settings\<Gebruikersnaam>\Local Settings\ [b:b1a1cf9462]Temp [/b:b1a1cf9462]
    C:\Documents and Settings\gebruikersnaam\Local Settings\[b:b1a1cf9462]Temporary [/b:b1a1cf9462][b:b1a1cf9462]Internet Files[/b:b1a1cf9462]
    C:\Documents and Settings\gebruikersnaam\Local Settings\[b:b1a1cf9462]Temporary [/b:b1a1cf9462][b:b1a1cf9462]Internet Files\content.ie5[/b:b1a1cf9462]

    Als deze map niet wordt weergegeven, ga dan naar de map temporary internet files en type er [b:b1a1cf9462]\content.ie5[/b:b1a1cf9462] achter in de adresbalk en klik enter.

    C:\Windows\[b:b1a1cf9462]Temp[/b:b1a1cf9462]

    open Internet en druk tegelijk op Ctrl (linksonderaan op het toetsenbord) en F5 (bovenaan je toetsenbord) zo leeg je simpel je Cache.

    Leeg je quarantaine box van je NORTON virusscanner.

    En misschien dubbelop maar toch maar doen.


    · [u:b1a1cf9462]Clean de Cache and Cookies in IE[/color:b1a1cf9462][/u:b1a1cf9462]:[list:b1a1cf9462][*:b1a1cf9462][b:b1a1cf9462]Sluit[/b:b1a1cf9462] Internet Explorer.
    [*:b1a1cf9462]Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    [*:b1a1cf9462]Klik de [b:b1a1cf9462]Cookies verwijderen[/b:b1a1cf9462] knop
    [*:b1a1cf9462]Klik op de [b:b1a1cf9462]Bestanden verwijderen[/b:b1a1cf9462] knop ernaast
    [*:b1a1cf9462][b:b1a1cf9462]Vink aan[/b:b1a1cf9462]: Ook alle off line items verwijderen, klik OK[/list:u:b1a1cf9462]* [u:b1a1cf9462]Clean de Cache and Cookies in Firefox[/color:b1a1cf9462][/u:b1a1cf9462] (In geval Firefox geïnstalleerd is):[list:b1a1cf9462][*:b1a1cf9462]Go to Extra > Opties.
    [*:b1a1cf9462]Klik [b:b1a1cf9462]Privacy[/b:b1a1cf9462] in het menu.
    [*:b1a1cf9462]Klik op de knop [b:b1a1cf9462]Wissen[/b:b1a1cf9462] (Geschiedenis, Cookies, Cache).
    [*:b1a1cf9462]Klik OK om het venster opnieuw te sluiten.[/list:u:b1a1cf9462] * [u:b1a1cf9462]Clean andere Temporary files + Prullenbak[/color:b1a1cf9462][/u:b1a1cf9462][list:b1a1cf9462][*:b1a1cf9462]Ga naar Start > Uitvoeren en typ: [b:b1a1cf9462]cleanmgr[/b:b1a1cf9462] en klik ok.
    [*:b1a1cf9462]Laat het je systeem scannen op bestanden die moeten verwijderd worden
    [*:b1a1cf9462]Zorg er wel voor dat je daar [b:b1a1cf9462]enkel[/b:b1a1cf9462] maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    [*:b1a1cf9462]Klik daarna op OK.[/list:u:b1a1cf9462]

    start opnieuw op en


    Download
    F-Secure Blacklight:
    Plaats het op je bureaublad.
    Dubbelklik [b:b1a1cf9462]blbeta.exe. [/b:b1a1cf9462]
    Klik op [b:b1a1cf9462]"I accept the agreement". [/b:b1a1cf9462]
    Klik op [b:b1a1cf9462]"Next". [/b:b1a1cf9462]
    Klik op [b:b1a1cf9462]"Scan"[/b:b1a1cf9462] en als het programma klaar is klik je daarna op [b:b1a1cf9462]"Next". [/b:b1a1cf9462]
    Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
    Laat nog niks hernoemen.
    Op je bureaublad staat een bestand met de naam [b:b1a1cf9462]fsbl.xxxxxxx.log [/b:b1a1cf9462](de x-en staan voor getallen)
    Dit is het logje dat blacklight gemaakt heeft. Post het hier,samen met een nieuw hijack logje

    succes
  • plak hem eens in de de site www.hijack.de
  • sorry www.hijackthis.de
  • Eens in de zoveel tijd komt er iemand met de analyser om de hoek als het ei van Columbus. Je moet die echt en alleen maar zien als een "hulpmiddel" want hij geeft ook vaak, "no file" aan bv terwijl dat fout is, en hij geeft legitieme items aan als "nasty" en andersom. Ik zou er niet blind op willen varen. En als hij al items vind die "nasty"zijn wat ga je er dan tegen doen?? Een infectie herkennen is 1 ding, weten wat je ertegen doen moet is heel iets anders.
  • ik zie het ook als een hulpmiddel,zoals alle progjes om je computer clean te houden.Ik denk gewoon alle kleine beetjes helpen,in geval van nood kun je toch systeem herstel gebruiken.Groet,
    René
  • hijackthis moet je niet mee grappen en grollen

    je kan je systeem volledig mee mollen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.