Vraag & Antwoord

Beveiliging & privacy

HijackThis.log ivm trojan

15 antwoorden
  • Sinds enige tijd krijg ik een melding van ZoneAlarm dat een programma verbinding zoekt met een website die ik nog nooit had bezocht. Op het oog is het een onschuldige vereniging, waarschijnlijk is hun computer gehackt. Ik zal het ze melden... maar hoe kom ik nou van die trojan af? Ik heb (volgens mij) een NAT in mijn modem en en op elke computer van mijn netwerkje zit ZoneAlarm en een dagelijks bijgewerkte Norton AV 2005, alsmede Windows Defender. Tevens draai ik 1x per week HitmanPro. Nooit een virusmelding gehad. Ik heb een proefversie van TrojanHunter gedraaid, maar die gaf geen afwijkingen aan. Wil iemand eens naar mijn HijachTis log kijken of daar wat in te zien is? Logfile of HijackThis v1.99.1 Scan saved at 9:24:49, on 26-6-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\System32\PackethSvc.exe C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe C:\windows\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\windows\SOUNDMAN.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Progs\Medionkeyboard\KbdAp32A.exe C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe C:\Progs\HandyFind\HandyFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\UPHClean\uphclean.exe C:\Progs\Norton Password Manager\AcctMgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Progs\TrojanHunter 4.5\THGuard.exe C:\windows\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Progs\Nuria\Nuria.exe C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe C:\windows\system32\fxssvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\svchost.exe C:\Progs\TotalCmd\TOTALCMD.EXE C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\R5DEB~1.BOR\LOCALS~1\Temp\_tc\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Index.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Progs\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Progs\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Progs\Medionkeyboard\KbdAp32A.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Progs\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Omnipage] C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe O4 - HKLM\..\Run: [HandyFind Utility] C:\Progs\HandyFind\HandyFind.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [AcctMgr] C:\Progs\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [THGuard] "C:\Progs\TrojanHunter 4.5\THGuard.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Progs\Norton SystemWorks 2005\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [Nuria] C:\Progs\Nuria\Nuria.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elsevier Bedrijfsinformatie bv.lnk = C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe O4 - Global Startup: Norton GoBack.lnk = C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download with GetRight - C:\Progs\GetRight\GRdownload.htm O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Open with GetRight Browser - C:\Progs\GetRight\GRbrowse.htm O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11294 05640000 O16 - DPF: {A0D8CBD7-1223-4A64-B603-D6680A055A08} (FRSActiveX) - https://secured.payvisionbilling.com/DownloadManager/FRSActiveX.ocx O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Alvast bedankt, Rob
  • * [u:9e6a1b44ba]Clean de Cache and Cookies in [color=blue:9e6a1b44ba]IE[/color:9e6a1b44ba][/u:9e6a1b44ba]:[list:9e6a1b44ba][*:9e6a1b44ba][b:9e6a1b44ba]Sluit[/b:9e6a1b44ba] Internet Explorer. [*:9e6a1b44ba]Ga naar Configuratiescherm > Internet Opties > tab Algemeen [*:9e6a1b44ba]Klik de [b:9e6a1b44ba]Cookies verwijderen[/b:9e6a1b44ba] knop [*:9e6a1b44ba]Klik op de [b:9e6a1b44ba]Bestanden verwijderen[/b:9e6a1b44ba] knop ernaast [*:9e6a1b44ba][b:9e6a1b44ba]Vink aan[/b:9e6a1b44ba]: Ook alle off line items verwijderen, klik OK[/list:u:9e6a1b44ba]* [u:9e6a1b44ba]Clean de Cache and Cookies in [color=blue:9e6a1b44ba]Firefox[/color:9e6a1b44ba][/u:9e6a1b44ba] (In geval Firefox geïnstalleerd is):[list:9e6a1b44ba][*:9e6a1b44ba]Go to Extra > Opties. [*:9e6a1b44ba]Klik [b:9e6a1b44ba]Privacy[/b:9e6a1b44ba] in het menu. [*:9e6a1b44ba]Klik op de knop [b:9e6a1b44ba]Wissen[/b:9e6a1b44ba] (Geschiedenis, Cookies, Cache). [*:9e6a1b44ba]Klik OK om het venster opnieuw te sluiten.[/list:u:9e6a1b44ba] * [u:9e6a1b44ba]Clean [color=blue:9e6a1b44ba]andere Temporary files + Prullenbak[/color:9e6a1b44ba][/u:9e6a1b44ba][list:9e6a1b44ba][*:9e6a1b44ba]Ga naar Start > Uitvoeren en typ: [b:9e6a1b44ba]cleanmgr[/b:9e6a1b44ba] en klik ok. [*:9e6a1b44ba]Laat het je systeem scannen op bestanden die moeten verwijderd worden [*:9e6a1b44ba]Zorg er wel voor dat je daar [b:9e6a1b44ba]enkel[/b:9e6a1b44ba] maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt. [*:9e6a1b44ba]Klik daarna op OK.[/list:u:9e6a1b44ba] wil je daarna een nieuw logje maken aub.
  • Ik heb alleen C: laten opruimen, waar alle programmafiles staan. Of moet ik de andere partities/schijven ook doen? Logfile of HijackThis v1.99.1 Scan saved at 13:17:24, on 26-6-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\System32\PackethSvc.exe C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe C:\windows\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\windows\SOUNDMAN.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Progs\Medionkeyboard\KbdAp32A.exe C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe C:\Progs\HandyFind\HandyFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\UPHClean\uphclean.exe C:\Progs\Norton Password Manager\AcctMgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Progs\TrojanHunter 4.5\THGuard.exe C:\windows\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Progs\Nuria\Nuria.exe C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe C:\windows\system32\fxssvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\svchost.exe C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Index.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Progs\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Progs\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Progs\Medionkeyboard\KbdAp32A.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Progs\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Omnipage] C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe O4 - HKLM\..\Run: [HandyFind Utility] C:\Progs\HandyFind\HandyFind.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [AcctMgr] C:\Progs\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [THGuard] "C:\Progs\TrojanHunter 4.5\THGuard.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Progs\Norton SystemWorks 2005\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [Nuria] C:\Progs\Nuria\Nuria.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elsevier Bedrijfsinformatie bv.lnk = C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe O4 - Global Startup: Norton GoBack.lnk = C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download with GetRight - C:\Progs\GetRight\GRdownload.htm O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Open with GetRight Browser - C:\Progs\GetRight\GRbrowse.htm O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129405640000 O16 - DPF: {A0D8CBD7-1223-4A64-B603-D6680A055A08} (FRSActiveX) - https://secured.payvisionbilling.com/DownloadManager/FRSActiveX.ocx O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Tja schoonmaken bedoel ik wel eigenlijk alles mee, maar doe eerst onderstaand tooltje even. * Download [b:a6fecc8380]Dr.Web CureIt[/b:a6fecc8380] naar je bureaublad: [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe[/url] [list:a6fecc8380] [*:a6fecc8380]Dubbelklik [b:a6fecc8380]drweb-cureit.exe[/b:a6fecc8380] en sta het toe om de express scan te starten. [*:a6fecc8380]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. [*:a6fecc8380]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen. [*:a6fecc8380]Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. [*:a6fecc8380]Klik daarna de [b:a6fecc8380]groene pijl[/b:a6fecc8380] rechts om de scan te starten. [*:a6fecc8380]Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. [*:a6fecc8380]Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:a6fecc8380]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:a6fecc8380] [*:a6fecc8380]Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:a6fecc8380]Move incurable[/b:a6fecc8380] zoals je zal zien in volgende afbeelding: [img:a6fecc8380]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:a6fecc8380] Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) [*:a6fecc8380]Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:a6fecc8380]file[/b:a6fecc8380] en kies [b:a6fecc8380]save report list[/b:a6fecc8380]. Bewaar de log op je bureaublad. [*:a6fecc8380]Sluit daarna Dr.Web Cureit. [*:a6fecc8380][b:a6fecc8380]Herstart[/b:a6fecc8380] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. [*:a6fecc8380]Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. [/list:u:a6fecc8380] Zijn er meerdere accounts op deze pc, zo ja dan van elk account een HJT logje. bvd Juisterr
  • Hallo Eric, Het is een csv file-tje, ik weet niet of en hoe ik dat hier aan kan hechten. Maar er staat er maar één in, en dat is deze: LUINSDLL.DLL C:\Program Files\Symantec\LiveUpdate Probably BACKDOOR.Trojan Moved. Er stond ook nog een 111.mtf in, van een helpfile die bij de Consumentenbond Belastinggids 2003 hoorde. Die is "gemoved", maar waar naar toe zie ik niet, maar ik heb 'm sowieso niet meer nodig! Is die LUINSDLLL.DLL ook niet de gewone Live Update flie? Alvast bedankt voor je suggesties!
  • Hallo Eric, Stom, ik had gelijk even kunnen Googelen. Dat heb ik alsnog gedaan, het blijkt Trojan.Tooso.O te zijn :-( Als ik bij virusalert kijk dan word ik niet vrolijk van de lijst wat je allemaal moet doen om er van af te komen. Volgens Symantec vangt NAV het virus af - bij mij dus mooi niet... Voorlopig laat ik Norton nog maar eens draaien met "alle bestanden". Je hoort nog hoe het afgelopen is. Rob
  • Ik blijk het toch te simpel gezien te hebben... Het was geen 1-op-1 vermelding, maar meer dat dat virus de LUINSDLL.DLL zou kunnen uitschakelen :-( Ook de wijzigingen die de trojan zou aanbrengen tref ik niet aan. Maar wat kan het dan zijn? Rob
  • Uit wanhoop heb ik maar eens RootkitRevealer gedraaid, die ik in dit forum genoemd zag. Maar uit de resultaten kan ik niet wijs worden. Kan jij er iets over zeggen - of heb ik het niet goed gedaan? Het is een hele waslijst... HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 27-6-2006 13:57 80 bytes Data mismatch between Windows API and raw hive data. C:\Documents and Settings\R. Bornkamp\Local Settings\Application Data\Microsoft\Messenger\mail@r-bornkamp.speedlinq.nl\SharingMetadata\Working\database_7E18_6304_1862_BAB3\fsr000B7.log 27-6-2006 14:33 128.00 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\_tc\RootkitRevealer.chm 7-12-2005 15:19 99.77 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Cookies\r. bornkamp@computertotaal[1].txt 27-6-2006 13:52 211 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Cookies\r. bornkamp@computertotaal[2].txt 27-6-2006 14:36 212 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\134518512144201763bb71e[1].jpg 27-6-2006 14:36 1.46 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\arrow[1].gif 27-6-2006 14:23 99 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\CAG1MZM7.net%2Fforum%2Flist_messages%2F1142561&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true 27-6-2006 14:23 2.61 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\CAMJCTIN.htm 27-6-2006 14:23 5.52 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\forum;tile=1;dcopt=ist;sz=468x60;ord=9405930929022508[2] 27-6-2006 14:36 326 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\forum[1].htm 27-6-2006 13:49 31.12 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\kaspersky1zu.th[1].jpg 27-6-2006 14:36 3.88 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\search[10].htm 27-6-2006 14:23 14 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\search[11].htm 27-6-2006 14:23 14 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\viewtopic[1].htm 27-6-2006 13:52 75.29 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\CA10RYN7.net%2Fforum%2Flist_messages%2F1142561&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true 27-6-2006 14:23 2.04 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\CA3ORHQV.htm 27-6-2006 14:23 8.40 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\icon_confused[2].gif 27-6-2006 14:36 171 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\icon_hand[1].gif 27-6-2006 14:23 147 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\laatstefout8of.th[1].jpg 27-6-2006 14:36 4.54 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\online[1].gif 27-6-2006 14:23 120 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\search[11].htm 27-6-2006 14:23 14 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\73[1].htm 27-6-2006 14:23 19.08 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\CAKOMYLZ.htm 27-6-2006 14:23 5.24 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\forum;tile=1;dcopt=ist;sz=468x60;ord=7331640295533738[2] 27-6-2006 14:36 299 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\myreact[1].gif 27-6-2006 14:23 173 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\Open_off[1].gif 27-6-2006 14:23 116 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\search[8].htm 27-6-2006 14:36 14 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\search[9].htm 27-6-2006 14:36 14 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\viewtopic[1].htm 27-6-2006 14:36 56.20 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAJKUTWV.htm 27-6-2006 14:23 5.37 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAO16VWT.gif 27-6-2006 14:36 43 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAOQ8Q26.htm 27-6-2006 14:23 9.58 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAU7C12Z.gif 27-6-2006 14:36 43 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\nb-myreact[1].gif 27-6-2006 14:23 1.12 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\post[2].gif 27-6-2006 14:23 101 bytes Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~DFE639.tmp 27-6-2006 13:59 16.00 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~DFE69D.tmp 27-6-2006 13:59 512 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~WRF0001.tmp 27-6-2006 14:20 16.00 KB Hidden from Windows API. C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~WRS0000.tmp 27-6-2006 14:17 49.15 KB Hidden from Windows API. C:\RECYCLER\NPROTECT\00010311.RDB 24-6-2006 9:07 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010312.RDB 24-6-2006 9:09 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010313.RDB 24-6-2006 9:17 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010314.RDB 24-6-2006 9:19 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010315.lnk 13-5-2006 21:52 618 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010316.exe 23-4-2006 14:24 1.54 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010317.exe 13-5-2006 21:52 658.94 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010318.000 24-6-2006 9:25 1.18 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010319.RDB 24-6-2006 9:22 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010320.000 24-6-2006 9:26 1.18 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010321.000 24-6-2006 9:29 1.65 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010322.RDB 24-6-2006 9:26 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010323.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010324.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010325.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010326.dot 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010327.LNK 19-6-2006 15:55 890 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010328.lnk 19-6-2006 15:55 775 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010329.LNK 24-6-2006 8:45 1.00 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010330.lnk 24-6-2006 8:45 896 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010331.LNK 24-6-2006 8:45 1.00 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010332.lnk 24-6-2006 9:35 896 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010333.LNK 24-6-2006 8:45 1.01 KB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010334.lnk 24-6-2006 9:35 896 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010335.RDB 24-6-2006 9:33 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010336.RDB 24-6-2006 9:37 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010337.RDB 24-6-2006 9:39 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00010338.RDB 24-6-2006 9:43 2.94 MB Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00011882.RDB 27-6-2006 13:53 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011883 27-6-2006 14:00 5.55 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011884.RDB 27-6-2006 13:59 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011885.RDB 27-6-2006 14:02 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011886.DIC 27-6-2006 14:05 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011887.DIC 27-6-2006 14:05 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011888.RDB 27-6-2006 14:04 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011889.RDB 27-6-2006 14:10 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011890.RDB 27-6-2006 14:15 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011891.DIC 27-6-2006 14:20 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011892.DIC 27-6-2006 14:20 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011893.RDB 27-6-2006 14:18 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011894.RDB 27-6-2006 14:22 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011895.DIC 27-6-2006 14:29 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011896.RDB 27-6-2006 14:24 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011897.RDB 27-6-2006 14:28 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011898.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011899.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011900.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00011901.RDB 27-6-2006 14:34 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011902.RDB 27-6-2006 14:35 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011903.RDB 27-6-2006 14:37 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011904.RDB 27-6-2006 14:42 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011905.RDB 27-6-2006 14:44 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011906.RDB 27-6-2006 14:45 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011907.RDB 27-6-2006 14:48 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011908.RDB 27-6-2006 14:50 2.95 MB Hidden from Windows API. C:\RECYCLER\NPROTECT\00011909.RDB 27-6-2006 14:52 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165316.RDB 27-6-2006 13:53 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165317.RDB 24-6-2006 9:07 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165318.RDB 24-6-2006 9:09 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165319.RDB 27-6-2006 13:59 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165320.RDB 24-6-2006 9:17 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165321.RDB 27-6-2006 14:02 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165322.RDB 24-6-2006 9:19 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165323.lnk 13-5-2006 21:52 618 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165324.exe 23-4-2006 14:24 1.54 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165325.RDB 27-6-2006 14:04 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165326.exe 13-5-2006 21:52 658.94 KB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165327.RDB 27-6-2006 14:10 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165328.RDB 27-6-2006 14:15 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165329.RDB 24-6-2006 9:22 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165330.lnk 26-6-2006 13:18 606 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165331.lnk 26-6-2006 13:18 439 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165332.RDB 27-6-2006 14:18 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165333.RDB 24-6-2006 9:26 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165334.RDB 27-6-2006 14:22 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165335.RDB 27-6-2006 14:24 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165336.RDB 27-6-2006 14:28 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165337.LNK 19-6-2006 15:55 890 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165338.lnk 19-6-2006 15:55 775 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165339.LNK 24-6-2006 8:45 1.00 KB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165340.RDB 27-6-2006 14:31 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165341.lnk 24-6-2006 8:45 896 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165342.RDB 27-6-2006 14:34 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165343.LNK 27-6-2006 14:35 1.00 KB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165344.RDB 27-6-2006 14:35 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165345.lnk 27-6-2006 14:37 896 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165346.RDB 27-6-2006 14:37 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165347.LNK 27-6-2006 14:42 1.01 KB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165348.dll 27-6-2006 13:43 340.97 KB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165349.RDB 27-6-2006 14:42 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165350.lnk 27-6-2006 14:44 896 bytes Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165351.RDB 27-6-2006 14:44 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165352.RDB 27-6-2006 14:45 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165353.RDB 27-6-2006 14:45 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165354.RDB 27-6-2006 14:48 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165355.RDB 27-6-2006 14:48 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165356.RDB 27-6-2006 14:50 2.94 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165357.RDB 27-6-2006 14:50 2.95 MB Hidden from Windows API. C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165358.RDB 27-6-2006 14:52 2.94 MB Hidden from Windows API. C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 26-5-2006 7:08 252.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 26-5-2006 7:08 111.50 KB Visible in Windows API, but not in MFT or directory index.
  • even goed kijken hoor. :-?
  • (Local Settings\Temp\Cookies Local Settings\Temp\Temporary Internet Files\Content.IE5 C:\RECYCLER\NPROTECT C:\System Volume Information\_restore) Doe onderstaande even om eens goed op te ruimen. Leeg je temp-mappen ( [color=blue:b1a1cf9462]NB de mappen leegmaken, niet verwijderen[/color:b1a1cf9462] !): C:\Documents and Settings\<Gebruikersnaam>\Local Settings\ [b:b1a1cf9462]Temp [/b:b1a1cf9462] C:\Documents and Settings\gebruikersnaam\Local Settings\[b:b1a1cf9462]Temporary [/b:b1a1cf9462][b:b1a1cf9462]Internet Files[/b:b1a1cf9462] C:\Documents and Settings\gebruikersnaam\Local Settings\[b:b1a1cf9462]Temporary [/b:b1a1cf9462][b:b1a1cf9462]Internet Files\content.ie5[/b:b1a1cf9462] Als deze map niet wordt weergegeven, ga dan naar de map temporary internet files en type er [b:b1a1cf9462]\content.ie5[/b:b1a1cf9462] achter in de adresbalk en klik enter. C:\Windows\[b:b1a1cf9462]Temp[/b:b1a1cf9462] open Internet en druk tegelijk op Ctrl (linksonderaan op het toetsenbord) en F5 (bovenaan je toetsenbord) zo leeg je simpel je Cache. Leeg je quarantaine box van je NORTON virusscanner. En misschien dubbelop maar toch maar doen. · [u:b1a1cf9462]Clean de Cache and Cookies in [color=blue:b1a1cf9462]IE[/color:b1a1cf9462][/u:b1a1cf9462]:[list:b1a1cf9462][*:b1a1cf9462][b:b1a1cf9462]Sluit[/b:b1a1cf9462] Internet Explorer. [*:b1a1cf9462]Ga naar Configuratiescherm > Internet Opties > tab Algemeen [*:b1a1cf9462]Klik de [b:b1a1cf9462]Cookies verwijderen[/b:b1a1cf9462] knop [*:b1a1cf9462]Klik op de [b:b1a1cf9462]Bestanden verwijderen[/b:b1a1cf9462] knop ernaast [*:b1a1cf9462][b:b1a1cf9462]Vink aan[/b:b1a1cf9462]: Ook alle off line items verwijderen, klik OK[/list:u:b1a1cf9462]* [u:b1a1cf9462]Clean de Cache and Cookies in [color=blue:b1a1cf9462]Firefox[/color:b1a1cf9462][/u:b1a1cf9462] (In geval Firefox geïnstalleerd is):[list:b1a1cf9462][*:b1a1cf9462]Go to Extra > Opties. [*:b1a1cf9462]Klik [b:b1a1cf9462]Privacy[/b:b1a1cf9462] in het menu. [*:b1a1cf9462]Klik op de knop [b:b1a1cf9462]Wissen[/b:b1a1cf9462] (Geschiedenis, Cookies, Cache). [*:b1a1cf9462]Klik OK om het venster opnieuw te sluiten.[/list:u:b1a1cf9462] * [u:b1a1cf9462]Clean [color=blue:b1a1cf9462]andere Temporary files + Prullenbak[/color:b1a1cf9462][/u:b1a1cf9462][list:b1a1cf9462][*:b1a1cf9462]Ga naar Start > Uitvoeren en typ: [b:b1a1cf9462]cleanmgr[/b:b1a1cf9462] en klik ok. [*:b1a1cf9462]Laat het je systeem scannen op bestanden die moeten verwijderd worden [*:b1a1cf9462]Zorg er wel voor dat je daar [b:b1a1cf9462]enkel[/b:b1a1cf9462] maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt. [*:b1a1cf9462]Klik daarna op OK.[/list:u:b1a1cf9462] start opnieuw op en Download [url=http://www.f-secure.com/blacklight/try.shtml]F-Secure Blacklight:[/url] Plaats het op je bureaublad. Dubbelklik [b:b1a1cf9462]blbeta.exe. [/b:b1a1cf9462] Klik op [b:b1a1cf9462]"I accept the agreement". [/b:b1a1cf9462] Klik op [b:b1a1cf9462]"Next". [/b:b1a1cf9462] Klik op [b:b1a1cf9462]"Scan"[/b:b1a1cf9462] en als het programma klaar is klik je daarna op [b:b1a1cf9462]"Next". [/b:b1a1cf9462] Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven. Laat nog niks hernoemen. Op je bureaublad staat een bestand met de naam [b:b1a1cf9462]fsbl.xxxxxxx.log [/b:b1a1cf9462](de x-en staan voor getallen) Dit is het logje dat blacklight gemaakt heeft. Post het hier,samen met een nieuw hijack logje succes
  • plak hem eens in de de site www.hijack.de
  • sorry www.hijackthis.de
  • Eens in de zoveel tijd komt er iemand met de analyser om de hoek als het ei van Columbus. Je moet die echt en alleen maar zien als een "hulpmiddel" want hij geeft ook vaak, "no file" aan bv terwijl dat fout is, en hij geeft legitieme items aan als "nasty" en andersom. Ik zou er niet blind op willen varen. En als hij al items vind die "nasty"zijn wat ga je er dan tegen doen?? Een infectie herkennen is 1 ding, weten wat je ertegen doen moet is heel iets anders.
  • ik zie het ook als een hulpmiddel,zoals alle progjes om je computer clean te houden.Ik denk gewoon alle kleine beetjes helpen,in geval van nood kun je toch systeem herstel gebruiken.Groet, René
  • hijackthis moet je niet mee grappen en grollen je kan je systeem volledig mee mollen

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.