Vraag & Antwoord
HijackThis logfile
3 antwoorden
- kheb gemerkt dat er vaak Combofix wordt aangeraden dus heb dat al even laten lopen en daarna terug hijackthis
hier de logfiles, zijn er nog dingen die verwijdert moeten worden?
[b:3696847faf]ComboFix.txt[/b:3696847faf]
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))
2007-05-11 23:03 <DIR> d——– C:\WINDOWS\LastGood
2007-05-11 22:35 664 –a—— C:\WINDOWS\system32\d3d9caps.dat
2007-05-11 22:33 <DIR> d——– C:\DOCUME~1\ADMINI~1\Contacts
2007-05-11 21:50 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-11 21:30 <DIR> d——– C:\Program Files\Lavasoft
2007-05-11 21:30 <DIR> d——– C:\DOCUME~1\Eddy\APPLIC~1\Lavasoft
2007-05-09 22:54 1,572,864 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-09 22:54 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-05-09 22:54 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-05-09 22:54 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
2007-05-09 22:54 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
2007-05-09 22:54 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
2007-05-09 22:54 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-05-09 22:54 <DIR> d—s—- C:\DOCUME~1\ADMINI~1\UserData
2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bluetooth Software
2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-05-09 22:38 <DIR> d——– C:\Program Files\Raxco
2007-05-09 22:38 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-09 16:31 <DIR> d——– C:\Program Files\Leuven
2007-05-08 20:23 <DIR> dr-h—– C:\DOCUME~1\Eddy\Onlangs geopend
2007-05-08 17:08 17,920 –a—— C:\WINDOWS\system32\mdimon.dll
2007-05-08 17:05 <DIR> d——– C:\Program Files\Microsoft.NET
2007-05-07 13:04 <DIR> d——– C:\DOCUME~1\Eddy\APPLIC~1\omnitrans
2007-05-07 12:59 <DIR> d——– C:\Program Files\Omnitrans International
2007-05-03 18:10 <DIR> d——– C:\WINDOWS\.file_store_32
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-09 17:14:58 5,898 —-a-w C:\DOCUME~1\Eddy\APPLIC~1\wklnhst.dat
2007-05-02 19:33:42 ——– d—–w C:\Program Files\Rubies of Eventide
2007-04-29 09:26:30 ——– d—–w C:\Program Files\mIRC
2007-04-12 12:29:13 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\uTorrent
2007-04-09 16:05:34 ——– d—–w C:\Program Files\PokerAssist
2007-04-08 08:05:01 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\U3
2007-04-04 14:22:35 ——– d—–w C:\Program Files\Xvid
2007-04-04 14:22:25 ——– d—–w C:\Program Files\AC3Filter
2007-04-03 07:50:30 ——– d—–w C:\Program Files\PakSpace.com_FlashFXP.v3.4.1.1168.Cracked
2007-04-03 07:48:52 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\FlashFXP
2007-03-28 13:32:49 64,144 —-a-w C:\DOCUME~1\Eddy\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-25 08:38:55 68,384 —-a-w C:\WINDOWS\system32\perfc013.dat
2007-03-25 08:38:55 437,960 —-a-w C:\WINDOWS\system32\perfh013.dat
2007-03-23 12:49:10 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\Opera
2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 12:55:17 ——– d—–w C:\Program Files\MoparScape
2007-02-20 11:48:07 34,988 —-a-w C:\WINDOWS\War3Unin.dat
2007-02-20 11:14:46 2,829 —-a-w C:\WINDOWS\War3Unin.pif
2007-02-20 11:14:46 126,976 —-a-w C:\WINDOWS\War3Unin.exe
2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll
2007-02-05 18:21:59 1,168 —-a-w C:\WINDOWS\mozver.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"
"{2F85D76C-0569-466F-A488-493E6BD0E955}"="C:\Program Files\Windows Desktop Search\dsWebAllow.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar3.dll"
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\Windows Live Toolbar\msntb.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
"HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
"LMgrOSD"="C:\\Program Files\\Launch Manager\\OSD.exe"
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"AVManager"="\"C:\\Program Files\\Wistron\\AVManager\\AVManager.exe\""
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
@=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"AntivirusRegistration"="c:\\program files\\antivirus offer\\etrust antivirus registration\\EzAntivirusRegistrationCheck.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
bthsvcs BthServ\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-11 23:33:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden services …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe?0???X??????|x??|????q??|?j?wQj?w????????,??? ???????????????`??????|????????l?????@????????????????s???????s???sx??s@??????????????|h??sp??????????s?????????????????C?sc"?sx??s???????w??@?N'?sd???=5@?p??????????
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-11 23:33:43
C:\ComboFix-quarantined-files.txt … 2007-05-11 23:33
[b:3696847faf]HijackThis log[/b:3696847faf]
Logfile of HijackThis v1.99.1
Scan saved at 23:39:46, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Wistron\AVManager\AVManager.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [AVManager] "C:\Program Files\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] c:\program files\antivirus offer\etrust antivirus registration\EzAntivirusRegistrationCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?0f91c8a3fa2d4bada5c2b00c320e406c
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?0f91c8a3fa2d4bada5c2b00c320e406c
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106390189065
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
alvast bedankt - hey,
ik heb wat problemen met men laptop en ik wou vragen of er misschien iemand van jullie eens naar men log file zou willen zien.
het probleem was dat men pc precies in schokken werkt. dus even normaal dan heel even hangt en dan terug normaal verder doet enzo door.
merci
grtz
edit oude logfile weggedaan - Combofix had in dit geval geen enkele zin.
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:b7e37eb464]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
[/b:b7e37eb464]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Open de verkenner ("Mijn Computer"en kies [b:b7e37eb464]Extra[/b:b7e37eb464] -> [b:b7e37eb464]Mapopties…[/b:b7e37eb464]
Controleer onder [b:b7e37eb464]Weergave[/b:b7e37eb464] de volgende instellingen:
Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen
Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven
Verwijder de volgende directories:
C:\Documents and Settings\Eddy\Mijn documenten\Wim\[b:b7e37eb464]PartyPoker[/b:b7e37eb464]\[b:b7e37eb464]PartyPoker[/b:b7e37eb464]\
[b:b7e37eb464]
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden