Mededeling

Collapse
No announcement yet.

Log wilka

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Log wilka

    Hallo,

    Wil iemena deven kijken naar onderstaande log?
    Ik word helemaal gek van die coolwebserach!!!!!

    Alvast bedankt!

    Logfile of HijackThis v1.98.2
    Scan saved at 20:58:48, on 23-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Classic PhoneTools\CapFax.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PocketCam 3Mega\ICON.EXE
    C:\lotus\wordpro\ltsstart.exe
    C:\lotus\smartctr\suitest.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cvxeukomawkefclycfvicnns.us/G2QV/rdPfS6hJj9/054KeMhBHGA_zBc4jL9wTAxXPmk19m10cOfwGzmggqPHG3KR.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pfvwpltmjf.com/G2QV/rdPfS5lwolx8XFTDQv0awxdezKOMRKllM4GEKY.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.wanadoo.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.wanadoo.nl;signup.wanadoo.nl;;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {459285FC-B088-BBC1-9989-D9C4D95C3946} - C:\DOCUME~1\KARINA~1\APPLIC~1\ProcLove\poll eggs.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [mp3regsbonelies] C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs\Mpegcake.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ball less] C:\DOCUME~1\KARINA~1\APPLIC~1\SETTIN~1\partextrameal.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    Labels: Geen
    • Citaat
  • #2
    Hoi KarinAx,


    1. Scan met HijackThis en vink de volgende items aan:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cvxeukomawkefclycfvicnns....mggqPHG3KR.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pfvwpltmjf.com/G2QV/rdPfS5lwo...KllM4GEKY.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

    O2 - BHO: (no name) - {459285FC-B088-BBC1-9989-D9C4D95C3946} - C:\DOCUME~1\KARINA~1\APPLIC~1\ProcLove\poll eggs.exe

    O4 - HKLM\..\Run: [mp3regsbonelies] C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs\Mpegcake.exe
    O4 - HKCU\..\Run: [ball less] C:\DOCUME~1\KARINA~1\APPLIC~1\SETTIN~1\partextrameal.exe
    Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

    2. Herstart de pc in veilige modus.
    Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

    Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
    Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

    Verwijder nu, in veilige modus dus, de volgende mappen:

    C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs <- die map
    C:\Documents and Settings\KARINA~1\Application Data\ProcLove <- die map
    C:\Documents and Settings\KARINA~1\Application Data\SETTIN~1 <- die map waar "partextrameal.exe" in zit

    3. Herstart de pc in 'normale modus'.

    4. Installeer de nieuwste versie van HijackThis, dat is 1.99.0: http://www.nucia.eu/downloads/hijackthis/index.html
    Maak daarmee een nieuw log en plaats dat hier.
    • Citaat

    Comment

    • #3
      Logfile of HijackThis v1.99.0
      Scan saved at 15:40:54, on 24-12-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Hierbij het nieuwe logje!!

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\System32\LXSUPMON.EXE
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Classic PhoneTools\CapFax.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\PocketCam 3Mega\ICON.EXE
      C:\lotus\wordpro\ltsstart.exe
      C:\lotus\smartctr\suitest.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Documents and Settings\karin ax\Local Settings\Temporary Internet Files\Content.IE5\1FR7H9SE\hijackthis[1].exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.wanadoo.nl:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.wanadoo.nl;signup.wanadoo.nl;;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
      O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [mp3regsbonelies] C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs\Mpegcake.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
      O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl/
      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
      O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
      O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      • Citaat

      Comment

      • #4
        Hoi KarinAx,

        Je hebt HijackThis nu vanuit de map tijdelijke internetbestanden gedraaid. Dat is niet zo handig, want die map wordt nogal eens geleegd en dan ben je niet alleen HijackThis zelf kwijt maar de back-ups die het zal aanmaken ook.
        Ik raad je daarom aan HijackThis 1.99.0 even te unzippen naar de map C:\Program Files\hijackthis. Je kunt de oude versie dan vervangen door de nieuwe.

        We zijn nog niet helemaal klaar.

        1. Scan met HijackThis en vink het volgende item aan:

        O4 - HKLM\..\Run: [mp3regsbonelies] C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs\Mpegcake.exe

        Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

        2. Herstart de pc in veilige modus en verwijder de volgende map:

        C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs <- die map

        3. Herstart de pc in 'normale modus'.

        4. Maak een nieuw log en plaats dat hier.
        • Citaat

        Comment

        • #5
          Hierbij weer hetnieuwe logje.

          Ik moest de de map C:\documents and Settings\All Users\Application Data\DentfilmMp3Regs verwijderen alleen deze stond er niet.


          Logfile of HijackThis v1.99.0
          Scan saved at 13:32:16, on 25-12-2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\SOUNDMAN.EXE
          C:\WINDOWS\System32\LXSUPMON.EXE
          C:\Program Files\Classic PhoneTools\CapFax.EXE
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Messenger Plus! 3\MsgPlus.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\PocketCam 3Mega\ICON.EXE
          C:\lotus\wordpro\ltsstart.exe
          C:\lotus\smartctr\suitest.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\Program Files\Norton AntiVirus\SAVScan.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\hijackthis\HijackThis.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.wanadoo.nl:8080
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.wanadoo.nl;signup.wanadoo.nl;;<local>
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
          O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
          O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
          O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
          O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl/
          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
          O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
          O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          • Citaat

          Comment

          • #6
            Oorspronkelijk geplaatst door KarinAx
            Hierbij weer hetnieuwe logje.

            Ik moest de de map C:\documents and Settings\All Users\Application Data\DentfilmMp3Regs verwijderen alleen deze stond er niet.
            Dan was dat opstart-item in het log dus alleen maar een restje. Het log is nu schoon! Zijn de problemen verholpen?

            Als je Messenger Plus nog eens opnieuw installeert, of een nieuwe versie ophaalt, let dan goed op dat bij de installatie níet is aangevinkt dat de sponsor geïnstalleerd mag worden. Want die sponsor is de ellende die we nu hebben verwijderd...

            Lees ook de volgende pagina's eens, want voorkomen is beter dan genezen:
            Nucia Security Forums
            http://www.nucia.eu/forum/showthread.php?t=55

            Nucia Security Forums
            http://www.nucia.eu/main/spyware_hoevoorkom.html
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X