Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

probleem bij de computer van mijn zus

Anoniem
schatsberg
28 antwoorden
  • [b:6f4518a5e3]Ik heb een probleem met de computer van mijn zus, deze geeft immens veel foutmeldingen en de internetactiviteit is uitgeschakeld.

    Vanwege communicatie via verschillende woonplaatsen kan ik niet snel reageren op dit forum.

    Hierbij het HJT file:[/b:6f4518a5e3]
    ——————————–
    Logfile of HijackThis v1.97.7
    Scan saved at 22:04:38, on 25-12-2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trust\Trust keyboard utility\1.1
    hksrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\cdfoon\trayapp.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE
    C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\REGEDIT.EXE
    C:\Program Files\Hotbar\bin\4.3.6.0\HbSrv.exe
    C:\Program Files\Messenger\msmsgs.exe
    A:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe /Upgrade
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
    O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    O4 - Global Startup: CorelCENTRAL-signalen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

    ———————
    [b:6f4518a5e3]
    Bij voorbaat dank

    ADB[/b:6f4518a5e3]



  • Je draait nogal wat software op de achtergrond, schakel hier van uit wat niet perse nodig is. Draai verder eens adaware en/of spybot, en kijk eens wat dat geeft.
  • Ik ben hier nog niet zo in thuis, maar heb er toch maar aan gewaagd.

    Kijk of dit bij msconfig - tab opstarten voorkomt:
    C:\WINDOWS\system32\lsass.exe
    Zo ja dan uitschakelen.
    Maak je gebruik van een creative soundcard dan kan deze blijven staan. Anders kan dit het resultaat van een virus zijn: C:\WINDOWS\System32\devldr32.exe.

    Laat HT volgende items fixen:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll
    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe /Upgrade
    O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
  • we vermoeden dat er iets haar av uitgeschakeld heeft dus virus en trojan horses hebben vrij spel
    een van haar zoons heeft sites van s** en andere troep bezocht dus hier vandaan kan ook rare troep vandaan komen
  • adaware en spybot gedraaid
    totaal rium 500 programma's verwijderd
    een nieuwe hjt file komt er aan
  • nieuwe hjt file
    Logfile of HijackThis v1.97.7
    Scan saved at 18:24:30, on 30-12-2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trust\Trust keyboard utility\1.1
    hksrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\REGEDIT.EXE
    C:\cdfoon\trayapp.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eigenaar\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
    O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    O4 - Global Startup: CorelCENTRAL-signalen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE765D2B-371B-4B0F-A9DA-22C201E79689}: NameServer = 194.134.5.5 194.134.5.55



  • Deze zaken kan je laten fixen door HT.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
  • O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe

    mijn zus zoekt met deze cdfoon gids veel naar adressen en telefoonnummers

    is deze soms adaware en spybot gevoelig dat jullie adviseren om hem uit te zetten?
  • Geen spyware.
    Leek me niet noodzakelijk dat dit mee opstart. Vandaar. Als je wil kan je deze altijd laten staan.
  • [quote:e23a40f54e="M@rc"]Geen spyware.
    Leek me niet noodzakelijk dat dit mee opstart. Vandaar. Als je wil kan je deze altijd laten staan.[/quote:e23a40f54e]
    M@rc bedankt voor de hulp
    mijn zus heeft het blijkbaar niet goed begrepen dat ze alleen de items die jij aangaf moest laten fixen en heeft alles wat aangegeven is laten doen
    met als gevolg computer start niet meer op
    wordt dus voor haar alles opnieuw installeren
  • Tijdens booten op F8 drukken.
    Laatst goed werkende configuratie?
    of
    Repair install van XP?
  • dan zijn we weer bij het begin en is het herinstalleren sneller
  • Logfile of HijackThis v1.97.7
    Scan saved at 20:06:35, on 3-1-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1
    hksrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\REGEDIT.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Eigenaar\Local Settings\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe
    C:\Program Files\Outlook Express\msimn.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    O4 - Global Startup: CorelCENTRAL-signalen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab



  • m@rc mij zus is het gelukt om te herstellen de laatste hjt file is van hierna
    ze is nu bekend onder schatsberg hier
    groetjes adb
  • Deze zou je nog door HT kunnen laten repareren:
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe

    Voor de rest denk ik dat ie clean is.
  • bedankt Marc voor je raad. Ik heb het allemaal gedaan maar de computer blijft langzaam
  • Misschien starten ook heel wat onnodige zaken op achtergrond mee op.
    Kijk even via start - uitvoeren - msconfig - tabblad opstarten en vink uit wat niet noodzakelijk mee moet opstarten.
  • dit heb ik geprobeerd maar dan wil mijn computer alleen in hulpsysteem opstarten
  • we blijven toch nog met een paar dingen zitten
    hte is aardig schoon geworden maar we zien vier dingen die niet passen

    Logfile of HijackThis v1.97.7
    Scan saved at 11:29:40, on 10-1-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\program files\Webdialer\od-teen199.exe
    C:\program files\Webdialer\od-teen198.exe
    C:\program files\Webdialer\od-stnd232.exe
    C:\program files\Webdialer\od-stnd192.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe
    C:\Program Files\Trust\Trust keyboard utility\1.1
    hksrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\REGEDIT.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Rar$EX03.864\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    [b:fcb36f4167]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/b:fcb36f4167]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe
    O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://download.online-dialer.com/MaConnect.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    [b:fcb36f4167]O4 - HKCU\..\Run: [od-teen199] c:\program files\Webdialer\od-teen199.exe -m
    O4 - HKCU\..\Run: [od-teen198] c:\program files\Webdialer\od-teen198.exe -m
    O4 - HKCU\..\Run: [od-stnd232] c:\program files\Webdialer\od-stnd232.exe -m
    O4 - HKCU\..\Run: [od-stnd192] c:\program files\Webdialer\od-stnd192.exe -m[/b:fcb36f4167]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab



  • Onduidelijke log - iets misgelopen bij copy/paste?

    Laat HT volgende items repareren:
    O4 - HKCU\..\Run: [od-teen199] c:\program files\Webdialer\od-teen199.exe -m
    O4 - HKCU\..\Run: [od-teen198] c:\program files\Webdialer\od-teen198.exe -m
    O4 - HKCU\..\Run: [od-stnd232] c:\program files\Webdialer\od-stnd232.exe -m
    O4 - HKCU\..\Run: [od-stnd192] c:\program files\Webdialer\od-stnd192.exe
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://download.online-dialer.com/MaConnect.cab

    Sluit af en start de pc vervolgens in veilige modus. Delete volgende map:
    c:\program files\Webdialer (de map webdialer dus!!)


    edit: warom heb je deze in vet gezet? R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

    Als je van deze pagina af wil kan je hem ook laten repareren
    /edit

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.