Vraag & Antwoord

Beveiliging & privacy

probleem bij de computer van mijn zus

28 antwoorden
  • [b:6f4518a5e3]Ik heb een probleem met de computer van mijn zus, deze geeft immens veel foutmeldingen en de internetactiviteit is uitgeschakeld. Vanwege communicatie via verschillende woonplaatsen kan ik niet snel reageren op dit forum. Hierbij het HJT file:[/b:6f4518a5e3] -------------------------------- Logfile of HijackThis v1.97.7 Scan saved at 22:04:38, on 25-12-2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trust\Trust keyboard utility\1.1\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\cdfoon\trayapp.exe C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe C:\Program Files\Common Files\efax\HotTray.exe C:\Program Files\Common Files\efax\Dllcmd32.exe C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe C:\WINDOWS\REGEDIT.EXE C:\Program Files\Hotbar\bin\4.3.6.0\HbSrv.exe C:\Program Files\Messenger\msmsgs.exe A:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe /Upgrade O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL-signalen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab --------------------- [b:6f4518a5e3] Bij voorbaat dank ADB[/b:6f4518a5e3]
  • Je draait nogal wat software op de achtergrond, schakel hier van uit wat niet perse nodig is. Draai verder eens adaware en/of spybot, en kijk eens wat dat geeft.
  • Ik ben hier nog niet zo in thuis, maar heb er toch maar aan gewaagd. Kijk of dit bij msconfig - tab opstarten voorkomt: C:\WINDOWS\system32\lsass.exe Zo ja dan uitschakelen. Maak je gebruik van een creative soundcard dan kan deze blijven staan. Anders kan dit het resultaat van een virus zijn: C:\WINDOWS\System32\devldr32.exe. Laat HT volgende items fixen: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe /Upgrade O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
  • we vermoeden dat er iets haar av uitgeschakeld heeft dus virus en trojan horses hebben vrij spel een van haar zoons heeft sites van s** en andere troep bezocht dus hier vandaan kan ook rare troep vandaan komen
  • adaware en spybot gedraaid totaal rium 500 programma's verwijderd een nieuwe hjt file komt er aan
  • nieuwe hjt file Logfile of HijackThis v1.97.7 Scan saved at 18:24:30, on 30-12-2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trust\Trust keyboard utility\1.1\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\REGEDIT.EXE C:\cdfoon\trayapp.exe C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe C:\Program Files\Common Files\efax\HotTray.exe C:\Program Files\Common Files\efax\Dllcmd32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Eigenaar\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL-signalen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE765D2B-371B-4B0F-A9DA-22C201E79689}: NameServer = 194.134.5.5 194.134.5.55
  • Deze zaken kan je laten fixen door HT. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.250.57.28/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cool-homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://cool-homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-homepage R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MS-Connect/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.57.28/ O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\mspkfl.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
  • O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe mijn zus zoekt met deze cdfoon gids veel naar adressen en telefoonnummers is deze soms adaware en spybot gevoelig dat jullie adviseren om hem uit te zetten?
  • Geen spyware. Leek me niet noodzakelijk dat dit mee opstart. Vandaar. Als je wil kan je deze altijd laten staan.
  • [quote:e23a40f54e="M@rc"]Geen spyware. Leek me niet noodzakelijk dat dit mee opstart. Vandaar. Als je wil kan je deze altijd laten staan.[/quote:e23a40f54e] M@rc bedankt voor de hulp mijn zus heeft het blijkbaar niet goed begrepen dat ze alleen de items die jij aangaf moest laten fixen en heeft alles wat aangegeven is laten doen met als gevolg computer start niet meer op wordt dus voor haar alles opnieuw installeren
  • Tijdens booten op F8 drukken. Laatst goed werkende configuratie? of Repair install van XP?
  • dan zijn we weer bij het begin en is het herinstalleren sneller
  • Logfile of HijackThis v1.97.7 Scan saved at 20:06:35, on 3-1-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE C:\WINDOWS\System32\devldr32.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe C:\Program Files\Common Files\efax\HotTray.exe C:\Program Files\Common Files\efax\Dllcmd32.exe C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe C:\Program Files\Trust\Trust keyboard utility\1.1\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe C:\WINDOWS\REGEDIT.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Eigenaar\Local Settings\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe C:\Program Files\Outlook Express\msimn.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL-signalen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  • m@rc mij zus is het gelukt om te herstellen de laatste hjt file is van hierna ze is nu bekend onder schatsberg hier groetjes adb
  • Deze zou je nog door HT kunnen laten repareren: O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe Voor de rest denk ik dat ie clean is.
  • bedankt Marc voor je raad. Ik heb het allemaal gedaan maar de computer blijft langzaam
  • Misschien starten ook heel wat onnodige zaken op achtergrond mee op. Kijk even via start - uitvoeren - msconfig - tabblad opstarten en vink uit wat niet noodzakelijk mee moet opstarten.
  • dit heb ik geprobeerd maar dan wil mijn computer alleen in hulpsysteem opstarten
  • we blijven toch nog met een paar dingen zitten hte is aardig schoon geworden maar we zien vier dingen die niet passen Logfile of HijackThis v1.97.7 Scan saved at 11:29:40, on 10-1-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\program files\Webdialer\od-teen199.exe C:\program files\Webdialer\od-teen198.exe C:\program files\Webdialer\od-stnd232.exe C:\program files\Webdialer\od-stnd192.exe C:\Program Files\Trust\Trust keyboard utility\1.1\MMKEYB.EXE C:\WINDOWS\System32\devldr32.exe C:\Program Files\Trust\Trust keyboard utility\1.1\TrayMon.exe C:\Program Files\Trust\Trust keyboard utility\1.1\osd.exe C:\Program Files\Trust\Trust keyboard utility\1.1\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe C:\WINDOWS\REGEDIT.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Rar$EX03.864\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ [b:fcb36f4167]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/b:fcb36f4167] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Trust\Trust keyboard utility\1.1\OFFICEKB.exe O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files\Trust\Trust mouse utility\1.1\mouse32a.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://download.online-dialer.com/MaConnect.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [b:fcb36f4167]O4 - HKCU\..\Run: [od-teen199] c:\program files\Webdialer\od-teen199.exe -m O4 - HKCU\..\Run: [od-teen198] c:\program files\Webdialer\od-teen198.exe -m O4 - HKCU\..\Run: [od-stnd232] c:\program files\Webdialer\od-stnd232.exe -m O4 - HKCU\..\Run: [od-stnd192] c:\program files\Webdialer\od-stnd192.exe -m[/b:fcb36f4167]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  • Onduidelijke log - iets misgelopen bij copy/paste? Laat HT volgende items repareren: O4 - HKCU\..\Run: [od-teen199] c:\program files\Webdialer\od-teen199.exe -m O4 - HKCU\..\Run: [od-teen198] c:\program files\Webdialer\od-teen198.exe -m O4 - HKCU\..\Run: [od-stnd232] c:\program files\Webdialer\od-stnd232.exe -m O4 - HKCU\..\Run: [od-stnd192] c:\program files\Webdialer\od-stnd192.exe O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://download.online-dialer.com/MaConnect.cab Sluit af en start de pc vervolgens in veilige modus. Delete volgende map: c:\program files\Webdialer (de map webdialer dus!!) edit: warom heb je deze in vet gezet? R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com Als je van deze pagina af wil kan je hem ook laten repareren /edit

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.