Mededeling

Collapse
No announcement yet.

elke keer weer meer spyware

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    elke keer weer meer spyware

    ls,

    Ik heb eerst ad-aware SE gedraaid en daarna hijackthis versie 1.98.2.
    Versie 1.99 loopt steeds vast op deze computer.
    Vast bedankt voor het kijken en de reactie.
    Groet, Jeanette

    Logfile of HijackThis v1.98.2
    Scan saved at 19:19:34, on 22-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\WinAce\WinAce.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Jeanne\LOCALS~1\Temp\tb_setup.exe /dcheck
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.windupdates.com
    O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{231F6F9C-F8EE-4A6C-8CD3-A83ABE60FE8C}: NameServer = 194.134.5.5 194.134.5.55
    O19 - User stylesheet: (file missing)
    O21 - SSODL: System - {FC47E59F-8CCE-4839-A0F2-B60E5DF712CD} - C:\WINDOWS\system32\system32.dll (file missing)
    Labels: Geen
    • Citaat
  • #2
    Hoi Jeanette, welkom op ASO!

    Zou je nog eens met AdAware SE willen scannen? Ik zie dat WinTools draait op je pc en AdAware SE (mits up-to-date) zou dat moeten verwijderen. Scan desnoods even in veilige modus met AdAware SE.

    Maak daarna een nieuw HijackThis-log en plaats dat hier.
    • Citaat

    Comment

    • #3
      ls,

      Ik heb nu eerst ad-aware SE in de veilige modus gedraaid. Maar omdat ik toch internet op moet, direct na opstarten nog eens. En weer vindt ie een hoop zooi.
      Daarna HijackThis, versie 1.99
      Die loopt niet meer vast.
      Ondertussen heb ik wel al ruzie gekregen met NAV en blijft de rotzooi binnen komen, grrrrrr.
      Het zou fijn zijn als in onderstaande tekst een schuldige kan worden aangewezen.
      Vast bedankt!
      Groet, Jeanette


      Logfile of HijackThis v1.99.0
      Scan saved at 14:12:34, on 14-1-2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\SCANJET\PrecisionScanLT\hppwrsav.exe
      C:\WINDOWS\Mixer.exe
      C:\WINDOWS\System32\ntcpl.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\system32\pctspk.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
      F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
      O4 - HKLM\..\Run: [rn4d] C:\WINDOWS\System32\f0r0r\kolder.exe C:\WINDOWS\System32\f0r0r\dirote.exe
      O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
      O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\System32\ntcpl.exe
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll (HKCU)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.windupdates.com
      O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      O15 - Trusted Zone: *.windupdates.com (HKLM)
      O15 - Trusted IP range: 67.19.185.246
      O15 - Trusted IP range: (HKLM)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
      O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104300974312
      O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{231F6F9C-F8EE-4A6C-8CD3-A83ABE60FE8C}: NameServer = 194.134.5.5 194.134.5.55
      O19 - User stylesheet: (file missing)
      O21 - SSODL: System - {FC47E59F-8CCE-4839-A0F2-B60E5DF712CD} - C:\WINDOWS\system32\system32.dll (file missing)
      O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
      O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      • Citaat

      Comment

      • #4
        Hoi Jeanette,

        Die pc is inderdaad niet bepaald schoon.


        1. Scan met HijackThis en vink de volgende items aan:

        R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

        R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

        F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe

        O4 - HKLM\..\Run: [rn4d] C:\WINDOWS\System32\f0r0r\kolder.exe C:\WINDOWS\System32\f0r0r\dirote.exe
        O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\System32\ntcpl.exe

        O9 - Extra button: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll
        O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll
        O9 - Extra button: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll (HKCU)
        O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5E6FAD31-213C-43E5-BB7D-0AEE66B7EF53} - C:\WINDOWS\System32\intlmain.dll (HKCU)

        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted IP range: 67.19.185.246
        O15 - Trusted IP range: (HKLM)

        O19 - User stylesheet: (file missing)

        O21 - SSODL: System - {FC47E59F-8CCE-4839-A0F2-B60E5DF712CD} - C:\WINDOWS\system32\system32.dll (file missing)
        Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

        2. Herstart de pc in veilige modus.
        Mocht je niet weten hoe dat moet, kijk dan hier even: http://users.telenet.be/marcvn/spyware/1378056.htm

        Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
        Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

        Verwijder nu, in veilige modus dus, de volgende bestanden en mappen (voor zover nog aanwezig):

        C:\WINDOWS\System32\f0r0r <- die map
        C:\Program Files\EnterOne <- die map
        C:\WINDOWS\System32\ntcpl.exe <- dat bestand
        C:\WINDOWS\System32\intlmain.dll <- dat bestand
        C:\Program Files\Common Files\Microsoft\MSInfo\msinfo.exe <- dat bestand (let op: NIET verwarren met msinfo32.exe!)

        Zoek via Start -> Zoeken ook het volgende bestand op en verwijder het:

        bootconf.exe <- dat bestand

        3. Herstart de pc in 'normale modus'.

        4. Draai CWShredder: http://cwshredder.net/bin/CWShredder.exe
        Gebruik de Fix knop.

        5. Scan online bij Housecall: http://housecall.trendmicro.com/hous...start_corp.asp

        6. Start de pc opnieuw op, maak een nieuw log en plaats dat hier.
        • Citaat

        Comment

        • #5
          ls,

          De nieuwe log.
          Heb alle punten afgewerkt.
          Kon alleen msinfo.exe en bootconf.exe niet vinden.
          Groet, Jeanette

          Logfile of HijackThis v1.99.0
          Scan saved at 17:42:27, on 14-1-2005
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\SCANJET\PrecisionScanLT\hppwrsav.exe
          C:\WINDOWS\Mixer.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\system32\pctspk.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Hijackthis\HijackThis.exe
          C:\WINDOWS\system32\wuauclt.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
          O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
          O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
          O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
          O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
          O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
          O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
          O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
          O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
          O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
          O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
          O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104300974312
          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
          O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
          O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{231F6F9C-F8EE-4A6C-8CD3-A83ABE60FE8C}: NameServer = 194.134.5.5 194.134.5.55
          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
          • Citaat

          Comment

          • #6
            Ziet er goed uit, Jeanette. Draait de pc nu weer naar behoren?

            Neem alsjeblieft de nodige preventieve maatregelen. Zie http://www.nucia.eu/forum/showthread.php?t=55.
            • Citaat

            Comment

            • #7
              Buffy,

              Dank voor de snelle reacties, mede namens de buurvrouw, de eigenares van de PC.
              Zal de voorzorgsmaatregelen ook lezen en doen. Maar eerst nog m'n ruzie met NAV 2003 uitvechten....

              Groet, Jeanette
              • Citaat

              Comment

              • #8
                Graag gedaan.

                Hoezo heb je ruzie met NAV 2003?
                • Citaat

                Comment

                • #9
                  Krijg 'm niet goed geïnstalleerd.
                  Heb idee dat ie wel draait op de achtergrond, maar kan het scherm waarin je je instellingen aangeeft niet te voorschijn toveren. Krijg daar ook een foutmelding over. Is leuke kraker voor komend weekend.....

                  Groet, Jeanette
                  • Citaat

                  Comment

                  Vorige template Volgende
                  Sorry, you are not authorized to view this page
                  Working...
                  X