Mededeling

Collapse
No announcement yet.

gekaapte startpagina (sexsite portal)

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    gekaapte startpagina (sexsite portal)

    Beste Helpers,

    Hierbij het log van een vriendin, die niet veel verstand heeft van computers. Ze heeft Norton AV 2005 met automatische updates, maar verder geen beveiliging. Daar wordt nu hard aan gewerkt (ZoneAlarm, Spywareblaster, Spywareguard etc.).
    Zonet nogmaals gescand met geupdate AdAware SE en Spybot S&D, maar volgens mij staan de eergisteren verwijderde items er gewoon weer in terug.
    Graag jullie hulp bij het verwerken van haar log; alvast bedankt.

    Logfile of HijackThis v1.99.0
    Scan saved at 16:34:40, on 23-12-2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\APPS\ACTIVBOARD\MMKEYBD.EXE
    C:\APPS\ACTIVSURF\4448364\PROGRAM\BACKWEB-4448364.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\APPS\ACTIVBOARD\TRAYMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\NTCPL.EXE
    C:\APPS\ACTIVBOARD\OSD.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hebbes.hetnet.nl/default.asp?zo=1&cs=0&ds=hebbes&ct=clubs,pwp,netkrant
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Het Net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [EW Message Server] msg32.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton Antivirus\\POPROXY.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
    O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    Labels: Geen
    • Citaat
  • #2
    Lees eens goed wat buffy aan jou vermeldt.
    Last edited by Crash; 23-12-04, 17:17. Reden: Mag geen antwoorden op Hijackthis log's plaatsen
    • Citaat

    Comment

    • #3
      Dat is supersnel!!
      Instructies opgevolgd, de Backweb.exe was al weg/stond er niet bij.
      Nieuw log:

      Logfile of HijackThis v1.99.0
      Scan saved at 17:44:33, on 23-12-2004
      Platform: Windows ME (Win9x 4.90.3000)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\WINDOWS\SYSTEM\SSDPSRV.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
      C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
      C:\WINDOWS\SYSTEM\MSG32.EXE
      C:\APPS\ACTIVBOARD\MMKEYBD.EXE
      C:\APPS\ACTIVSURF\4448364\PROGRAM\BACKWEB-4448364.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
      C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
      C:\APPS\ACTIVBOARD\TRAYMON.EXE
      C:\WINDOWS\SYSTEM\NTCPL.EXE
      C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
      C:\APPS\ACTIVBOARD\OSD.EXE
      C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hebbes.hetnet.nl/default.asp?zo=1&cs=0&ds=hebbes&ct=clubs,pwp,netkrant
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Het Net
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
      O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
      O4 - HKLM\..\Run: [EW Message Server] msg32.exe
      O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
      O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton Antivirus\\POPROXY.EXE
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
      O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
      O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
      O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
      O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
      O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
      O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
      • Citaat

      Comment

      • #4
        @ Gigabit,

        Lees het volgende bericht eens heel goed door: http://www.nucia.eu/forum/showthread.php?t=67


        @ Nanette,

        1. Scan met HijackThis en vink de volgende items aan:
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html

        O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\SYSTEM\NTCPL.EXE
        Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

        2. Herstart de pc in veilige modus.
        Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

        Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
        Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

        Verwijder nu, in veilige modus dus, de volgende bestanden en mappen:

        C:\WINDOWS\SYSTEM\NTCPL.EXE <- dat bestand (dit is het bestand dat ervoor zorgt dat EnterOne steeds terugkomt)
        C:\Program Files\EnterOne <- die map

        3. Herstart de pc in 'normale modus'.

        4. Maak een nieuw log en plaats dat hier.
        • Citaat

        Comment

        • #5
          Hoi Buffy,
          Heb ik iets verkeerd gedaan met het verwijderen van de dingen die ik volgens Gigabit moest verwijderen? Ze staat denk ik nog in de backup en het ging om de volgende items:
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.htm
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
          O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
          Verder heb ik C:\APPS\Activsurf\4448364\program\backweb-4448364.exe in veilige modus verwijderd.

          Jouw aanwijzingen heb ik volledig uitgevoerd en hier is dus het nieuwe log:

          Logfile of HijackThis v1.99.0
          Scan saved at 21:32:41, on 23-12-2004
          Platform: Windows ME (Win9x 4.90.3000)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\WINDOWS\SYSTEM\SSDPSRV.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
          C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
          C:\WINDOWS\SYSTEM\MSG32.EXE
          C:\APPS\ACTIVBOARD\MMKEYBD.EXE
          C:\APPS\ACTIVSURF\4448364\PROGRAM\BACKWEB-4448364.EXE
          C:\APPS\ACTIVBOARD\TRAYMON.EXE
          C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
          C:\APPS\ACTIVBOARD\OSD.EXE
          C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
          C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
          C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
          C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\AUPDATE.EXE
          C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER_2_5.EXE
          C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hebbes.hetnet.nl/default.asp?zo=1&cs=0&ds=hebbes&ct=clubs,pwp,netkrant
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Het Net
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
          O4 - HKLM\..\Run: [EW Message Server] msg32.exe
          O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
          O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton Antivirus\\POPROXY.EXE
          O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
          O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
          O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
          O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
          O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
          O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
          O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
          O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
          O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

          Ik ga nu naar mijn eigen huis+computertje, maar ben er morgen weer indien nodig; alvast bedankt)
          • Citaat

          Comment

          • #6
            Laat HijackThis dit item nog maar even fixen:

            O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup


            Verder is het wel goed nu. De ondeskundige adviezen van Gigabit hebben gelukkig niet echt schade veroorzaakt.
            • Citaat

            Comment

            • #7
              Hoi Buffy,
              Heel hartelijk bedankt voor al je hulp; laatste item is nu in Hijack gefixt en mijn vriendin heeft haar "eigen" startpagina weer terug. Alles funcioneert nu weer goed, dankzij jullie.
              Ook namens haar hele fijne feestdagen gewenst en nogmaals bedankt.
              • Citaat

              Comment

              • #8
                Graag gedaan en jullie ook fijne feestdagen toegewenst!
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X