Help!
Op één van mijn pc's heb ik volgend probleem: wanneer ik opstart komt er direct een schermpje van Norton dat sommige onderdelen gewijzigd zijn. Dit is op zijn minst gezegd raar vermits Norton verwijderd is. Wanneer je dit venstertje sluit, gaat de pc afsluiten en weer opstarten.
Er start ook een venster van IE op met volgende url http://net-corderz.com/Cash/Cash1.html. Dit kan ik op geen enkele manier afsluiten.
Ik heb ad-aware en spybot gedraaid. Spybot vindt 4 zaken, waarvan er steeds 2 niet gerepareerd kunnen worden. (ISearchTech.PowerScan en n-Case).
Hierna vinden jullie mijn logje van Hijackthis. Hopelijk kan er iemand mij helpen om dit in orde te brengen.
Logfile of HijackThis v1.99.0
Scan saved at 17:06:21, on 19/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svhost21.exe
C:\WINDOWS\System32\vcfgload.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\YPager.EXE
C:\WINDOWS\System32\svchost2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\wuamgrder.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\WINDOWS\System32\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\admin\Mijn documenten\Hijackthis\wxp-w2k-catalyst-igp-8-071-041026a-018719c.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Svhost21] svhost21.exe
O4 - HKLM\..\Run: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\Run: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\System32\winampa.exe
O4 - HKLM\..\Run: [Windows Automatic Update] wuamgrder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Video Configuration Loader] vcfgload.exe
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvlsh32.exe
O4 - HKLM\..\RunServices: [Svhost21] svhost21.exe
O4 - HKLM\..\RunServices: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\RunServices: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows Compliant] rrievi.exe
O4 - HKLM\..\RunServices: [Windows Automatic Update] wuamgrder.exe
O4 - HKLM\..\RunServices: [Video Configuration Loader] vcfgload.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [Svhost21] svhost21.exe
O4 - HKLM\..\RunOnce: [Video Configuration Loader] vcfgload.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Svhost21] svhost21.exe
O4 - HKCU\..\Run: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKCU\..\Run: [Windows Compliant] rrievi.exe
O4 - HKCU\..\Run: [Video Configuration Loader] vcfgload.exe
O4 - HKCU\..\RunServices: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKCU\..\RunOnce: [Svhost21] svhost21.exe
O4 - HKCU\..\RunOnce: [Video Configuration Loader] vcfgload.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Bedankt voor jullie hulp aan een computerleek
Op één van mijn pc's heb ik volgend probleem: wanneer ik opstart komt er direct een schermpje van Norton dat sommige onderdelen gewijzigd zijn. Dit is op zijn minst gezegd raar vermits Norton verwijderd is. Wanneer je dit venstertje sluit, gaat de pc afsluiten en weer opstarten.
Er start ook een venster van IE op met volgende url http://net-corderz.com/Cash/Cash1.html. Dit kan ik op geen enkele manier afsluiten.
Ik heb ad-aware en spybot gedraaid. Spybot vindt 4 zaken, waarvan er steeds 2 niet gerepareerd kunnen worden. (ISearchTech.PowerScan en n-Case).
Hierna vinden jullie mijn logje van Hijackthis. Hopelijk kan er iemand mij helpen om dit in orde te brengen.
Logfile of HijackThis v1.99.0
Scan saved at 17:06:21, on 19/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svhost21.exe
C:\WINDOWS\System32\vcfgload.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\YPager.EXE
C:\WINDOWS\System32\svchost2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\wuamgrder.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\WINDOWS\System32\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\admin\Mijn documenten\Hijackthis\wxp-w2k-catalyst-igp-8-071-041026a-018719c.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Svhost21] svhost21.exe
O4 - HKLM\..\Run: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\Run: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\System32\winampa.exe
O4 - HKLM\..\Run: [Windows Automatic Update] wuamgrder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Video Configuration Loader] vcfgload.exe
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvlsh32.exe
O4 - HKLM\..\RunServices: [Svhost21] svhost21.exe
O4 - HKLM\..\RunServices: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\RunServices: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Windows Compliant] rrievi.exe
O4 - HKLM\..\RunServices: [Windows Automatic Update] wuamgrder.exe
O4 - HKLM\..\RunServices: [Video Configuration Loader] vcfgload.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [Svhost21] svhost21.exe
O4 - HKLM\..\RunOnce: [Video Configuration Loader] vcfgload.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Svhost21] svhost21.exe
O4 - HKCU\..\Run: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKCU\..\Run: [Windows Compliant] rrievi.exe
O4 - HKCU\..\Run: [Video Configuration Loader] vcfgload.exe
O4 - HKCU\..\RunServices: [Microsoft Service Pack2.1] svchost2.exe
O4 - HKCU\..\RunOnce: [Svhost21] svhost21.exe
O4 - HKCU\..\RunOnce: [Video Configuration Loader] vcfgload.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Bedankt voor jullie hulp aan een computerleek
