Helpmij tegen spyware offensief (deel 2)

Status
Niet open voor verdere reacties.
hey pieter,

\Hier de log van een vriend van me, kan je even voor me kijken. alvast bedankt,

Logfile of HijackThis v1.97.7
Scan saved at 14:31:40, on 27-1-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINZIP\WINZIP~1\winzip32.exe
C:\Documents and Settings\Mark Jochems\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.scrk.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.scrk.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.scrk.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME2.DLL
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Suggestions (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Mark Jochems\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{061D8CDC-8765-4D12-810D-681DDE273FA2}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E1ADA2-E92E-4EE2-B3B7-DC09F426F12E}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{061D8CDC-8765-4D12-810D-681DDE273FA2}: NameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{061D8CDC-8765-4D12-810D-681DDE273FA2}: NameServer = 192.168.1.10



Greetz, kor
 
Wie kan me met deze vraag helpen.

Elke keer als ik mijn comp. opstart met internet explorer krijg ik links van me in het scherm Search the web .

Elke keer klik ik hem weg en dan blijft hij ook weg. Maar weer opnieuw opgestart heb, krijg ik hem weer!!!!!!

Al in msconfig gekeken maar daar staat ook niks bijzonders.

Wie kan mij helpen???

Heb ad- aware gedraaid en 63 file's verwijderd. Mijn comp. opnieuw opgestart maar krijg weer het zelfde scherm te zien.
Zijn er nog opties?

Hoor het graag.


Met vriendelijke groet,

Bezoeker
 
Geplaatst door bezoeker
Wie kan me met deze vraag helpen.

Elke keer als ik mijn comp. opstart met internet explorer krijg ik links van me in het scherm Search the web .

Elke keer klik ik hem weg en dan blijft hij ook weg. Maar weer opnieuw opgestart heb, krijg ik hem weer!!!!!!

Al in msconfig gekeken maar daar staat ook niks bijzonders.

Wie kan mij helpen???

Heb ad- aware gedraaid en 63 file's verwijderd. Mijn comp. opnieuw opgestart maar krijg weer het zelfde scherm te zien.
Zijn er nog opties?

Hoor het graag.


Met vriendelijke groet,

Bezoeker
Klik om te vergroten...

Zoals in je andere topic (http://www.helpmij.nl/forum/showthread.php?threadid=149898) al twee maal is aangegeven, kun je dit probleem oplossen door in het topic waarin je je nu bevindt een HijackThis-log te plaatsen en vervolgens de adviezen van de expert(s) af te wachten en op te volgen. Waar je HijackThis kunt vinden en hoe je een log maakt kun je in het eerste bericht van het onderhavige topic lezen.
 
Oke,

Hier is mijn Hijack This-log.

Logfile of HijackThis v1.97.7
Scan saved at 16:02:09, on 27-1-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\EPOAGENT\NAIMAS32.EXE
C:\EPOAGENT\NAIMAG32.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\MAPISP32.EXE
C:\WINDOWS\SYSTEM\AWFXEX32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.100.4:8080
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NaimAgent_Service] C:\EPOAgent\naimas32.exe
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -S c:\ie.reg
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\MGAQDESK.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Frame in een nieuw venster openen - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Markeren - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: Zoeken op het &web - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Lijst met koppelingen - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Inzoomen - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Uit&zoomen - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: Lij&st met afbeeldingen - C:\WINDOWS\Web\imglist.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1} (IE Active Setup Control) - http://www.microsoft.com/windows/ie_intl/nl/ie40/download/cdf/setupctl.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexyworld.nl/hardcoreplaza/test2/sexy.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw4fd.law4.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37992.0216203704





Hoop op een antwoord.


Met vriendelijke groet,

Bezoeker
 
Hoi Pieter,

Als je het er nog een keer bij tussen kunt krijgen?!?! Zie dat het aardig doorloopt met de Logfiles..... dus kijk maar wanneer je er tijd voor hebt......

Groeten Assie


Logfile of HijackThis v1.97.7
Scan saved at 16:15:13, on 27-1-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Palm\Firepad\FirePublisher\FPService.exe
C:\Program Files\Palm\Firepad\FirePublisher\FirePublisher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Voetbal International\WatchDog.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\aderksen\APPLIC~1\ouckyitr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
D:\program files\CD Foongids\cdftray.exe
C:\DOCUME~1\aderksen\LOCALS~1\Temp\Jna3.exe
D:\Program Files\Mousotron Pro\Mousotron.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Palm\HOTSYNC.EXE
D:\Program Files\News Clock\Wereldomroep_News_Clock.exe
C:\Program Files\RMClient\PMCTray.exe
D:\RSI progs\WorkPace 3.0\WorkPace 3.0\WorkPace.exe
C:\DOCUME~1\aderksen\LOCALS~1\Temp\_Wereldomroep_News_Clock.exe
C:\Novell\GroupWise\GrpWise.exe
C:\WINDOWS\winrar.exe
C:\ACAD2000\acad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AproposClient\Apropos.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Novell\GroupWise\ADDRBOOK.EXE
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my.search/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.search/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.search/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.search/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcwebtools.support.hp.com/goto/?Platform=hpaddon&ObjectType=nl&Name=Buttonwww
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcwebtools.support.hp.com/goto/?Platform=hpaddon&ObjectType=nl&Name=Buttonwww
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 64.237.53.4 ad.doubleclick.net
O1 - Hosts: 64.237.53.4 aff.weatherbug.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 64.237.53.4 doubleclick.net
O1 - Hosts: 64.237.53.4 my.search
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {055f78c2-4582-450e-8522-a40028f0579d} - C:\DOCUME~1\aderksen\APPLIC~1\chqsoofrllp.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\Palm\FireConverterBrowserHelperObject.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: sitrtrwzeel - {b8b0898f-532d-4e2d-bbfb-fbf97936c636} - C:\DOCUME~1\aderksen\APPLIC~1\chqsoofrllp.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WatchDogExe] C:\Program Files\Voetbal International\WatchDog.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CDFoon System-Tray] d:\program files\CD Foongids\cdftray.exe
O4 - HKCU\..\Run: [Mousotron] D:\Program Files\Mousotron Pro\Mousotron.exe
O4 - HKCU\..\Run: [radarfic] D:\Program Files\Flitsservice\Flitsservice.nl\radarfic.exe /startup
O4 - HKCU\..\Run: [quicken] C:\WINDOWS\waol.exe
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - Startup: Wereldomroep News Clock.lnk = D:\Program Files\News Clock\Wereldomroep_News_Clock.exe
O4 - Startup: WorkPace 3.0.lnk = D:\RSI progs\WorkPace 3.0\WorkPace 3.0\WorkPace.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O4 - Global Startup: update.bat.lnk = PUBLIC\virusupdate\update.bat
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Add to FireViewer Conduit (HKLM)
O9 - Extra 'Tools' menuitem: Add to FireViewer Conduit (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37992.0154513889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8988C57-7213-41A3-B367-6BAD7C921664}: NameServer = 80.65.96.50,195.86.120.12
 
Geplaatst door kvessen


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.scrk.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.scrk.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.scrk.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.scrk.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.scrk.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME2.DLL
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
Klik om te vergroten...

Hoi kvessen,

Unzip hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. In een Temp map verdwijnen die nogal gemakkelijk.

Het bovenstaande moet allemaal weg, maar ik heb geen zin om dat stuk voor stuk op te lepelen, aangezien AdAware en Spybot S&D het grootste deel voor hun rekening genomen zouiden hebben als je die eerst gebruikt had.

Groetjes,

Pieter
 
Geplaatst door bezoeker
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -S c:\ie.reg

O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexyworld.nl/hardcoreplaza/test2/sexy.exe

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
[/url]
Klik om te vergroten...

Hoi bezoeker,

Verplaats hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. En dat wordt zo'n zootje op je bureaublad. :)

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Download and run: http://www.merijn.org/files/CWShredder.exe

Start dan opnieuw op en verwijder:
c:\ie.reg

Groetjes,

Pieter
 
Geplaatst door A. Derksen
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my.search/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.search/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.search/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.search/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php

O1 - Hosts: 64.237.53.4 ad.doubleclick.net
O1 - Hosts: 64.237.53.4 aff.weatherbug.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 64.237.53.4 doubleclick.net
O1 - Hosts: 64.237.53.4 my.search
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {055f78c2-4582-450e-8522-a40028f0579d} - C:\DOCUME~1\aderksen\APPLIC~1\chqsoofrllp.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: sitrtrwzeel - {b8b0898f-532d-4e2d-bbfb-fbf97936c636} - C:\DOCUME~1\aderksen\APPLIC~1\chqsoofrllp.dll

O4 - HKCU\..\Run: [quicken] C:\WINDOWS\waol.exe
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
Klik om te vergroten...

Hoi A. Derksen,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Download and run: http://www.merijn.org/files/CWShredder.exe

Start dan opnieuw op en verwijder:
C:\Program Files\AproposClient <= de hele map

Groetjes,

Pieter
 
Pieter nog bedankt voor het lezen van mijn log
Ik kan nog steeds niet op de website van www.jigzone.com komen,pc bevriest en via Ctrl Alt Del zie ik dat de site niet reageert onder in de Taskmanager staat 'onbekend' en dan komt weer de error met stack-dump en onbekend heeft etc
Ik heb SpywareBlaster en SpywareGuard op mijn pc misschien dat het daar aan ligt
Ik heb in het register URLSearchHooks maar gewist want die kwam ook iedere keer weer
Misschien is onderstaande informatie van belang voor Merijn
CoolWWWSearch.008k: URL Search Hook (Register-waarden., nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Best Regards
 
Hoi Arretje,

Aan SpywareBlaster en SpywareGuard ligt het niet.
Die heb ik ook allebei en ik kom er prima op.

Groetjes,

Pieter
 
Oke dan, next:

Logfile of HijackThis v1.97.7
Scan saved at 20:11:06, on 27-1-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP\wsbho2K0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MPB] C:\WINDOWS\System32\MPB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....com/mickey/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.2884953704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4317/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
 
Hallo,

pc start sinds kort langzaam op....misschien ligt hier de oplossing...ik heb gescand met Ad-Aware:


Logfile of HijackThis v1.97.7
Scan saved at 22:44:00, on 27-1-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Documents and Settings\RutgerV\Bureaublad\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.balpol.local/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.16e058] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.16e058"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....com/abarth/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.2834837963
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} (PSNQuerySystem Class) - http://pmb001.3m.com/pub/psnotes/psnudate.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
 
Allemaal bedankt, bij mij is het gelukt.

thx.........

Groeten,

Bezoeker :thumb:
 
Hallo,

Hier heb je mijn logfile, heb geen idee wat het allemaal betekent maar ik hoor graag wat weg mag !!!!

Bedankt,

groeten,

eelco



Logfile of HijackThis v1.97.7
Scan saved at 10:11:02, on 28-1-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx.exe
C:\PROGRA~1\MULTIM~1\MMKbd.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack\HijackThis.exe
C:\Program Files\Kazaa K++\Kazaa.kpp

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bb-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchsa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer -
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx.exe
O4 - HKLM\..\Run: [Multimedir KBD] C:\PROGRA~1\MULTIM~1\MMKbd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [MemMonster] C:\Program Files\Magellass\MemMonster\memmnstr.exe /S
O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.nl/redirect/startpage/dial_up/dut/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37988.2102199074
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D4FA7D-47A5-4210-8B3E-1D370515C8AA}: NameServer = 130.244.127.161 130.244.127.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D4FA7D-47A5-4210-8B3E-1D370515C8AA}: NameServer = 130.244.127.161 130.244.127.169
 
Geplaatst door Rutger V

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe ***

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" ***

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR <= Ik zie ook PCCillin. Gebruik je McAfee nog wel?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE ***

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe ***
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Klik om te vergroten...

Hoi Rutger V,

Ik ben zo vrij geweest om wat onnodige opstarters aan het lijstje toe te voegen. Voor de duidelijkheid heb ik daar *** achter gezet.

Vink je selectie aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op en verwijder:
C:\Program Files\Common Files\GMT <= de hele map

Groetjes,

Pieter
 
Geplaatst door baardman
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bb-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchsa.htm

O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com

O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
Klik om te vergroten...

Hoi baardman,

Download en run: http://www.merijn.org/files/CWShredder.exe

Start daarna opnieuw op, run HijackThis nog een keer en zet een vinkje voor alle bovengenoemde items die nog over zijn.
Sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna nog een keer opnieuw op.

Groetjes,

Pieter
 
laatste x hijack log tycajoy

Oké, met de nodige hulp van Buffy nu dan toch op de juiste plek aanbeland...

Voor alle duidelijkheid: ik heb gescand met zowel adaware als spybot, en de mappen "cookies" en "tempfiles" geleegd. Onnodige start-ups zou ik er graag uit hebben.

Ik heb een probleem met msn-messenger; ik word automatisch aan en afgemeld. Niet van levensbelang, en geen idee of dat hier wat mee te maken heeft, maar ik zet het er toch maar bij.

Alvast bedankt!

Gr's Tycajoy


Logfile of HijackThis v1.97.7
Scan saved at 10:23:47, on 28-01-2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\AVG ANTIVIRUS\AVGSERV9.EXE
C:\PROGRAM FILES\FIREWALL SYGATE\SMC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAM FILES\AVG ANTIVIRUS\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP PLAYER\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD\CG16EH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYWARE\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVGANT~1\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\FIREWA~1\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\WinAmp Player\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVGANT~1\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\FIREWALL SYGATE\SMC.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37899.497337963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
 
Hoi Pieter,

Met het opnieuw opstarten bedoel je dan de computer of het programmaatje Hijack ? Heeft een hoop dingen gevonden. Voornamelijk allemaal van die sex dialers enz. Wist niet dat dat er allemaal opstond !

Als ik nu , ADAWARE, Hijack, Spybot en regcleaner regelmatig doe , blijf ik dan clean ?

Dank je
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan