Helpmij tegen spyware offensief

Status
Niet open voor verdere reacties.
Geplaatst door Masera

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

Ik heb gescand met Ad-aware én Spybot. Goed initiatief Pieter :)
Klik om te vergroten...


Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

Groetjes,

Pieter
 
Re: logfile op verzoek

Geplaatst door sigma

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
Klik om te vergroten...
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

De onderstaande ken ik niet. Kun je me vertellen waar die van zijn en of het echt nodig is dat ze opstarten?

O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - Global Startup: Nuria.lnk = C:\Program Files\IPing\Nuria\Nuria.exe

Groetjes,

Pieter
 
Geplaatst door Arthur de Smet

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20d60511fc4cbbe96f05/netzip/RdxIE601.cab
Klik om te vergroten...

Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

Deze ken ik niet:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=http://www.beefheart.com/zine/radio.htm;javascriptnotallowedLaunchBroadcast("rhubub")

Deze kun je ook laten fixen tenzij je dat voor medegebruikers van je PC hebt ingesteld in Spybot S&D:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Groetjes,

Pieter
 
Geweldig initiatief Pieter Arnzt :thumb:
Veel suc6 ik snap er namelijk niet veel van

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\ruben van der steen.RVDS-NBVV450GDF\Bureaublad\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=112423
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=112423
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.vi.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=112423
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak=http://www.vi.nl/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0095C453-DC53-4396-A8FB-F60F5F9E89D0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111112} - http://www.opdebank.nl/launcher.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pgc.planet.nl/classes/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {940EC490-8C20-4360-A725-1F44984933DF} (fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

:confused:
 
Logfile of HijackThis v1.95.0
Scan saved at 20:04:01, on 5-7-2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAM FILES\CPAL\CPBRWTCH.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\AUTOSIZER\AUTOSIZER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARDCP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CPAL\CPAL.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BEVEILIGING\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.zeelandnet.nl/mijn/index.php?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=cache.zeelandnet.nl:800
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_1.1.70-deleon.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_1.1.70-deleon.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Cookie Pal] "C:\PROGRAM FILES\CPAL\CPBrWtch.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AutoSizer] "C:\PROGRAM FILES\AUTOSIZER\AUTOSIZER.EXE" /h
O4 - Startup: SpywareGuard Control Panel.lnk = C:\Program Files\SpywareGuard\spywareguardcp.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: RoboForm Werkbalk &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: InvulFormulieren &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Sla Formulieren op &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Identiteit Bewerker &, - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Passcards &. - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Invullen van &Identiteit &; - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillIdent.html
O8 - Extra context menu item: Invullen van &Passcard &' - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillPass.html
O8 - Extra context menu item: Aanpassen &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk &2 (HKLM)
O9 - Extra button: InvulFormulieren (HKLM)
O9 - Extra 'Tools' menuitem: InvulFormulieren &] (HKLM)
O9 - Extra button: Opslaan (HKLM)
O9 - Extra 'Tools' menuitem: Sla Formulieren op &[ (HKLM)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/nl-nl/msnchat4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/dutch/TemplateGallery/msotd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37591.0561111111
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab



Klasse Pieter!! enne bedankt!

Verrekt ben te laat sorry
 
Laatst bewerkt:
Geplaatst door excelsior

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=112423
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=112423
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=112423
O3 - Toolbar: (no name) - {0095C453-DC53-4396-A8FB-F60F5F9E89D0} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {940EC490-8C20-4360-A725-1F44984933DF} (fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab
Klik om te vergroten...

Dat was wel nodig. Ik hoop dat je geen telefoonmodem hebt. :eek:

Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

Groetjes,

Pieter
 
Wat is er aan de hand dan, ik snap het namelijk niet :rolleyes:
 
Geplaatst door woutrora

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab <= alleen als hij ouder is dan 26-6-2003
Klik om te vergroten...

Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

Groetjes,

Pieter
 
Ok ik heb ook last van een opstart-schermpje van windows waar ik mn wachtwoord moet intikken, terwijl ik geen wachtwoord heb, hoort dat erbij ?
 
Logfile of HijackThis v1.95.0
Scan saved at 19:55:14, on 5-7-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\OPERA\OPERA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\TRILLIAN\TRILLIAN.EXE
D:\ULTIMATEZIP\UZIP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.dailycom.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.dailycom.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchsa.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton\Norton-Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~2\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton\Norton-Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Download with Star Downloader - D:\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
O9 - Extra button: Copernic (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.dailycom.nl
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/nl/win/QuickTimeInstaller.exe
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

IK hoop dat ik niet te vroeg ben.
 
Pieter, als je nieuwe regels of update's heb aub vermelden in aangepast eerst bericht. Niet in de topic. Ik scroll ze niet allemaal na namelijk (:olui he).

;)
 
Geplaatst door nteusink


Die mag ook nog wel weg denk ik. (Ook dialer denk ik als ik de site zo zie)
Klik om te vergroten...

Klopt VX2 Transponder. Misleidende naam. Ik dacht een of andere voetbalsite aan te treffen.

Thnx nteusink,

@Excelsior,

Haal die ook weg.

Pieter
 
Geplaatst door Dolfhin

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.dailycom.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.dailycom.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchcs.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchsa.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
O14 - IERESET.INF: START_PAGE_URL=http://www.dailycom.nl
Klik om te vergroten...

Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

Groetjes,

Pieter
 
Excelsior,

Heb je die derde dialer, die Nteusink nog gevonden had, ook verwijderd?

Groetjes,

Pieter
 
Geplaatst door Pieter Arntz


Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Daarna opnieuw opstarten.

Groetjes,

Pieter
Klik om te vergroten...


Thankz man. Compu gaat weer wat sneller nog ff restarten

thumb-up.gif
 
Ja gelukkig wel, wat er deze tijd wel allemaal niet meer op je computer kan komen :(

Maar mag je hier zo vaak posten als je wil ?
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan