Helpmij tegen spyware offensief

[joepie]

Zou iemand zo vriendelijk willen zijn om dit log eens te bekijken.

Logfile of HijackThis v1.96.0
Scan saved at 21:56:40, on 13-8-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\F-SECURE\COMMON\FSMA32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FSMB32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FCH32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FNRB32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\F-SECURE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FIH32.EXE
C:\PROGRAM FILES\F-SECURE\ANTI-VIRUS\FSSM32.EXE
C:\PROGRAM FILES\F-SECURE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FSM32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\CDFOON\TRAYAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
A:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Koppelingen
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program
Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE"
-atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [fsaa] C:\Program Files\F-Secure\Common\fsaa.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program
Files\F-Secure\Common\FSMA32.EXE
O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\trayapp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: F-Secure BackWeb.lnk = C:\Program
Files\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe
O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program
Files\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe


Gaat ook om searchbar.linksummary.com

Bleef steeds maar terugkomen.

Alvast bedankt voor de moeite.

 

[ojan]

Aan Joepie & Woutrora...

Geplaatst door Pieter Arntz
Nog een paar kleine verzoekjes: post geen log als er nog een onbeantwoord staat (anders slijt mijn scrollwiel te hard en heb je kans dat ik in de war raak). Heb even geduld als dat wat langer duurt.

 

[woutrora]

Geplaatst door ojan
Aan Joepie & Woutrora...

ff op de tijd van posting letten voor je briest!

 

[aaajeetee]

Geplaatst door woutrora


ff op de tijd van posting letten voor je briest!

*dit is ook meer voor joepie bedoelt denk ik*

 

[ojan]

Geplaatst door woutrora


ff op de tijd van posting letten voor je briest!

Oeps, ja nu zie ik het!

Sorry...

 

[Pieter Arntz]

Geplaatst door ojan

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

Hoi ojan,

De UpdReg.exe kan zonder meer weg.

Groetjes,

Pieter

[EDIT] BS verwijderd [/EDIT]

 

[Pieter Arntz]

woutrora,

Niks meer aan doen, tenzij je problemen hebt.
Heb je trouwens je beveiliging voor het internet zo hoog staan dat die forums in je veilige zone moeten?

Groetjes,

Pieter

 

[Pieter Arntz]

Geplaatst door joepie

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.linksummary.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.linksummary.com/

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE"
-atboottime <= onnodig

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE <= nodig???
O4 - Startup: F-Secure BackWeb.lnk = C:\Program
Files\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe
O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program
Files\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
/url]

Ik kan niets verzinnen dat linksummary terug zet, dus zul je even naar je beveiligingsinstellingen moeten kijken.

Leesvoer: http://boards.cexx.org/viewtopic.php?t=957

Groetjes,

Pieter

 

[woutrora]

Geplaatst door Pieter Arntz
woutrora,

Niks meer aan doen, tenzij je problemen hebt.
Heb je trouwens je beveiliging voor het internet zo hoog staan dat die forums in je veilige zone moeten?

Groetjes,

Pieter

Pieter bedankt :thumb:

Ze openen in veilige zone in elk geval stukken beter, vooral beginnersweb ging niet open

 

[joepie]

Pieter bedankt.

Ik begrijp dat ik de zaken die je aandraagt mag verwijderen. Daarna zal ik kijken of die linksummary nog terug wil komen.

 

[ojan]

ok, bedankt! hij is weg...

 

[xanax]

Nog even een log van een kennis van me.
B.V.D

Logfile of HijackThis v1.96.0

Scan saved at 22:03:07, on 14-8-2003

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\Program Files\Trust\350SX CRADLE MOUSE WIRELESS OPTICAL\lwbwheel.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\NoAds\NoAds.exe

E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Nina\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\350SX CRADLE MOUSE WIRELESS OPTICAL\lwbwheel.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab

 

[Bennie]

Ik zie geen Spyware-narigheden.

Groetjes,
Bennie

 

[xanax]

En opstart narigheden ? (vergeten te melden)
Kan je ook messenger ook uitzetten met hijackthis ?

Nog bedankt

 

[speenbrain]

hallo Pieter Arntz wil je deze lijst ff na kijken


Logfile of HijackThis v1.96.0
Scan saved at 23:47:32, on 14-8-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Office keyboard utility\1.1\nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Office keyboard utility\1.1\OFFICEKB.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Office keyboard utility\1.1\MMKEYB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Office keyboard utility\1.1\TrayMon.exe
C:\Program Files\Office keyboard utility\1.1\osd.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\speenbrain\Mijn documenten\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.1\OFFICEKB.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [HPCDTray] "C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [system32] C:\WINDOWS\System32\system32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37780.6159259259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12110/CTPID.cab

 

[Bennie]

Geplaatst door xanax
En opstart narigheden ? (vergeten te melden)
Kan je ook messenger ook uitzetten met hijackthis ?

Nog bedankt

De Office Taakbalk kan je uitzetten als je dat wilt (osa.exe). Verder niet zo bijster veel.

Bedoel je met messenger Windows Messenger of MSN Messenger?

Voorkomen dat Windows Messenger wordt uitgevoerd op een computer met Windows XP.

Groetjes,
Bennie

 

[Pieter Arntz]

Geplaatst door speenbrain
hallo Pieter Arntz wil je deze lijst ff na kijken

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\System32\system32.exe

Hoi speenbrain,

Bovenstaande twee aanvinken en op Fix checked klikken.
Start daarna opnieuw op, liefst in veilige modus en verwijder:
C:\WINDOWS\System32\system32.exe

Het beste kun je daarna even een gratis trial downloaden van TrojanHunter of TDS-3 ( http://www.wilders.org/anti_trojans.htm ) en na het updaten je hele systeem scannen.

Groetjes,

Pieter

 

[hawkie]

Had versie 1.81 hijackthis en vond niks bijzonders. Heb nu v.1.96 en schrik me helemaal 3 slagen in de rondte:

hier komt ie:

Logfile of HijackThis v1.96.0
Scan saved at 11:23:47, on 15-8-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMSERV.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MULTIMEDIA HOTKEY PROGRAM\MMKBD.EXE
C:\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\MULTIMEDIA HOTKEY PROGRAM\HCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\DESKCOLOR\DESKCOLOR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPEEDFAN\SPEEDFAN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\ms7531.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O1 - Hosts: 66.159.20.80 www1.ndhosting.com
O1 - Hosts: 66.159.20.80 www3.ndhosting.com
O1 - Hosts: 66.159.20.80 www2.ndhosting.com
O1 - Hosts: 66.159.20.80 www.ndhosting.com
O1 - Hosts: 66.159.20.80 www.kinghost.com
O1 - Hosts: 66.159.20.80 kinghost.com
O1 - Hosts: 66.159.20.80 www1.kinghost.com
O1 - Hosts: 66.159.20.80 www2.kinghost.com
O1 - Hosts: 66.159.20.80 www3.kinghost.com
O1 - Hosts: 66.159.20.80 www4.kinghost.com
O1 - Hosts: 66.159.20.80 www5.kinghost.com
O1 - Hosts: 66.159.20.80 www6.kinghost.com
O1 - Hosts: 66.159.20.80 www7.kinghost.com
O1 - Hosts: 66.159.20.80 www8.kinghost.com
O1 - Hosts: 66.159.20.80 www9.kinghost.com
O1 - Hosts: 66.159.20.80 www10.kinghost.com
O1 - Hosts: 66.159.20.80 www.smutserver.com
O1 - Hosts: 66.159.20.80 smutserver.com
O1 - Hosts: 66.159.20.80 www1.smutserver.com
O1 - Hosts: 66.159.20.80 www2.smutserver.com
O1 - Hosts: 66.159.20.80 www16.smutserver.com
O1 - Hosts: 66.159.20.80 www3.smutserver.com
O1 - Hosts: 66.159.20.80 www4.smutserver.com
O1 - Hosts: 66.159.20.80 www5.smutserver.com
O1 - Hosts: 66.159.20.80 www6.smutserver.com
O1 - Hosts: 66.159.20.80 www7.smutserver.com
O1 - Hosts: 66.159.20.80 www8.smutserver.com
O1 - Hosts: 66.159.20.80 www9.smutserver.com
O1 - Hosts: 66.159.20.80 www10.smutserver.com
O1 - Hosts: 66.159.20.80 www11.smutserver.com
O1 - Hosts: 66.159.20.80 www12.smutserver.com
O1 - Hosts: 66.159.20.80 www13.smutserver.com
O1 - Hosts: 66.159.20.80 www14.smutserver.com
O1 - Hosts: 66.159.20.80 www15.smutserver.com
O1 - Hosts: 66.159.20.80 www17.smutserver.com
O1 - Hosts: 66.159.20.80 www18.smutserver.com
O1 - Hosts: 66.159.20.80 www19.smutserver.com
O1 - Hosts: 66.159.20.80 www20.smutserver.com
O1 - Hosts: 66.159.20.80 www21.smutserver.com
O1 - Hosts: 66.159.20.80 www22.smutserver.com
O1 - Hosts: 66.159.20.80 www23.smutserver.com
O1 - Hosts: 66.159.20.80 www24.smutserver.com
O1 - Hosts: 66.159.20.80 www25.smutserver.com
O1 - Hosts: 66.159.20.80 www26.smutserver.com
O1 - Hosts: 66.159.20.80 www27.smutserver.com
O1 - Hosts: 66.159.20.80 www28.smutserver.com
O1 - Hosts: 66.159.20.80 www29.smutserver.com
O1 - Hosts: 66.159.20.80 www30.smutserver.com
O1 - Hosts: 66.159.20.80 www31.smutserver.com
O1 - Hosts: 66.159.20.80 www32.smutserver.com
O1 - Hosts: 66.159.20.80 agreathost.net
O1 - Hosts: 66.159.20.80 www.agreathost.net
O1 - Hosts: 66.159.20.80 hotfreehost.com
O1 - Hosts: 66.159.20.80 www.hotfreehost.com
O1 - Hosts: 66.159.20.80 greatfreehost.com
O1 - Hosts: 66.159.20.80 www.greatfreehost.com
O1 - Hosts: 66.159.20.80 freesmutpages.com
O1 - Hosts: 66.159.20.80 www.freesmutpages.com
O1 - Hosts: 66.159.20.80 apornhost.com
O1 - Hosts: 66.159.20.80 www.apornhost.com
O1 - Hosts: 66.159.20.80 nasty-pages.com
O1 - Hosts: 66.159.20.80 www.nasty-pages.com
O1 - Hosts: 66.159.20.80 sexyfreehost.com
O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
O1 - Hosts: 66.159.20.80 x4web.com
O1 - Hosts: 66.159.20.80 www.x4web.com
O1 - Hosts: 66.159.20.80 sexplanets.com
O1 - Hosts: 66.159.20.80 www.sexplanets.com
O1 - Hosts: 66.159.20.80 maxismut.com
O1 - Hosts: 66.159.20.80 www.maxismut.com
O1 - Hosts: 66.159.20.80 tgpfriendly.com
O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
O1 - Hosts: 66.159.20.80 tgp-server.com
O1 - Hosts: 66.159.20.80 www.tgp-server.com
O1 - Hosts: 66.159.20.80 magnaplza.com
O1 - Hosts: 66.159.20.80 www.magnaplza.com
O1 - Hosts: 66.159.20.80 free-xxx-server.com
O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
O1 - Hosts: 66.159.20.80 libereco.net
O1 - Hosts: 66.159.20.80 www.libereco.net
O1 - Hosts: 66.159.20.80 0190-dialer.com
O1 - Hosts: 66.159.20.80 www.0190-dialer.com
O1 - Hosts: 66.159.20.80 xxxod.net
O1 - Hosts: 66.159.20.80 www.xxxod.net
O1 - Hosts: 66.159.20.80 altsights.com
O1 - Hosts: 66.159.20.80 www.altsights.com
O1 - Hosts: 66.159.20.80 adulthosting.com
O1 - Hosts: 66.159.20.80 www.adulthosting.com
O1 - Hosts: 66.159.20.80 superhova.com
O1 - Hosts: 66.159.20.80 www.superhova.com
O1 - Hosts: 66.159.20.80 bestpornhost.com
O1 - Hosts: 66.159.20.80 www.bestpornhost.com
O1 - Hosts: 66.159.20.80 hostingfree.com
O1 - Hosts: 66.159.20.80 www.hostingfree.com
O1 - Hosts: 66.159.20.80 xfreehosting.com
O1 - Hosts: 66.159.20.80 www.xfreehosting.com
O1 - Hosts: 66.159.20.80 blinghosting.com
O1 - Hosts: 66.159.20.80 www.blinghosting.com
O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
O1 - Hosts: 66.159.20.80 pornparks.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_NL_1.1.62-DELEON.DLL
O3 - Toolbar: exrdllglcrs - {189210a1-36c2-11d7-9928-444553540000} - C:\WINDOWS\APPLICATION DATA\SSTROALLHQCH.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multimedir KBD] C:\PROGRA~1\MULTIM~1\MMKBD.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-WATCH.EXE /min
O4 - Startup: DeskColor.lnk = C:\Program Files\DeskColor\DeskColor.exe
O4 - Startup: Microsoft Office.lnk = C:\Programma's\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_NL_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_NL_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_NL_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_NL_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: AdShield (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe

Ik wou dat ik wist hoe ik aan die rommel kom?


O ja op het moment dat ik hijack draai krijg ik de volgende mededeling:

You have a particularly large amount of hijacked domains. Its probably better to delete the file itself then to fix each item (and create a backup)
If you see the same IP adress in alle the reported 01 items, consider deleting your Hosts file, which is located at C:\WINDOWS\Hosts

Wat moet ik daar nou weer mee

Overigens, de onnodige opstarters mogen ook weg Pieter.

 

[Pieter Arntz]

Hoi margaNo,

Spyware:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\ms7531.html
R3 - Default URLSearchHook is missing
alles waar O1 voor staat
Maar je kunt ook het bestand C:\WINDOWS\Hosts gewoon verwijderen als er toch niks nuttigs in staat.
O3 - Toolbar: exrdllglcrs - {189210a1-36c2-11d7-9928-444553540000} - C:\WINDOWS\APPLICATION DATA\SSTROALLHQCH.DLL (file missing)

Overbodig (volgens mij):

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: Microsoft Office.lnk = C:\Programma's\Office\OSA9.EXE
O9 - Extra button: AdShield (HKCU)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...1/Installer.exe

Vink je selectie aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op en verwijder:
C:\WINDOWS\SYSTEM\ms7531.html
C:\Programs Files\MS-Connect <= indien aanwezig, de hele map

Groetjes,

Pieter

 

[@temptation]

Mijn log maarweer een keer, ik zie nu met de nieuwe versie dingen staan waar ik vraagtekens bij krijg:

Logfile of HijackThis v1.96.0
Scan saved at 12:50:37, on 15-8-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
J:\GHOST2~1\GHOSTS~2.EXE
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\DllHost.exe
C:\DOCUME~1\Martijn\LOCALS~1\Temp\Rar$EX01.703\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helpmij.nl/forum
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [piiserviceOE] "C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Aanpassen &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: InvulFormulieren &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Sla Formulieren op &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: InvulFormulieren (HKLM)
O9 - Extra 'Tools' menuitem: InvulFormulieren &] (HKLM)
O9 - Extra button: Opslaan (HKLM)
O9 - Extra 'Tools' menuitem: Sla Formulieren op &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk &2 (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O9 - Extra button: AdShield (HKCU)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37831.388587963
O17 - HKLM\System\CCS\Services\Tcpip\..\{8921A25D-8515-458C-A87D-E3DE97A504D7}: NameServer = 62.251.0.6 62.251.0.7

Bedankt:thumb: