Ik heb ook last van een steeds terugkerende starpagina die maar niet weg wil blijven. Ik heb adaware se gedownload en geupdate en hijach laten scannen, mijn log is als volgt. Als iemand er zijn deskundige mening over wil geven graag!
alvast bedankt!
log:
Logfile of HijackThis v1.98.2
Scan saved at 5:05:37, on 25-9-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\norton\norton2004\Norton AntiVirus\navapsvc.exe
F:\norton\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\norton\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\norton\norton2004\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
F:\Nero\Incd\InCD.exe
F:\quicktime\qttask.exe
F:\msgplus2.0\MsgPlus.exe
G:\Thrustmapper\TMTMTSR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\hp1200\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\rundll32.exe
G:\hp1200\Digital Imaging\bin\hpotdd01.exe
G:\foto\custom\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\hp1200\Digital Imaging\bin\hpoevm08.exe
G:\hp1200\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\adaware se\Ad-Aware SE Personal\Ad-Aware.exe
F:\Winrar\WinRAR.exe
C:\DOCUME~1\D-van\LOCALS~1\Temp\Rar$EX00.647\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
R3 - URLSearchHook: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O1 - Hosts: 213.222.11.11 auto.search.msn.com
O2 - BHO: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23cc8cde-b390-4b96-8065-37f2fcc4598c} - (no file)
O2 - BHO: Richfind - {34E1751C-D75A-4599-9D39-15E682D83590} - C:\WINDOWS\System32\Q973860.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\norton\norton2004\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {29e1053b-64c3-44d9-98b6-5b602d498372} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\norton\norton2004\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: win32 - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - C:\WINDOWS\Downloaded Program Files\tbuF\win32.dll
O3 - Toolbar: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\richfind.dll
O3 - Toolbar: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O3 - Toolbar: Richfind - {218A2833-30BE-4634-A104-709E98BD2A8F} - C:\WINDOWS\System32\Q973860.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] F:\SBlive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Nero\Incd\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "F:\msgplus2.0\MsgPlus.exe"
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [ThrustTSR] G:\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\norton\norton2004\UrlLstCk.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MessengerPlus2] "F:\msgplus2.0\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Begone] G:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Officexp\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = G:\foto\custom\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Download with Go!Zilla - file://F:\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\Officexp\Office10\EXCEL.EXE/3000
O9 - Extra button: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O9 - Extra button: Richfind - {218A2833-30BE-4634-A104-709E98BD2A8F} - C:\WINDOWS\System32\Q973860.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Yahoo\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Yahoo\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://bad-url.com/start.php?
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/114.chm::/file.exe
O16 - DPF: {11111111-1111-1111-1111-114588010476} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} (win32) - http://searchfind.info/bar/win32.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E5A2678F-DA83-4D2E-BA85-6236E90098FA} (RichFind) - http://searchfind.info/bar/richfind.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = p29311.find-quick.com
O17 - HKLM\Software\..\Telephony: DomainName = p29311.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9CA068-C2BE-44F1-AEEA-F79F772A125A}: Domain = p29311.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9CA068-C2BE-44F1-AEEA-F79F772A125A}: NameServer = 195.241.48.33,195.241.49.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CFF83C4-95D6-4E0F-9ECF-4BA1A89CE6DB}: Domain = p29311.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C52A970-D305-4A9E-B629-8A810A996927}: Domain = p29311.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = p29311.find-quick.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = p29311.find-quick.com
O18 - Filter: text/html - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O18 - Filter: text/plain - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
alvast bedankt!
log:
Logfile of HijackThis v1.98.2
Scan saved at 5:05:37, on 25-9-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\norton\norton2004\Norton AntiVirus\navapsvc.exe
F:\norton\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\norton\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\norton\norton2004\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
F:\Nero\Incd\InCD.exe
F:\quicktime\qttask.exe
F:\msgplus2.0\MsgPlus.exe
G:\Thrustmapper\TMTMTSR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\hp1200\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\rundll32.exe
G:\hp1200\Digital Imaging\bin\hpotdd01.exe
G:\foto\custom\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\hp1200\Digital Imaging\bin\hpoevm08.exe
G:\hp1200\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\adaware se\Ad-Aware SE Personal\Ad-Aware.exe
F:\Winrar\WinRAR.exe
C:\DOCUME~1\D-van\LOCALS~1\Temp\Rar$EX00.647\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.richfind.com/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
R3 - URLSearchHook: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O1 - Hosts: 213.222.11.11 auto.search.msn.com
O2 - BHO: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23cc8cde-b390-4b96-8065-37f2fcc4598c} - (no file)
O2 - BHO: Richfind - {34E1751C-D75A-4599-9D39-15E682D83590} - C:\WINDOWS\System32\Q973860.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\norton\norton2004\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {29e1053b-64c3-44d9-98b6-5b602d498372} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\norton\norton2004\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: win32 - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - C:\WINDOWS\Downloaded Program Files\tbuF\win32.dll
O3 - Toolbar: RichFind - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - C:\WINDOWS\richfind.dll
O3 - Toolbar: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O3 - Toolbar: Richfind - {218A2833-30BE-4634-A104-709E98BD2A8F} - C:\WINDOWS\System32\Q973860.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] F:\SBlive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Nero\Incd\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "F:\msgplus2.0\MsgPlus.exe"
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [ThrustTSR] G:\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\norton\norton2004\UrlLstCk.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MessengerPlus2] "F:\msgplus2.0\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Begone] G:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Officexp\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = G:\foto\custom\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Download with Go!Zilla - file://F:\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\Officexp\Office10\EXCEL.EXE/3000
O9 - Extra button: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O9 - Extra button: Richfind - {218A2833-30BE-4634-A104-709E98BD2A8F} - C:\WINDOWS\System32\Q973860.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Yahoo\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Yahoo\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://bad-url.com/start.php?
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/114.chm::/file.exe
O16 - DPF: {11111111-1111-1111-1111-114588010476} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} (win32) - http://searchfind.info/bar/win32.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E5A2678F-DA83-4D2E-BA85-6236E90098FA} (RichFind) - http://searchfind.info/bar/richfind.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = p29311.find-quick.com
O17 - HKLM\Software\..\Telephony: DomainName = p29311.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9CA068-C2BE-44F1-AEEA-F79F772A125A}: Domain = p29311.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C9CA068-C2BE-44F1-AEEA-F79F772A125A}: NameServer = 195.241.48.33,195.241.49.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CFF83C4-95D6-4E0F-9ECF-4BA1A89CE6DB}: Domain = p29311.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C52A970-D305-4A9E-B629-8A810A996927}: Domain = p29311.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = p29311.find-quick.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = p29311.find-quick.com
O18 - Filter: text/html - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll
O18 - Filter: text/plain - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\Q973860.dll