www.slotch.com

Status
Niet open voor verdere reacties.
W

worstelaar

Gebruiker
Lid geworden
18 sep 2002
Berichten
116
Hallo,

Weet iemand hoe ik van die vervelende balk in Internet Explorer af kan komen.
Die heeft zich automatisch geinstalleerd tijdens het downloden van een serial.

Het gaat om een adresbalk van slotch.com

Grtz
Worstelaar
 
Download HijackThis. Uitleg en link vind je hier: <http://www.tomcoyote.org/hjt/>
Unzip en run het. Klik op Scan > Save log en sla het log op als een .txt bestand.
Kopieer en plak de inhoud in je volgende post.

Groetjes,
Bennie
 
Bennie,

Ik heb de volgende log opgeslagen

Logfile of HijackThis v1.94.0
Scan saved at 23:31:54, on 21-5-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=128524
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.nl/Default.asp?Ath=f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://L31144.saoe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: microsoft tcp/ip for windows.
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - (no file)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVDQISAOY] C:\WINDOWS\LVDQISAOY.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://download.nocreditcard.com/download/Object/ieaccess2XP.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37521.1073726852
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATMeeting.dll
O16 - DPF: {C87158C1-3C5B-4EE4-B87F-3457C83BC4CE} - http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Grtz
Worstelaar
 
Goeie hemel!!! Sluit browser en vink de volgende zaken in HijackThis en laat ze verwijderen:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://L31144.saoe.com/searchbar.html
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - (no file)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [LVDQISAOY] C:\WINDOWS\LVDQISAOY.exe
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
http://download.nocreditcard.com/do...ieaccess2XP.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} -
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Start PC daarna opnieuw op. Post nogmaals een log. Mogelijk heb ik nog wat over het hoofd gezien.
:confused:

Groetjes,
Bennie
 
Bennie,

Ik heb gedaan wat je schreef.
Dit is de nieuwe log.

Logfile of HijackThis v1.94.0
Scan saved at 23:31:54, on 21-5-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=128524
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.nl/Default.asp?Ath=f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://L31144.saoe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: microsoft tcp/ip for windows.
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - (no file)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVDQISAOY] C:\WINDOWS\LVDQISAOY.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://download.nocreditcard.com/download/Object/ieaccess2XP.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37521.1073726852
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATMeeting.dll
O16 - DPF: {C87158C1-3C5B-4EE4-B87F-3457C83BC4CE} - http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Grtz
Worstelaar
 
Ik vrees dat we maar weinig zijn opgeschoten:confused:

Vink de volgende zaken aan:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=128524
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://L31144.saoe.com/searchbar.html
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - (no file)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [LVDQISAOY] C:\WINDOWS\LVDQISAOY.exe
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://download.nocreditcard.com/do...ieaccess2XP.cab
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATMeeting.dll

Na het weghalen door Hijackthis, PC opnieuw opstarten. Doe daarna het volgende. Download Spybot:
http://security.kolla.de/index.php?lang=en&page=download

Eerst helemaal updaten. Daarna laten scannen op Spyware en de Spyware verwijderen. Start daarna opnieuw op. Post opnieuw een log.

Groetjes,
Bennie
 
Bennie,

Een volgende log,
Zijn we er wat mee opgeschoten?

Logfile of HijackThis v1.94.0
Scan saved at 10:32:45, on 24-5-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: microsoft tcp/ip for windows.
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37521.1073726852
O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATMeeting.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Grtz
Worstelaar
 
Yes, het gaat de goede kant op:D

Haal nog de volgende weg:

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKCU\..\Run: [AutoUpdater]C:\WINDOWS\System32\aupdate.exe

Wat die laatste betreft, kijk je hier:
http://www.doxdesk.com/parasite/ISTbar.html

Zoals je ziet, zie je daar ook de beruchte "slotch.com" tussenstaan. Mochten die regels met 04 terugkomen, verwijder ze dan handmatig volgens bovenstaande link.

Kijk verder (als tip) ook naar deze thread.

Groetjes,
Bennie
 
Haal ook deze weg:

O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch

Verwijder na het opnieuw opstarten de rb32 of RapidBlaster map omdat die O4 (rb32) anders inderdaad terugkomt. Het kan zijn dat je dit in veilige modus moet doen.

Groetjes,

Pieter
 
Als dat mogelijk is zou ik graag deze dll van je willen hebben: C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

Mijn e-mail adres heb ik in PB gestuurd.

Groetjes,

Pieter
 
Bennie en Pieter,

Dit is de laatste log, ik denk dat we aardig zijn opgeschoten?

Is er ook een goede manier om deze rotzooi buiten de deur te houden?

Logfile of HijackThis v1.94.0
Scan saved at 21:49:56, on 26-5-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.nl/Default.asp?Ath=f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: microsoft tcp/ip for windows.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37521.1073726852
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATMeeting.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab


Pieter,
heb ik dat goed begrepen dat jij een dll file vraagt
stuur mij dan even een mailadres


Grtz
Worstelaar
 
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {C7635AD8-A41A-4926-8C40-12F2DD6FEDDF} (NATMeeting Class) - file://C:\DOCUME~1\WOUTGE~1\LOCALS~1\Temp\NATMeeting.dll


Post daarna een nieuwe log, want als bepaalde zaken terugkeren, is er meer aan de hand.

Pieter heeft je een privé bericht gestuurd met zijn e-mailadres. Check.

Je kunt ook Spywareblaster installeren:
http://www.javacoolsoftware.com/spywareblaster.html

Regelmatig updaten. Let op: de lijst die je ziet is geen Spyware op je PC, maar beschermt je tegen die Spyware.

Groetjes,
Bennie
 
Geplaatst door worstelaar

Pieter,
heb ik dat goed begrepen dat jij een dll file vraagt
stuur mij dan even een mailadres
Klik om te vergroten...

Hoi,

Dat hoeft al niet meer. Kleinkramer had hem al. ;)

Verwijder nadat je Bennies instructies hebt uitgevoerd en opnieuw bent opgestart ook deze map:
C:\Program Files\ISTsvc

Groetjes,

Pieter
 
Bennie,

Ik heb gedaan wat je zei, en volgens mij is nu alles weg.

Logfile of HijackThis v1.94.0
Scan saved at 22:14:19, on 26-5-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.nl/Default.asp?Ath=f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: microsoft tcp/ip for windows.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37521.1073726852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab


Ik hoop dat het nu goed is, en wil jullie beiden
bedanken voor jullie hulp.

Groeten
Worstelaar
 
Het heeft even geduurd, maar je inspanningen worden beloond.

De enige die nog weg kan is:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

Voor de rest:

:thumb: :thumb: :thumb:

Er zit nog wel het een en ander tussen dat niet automatisch met Windows opgestart hoeft te worden. Scheelt weer (geheugen)resources. Kijk hier:
http://www.pacs-portal.co.uk/startup_index.htm

Groetjes,
Bennie
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan