Mededeling

Collapse
No announcement yet.

Log van Silvia

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Log van Silvia

    Logfile of HijackThis v1.98.2
    Scan saved at 19:05:56, on 28-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\F-Secure Internet Security\fswsclds.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\IP Insight\ARMon32a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\webHancer\Programs\whSurvey.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\PROGRA~1\Save\Save.exe
    C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
    C:\WINDOWS\system32\ossproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    C:\WINDOWS\accfax.exe
    C:\PROGRA~1\Toolbar\PIB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\System Soap Pro\soap.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\System32\WScript.exe
    C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hotbar\bin\4.5.1.0\HbSrv.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hdqfmpgojwhh.com/Kdx2ULN7mVhsjXW2PMNGN/luh1yRoRZe1ZmkH6RuvJc.jpg
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O1 - Hosts: fferoptimizer.com
    O1 - Hosts: timizer.com
    O1 - Hosts: optimizer.com
    O1 - Hosts: eroptimizer.com
    O1 - Hosts: fferoptimizer.com
    O1 - Hosts: .offeroptimizer.com
    O1 - Hosts: so.offeroptimizer.com
    O1 - Hosts: 127
    O1 - Hosts: adso.offeroptimizer.com
    O1 - Hosts: 12
    O1 - Hosts: 1
    O1 - Hosts: 1
    O1 - Hosts: 1
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
    O2 - BHO: C:\WINDOWS\lbbho.dll - {0A4381C0-001F-4D10-9B9F-39ADB6517437} - C:\WINDOWS\lbbho.dll
    O2 - BHO: (no name) - {34E39622-8865-D962-8312-C24BD2825246} - C:\PROGRA~1\MEETSO~1\Spam 01.exe (file missing)
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\xafcca.dat
    O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\moctnof.dat
    O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
    O2 - BHO: (no name) - {6F206384-15BB-DD3A-D52B-D9AD1657CA8A} - C:\DOCUME~1\SILIVI~1\APPLIC~1\MEETSO~1\Spam 01.exe
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\Program Files\Httper\httper.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
    O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\Program Files\Zipclix\zipclix.dll
    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL (file missing)
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
    O4 - HKLM\..\Run: [The support more base] C:\Documents and Settings\All Users\Application Data\Pop bias the support\AXISROAD.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
    O4 - HKLM\..\Run: [fontcom] C:\WINDOWS\addins\fontcom.exe
    O4 - HKLM\..\Run: [*javacr] C:\WINDOWS\Config\javacr.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [*wave] C:\WINDOWS\Fonts\wave.exe
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [*inetexp] C:\WINDOWS\AppPatch\inetexp.exe
    O4 - HKLM\..\Run: [HOLD FOR THUNK BARB] C:\Documents and Settings\All Users\Application Data\Bows real hold for\TypeGrid.exe
    O4 - HKLM\..\Run: [*apcat] C:\WINDOWS\system32\oobe\apcat.exe
    O4 - HKLM\..\Run: [*unmc] C:\WINDOWS\system\unmc.exe
    O4 - HKLM\..\Run: [*maintapi] C:\WINDOWS\maintapi.exe
    O4 - HKLM\..\Run: [*psacc] C:\WINDOWS\msagent\psacc.exe
    O4 - HKLM\..\Run: [*accfax] C:\WINDOWS\accfax.exe
    O4 - HKLM\..\RunOnce: [*accfax] C:\WINDOWS\accfax.exe rerun
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Holesign] C:\DOCUME~1\SILIVI~1\APPLIC~1\IDOLOP~1\MFCDACID.exe
    O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\system32\bkinst.exe ren time:1098819515
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
    O4 - Global Startup: Search.vbs
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm122
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
    O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://www.mediaswitch.nl/eromedia/launcher.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
    O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
    O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D2426C53-74F2-4D36-BA47-0309D6C0C01B}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

  • #2
    Hoi Silvia, welkom op ASO!

    Je hebt echt afschuwelijk veel rotzooi op je PC staan. Draai eerst Ad Aware en SPybot, zie dit topic voor meer informatie/downloadlinks:
    http://www.nucia.eu/forum/showthread.php?t=12

    Start hierna opnieuw op, maak een nieuw logje aan, en post dat hier.

    Comment


    • #3
      Oke ik heb alles gescand met SPybot en Ad Aware.
      Heb weer een nieuwe log gemaakt,hier komt ie:

      Logfile of HijackThis v1.98.2
      Scan saved at 14:08:26, on 29-10-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
      C:\WINDOWS\System32\CTsvcCDA.EXE
      C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
      C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\F-Secure Internet Security\fswsclds.exe
      C:\Program Files\IP Insight\ARMon32a.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\BearShare\BearShare.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
      C:\Program Files\BearShare\BearShare.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
      C:\WINDOWS\addins\faxinfo.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
      C:\Program Files\System Soap Pro\soap.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qctorrhnouwrrsflsbhcdzmy.us/Kdx2ULN7mVgmUYQwQ8zZEXy_JhQMdeCT6UjS/iNjWC2uzebElIKW9lfBYWDrcyyQ.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hdqfmpgojwhh.com/Kdx2ULN7mVhsjXW2PMNGN/luh1yRoRZe1ZmkH6RuvJc.jpg
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
      O1 - Hosts: fferoptimizer.com
      O1 - Hosts: timizer.com
      O1 - Hosts: optimizer.com
      O1 - Hosts: eroptimizer.com
      O1 - Hosts: fferoptimizer.com
      O1 - Hosts: .offeroptimizer.com
      O1 - Hosts: so.offeroptimizer.com
      O1 - Hosts: 127
      O1 - Hosts: adso.offeroptimizer.com
      O1 - Hosts: 12
      O1 - Hosts: 1
      O1 - Hosts: 1
      O1 - Hosts: 1
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: C:\WINDOWS\lbbho.dll - {0A4381C0-001F-4D10-9B9F-39ADB6517437} - C:\WINDOWS\lbbho.dll
      O2 - BHO: (no name) - {34E39622-8865-D962-8312-C24BD2825246} - C:\PROGRA~1\MEETSO~1\Spam 01.exe (file missing)
      O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\ofnixaf.dat
      O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
      O2 - BHO: (no name) - {6F206384-15BB-DD3A-D52B-D9AD1657CA8A} - C:\DOCUME~1\SILIVI~1\APPLIC~1\MEETSO~1\Spam 01.exe
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
      O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
      O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
      O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
      O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
      O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
      O4 - HKLM\..\Run: [The support more base] C:\Documents and Settings\All Users\Application Data\Pop bias the support\AXISROAD.exe
      O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
      O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
      O4 - HKLM\..\Run: [HOLD FOR THUNK BARB] C:\Documents and Settings\All Users\Application Data\Bows real hold for\TypeGrid.exe
      O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
      O4 - HKLM\..\Run: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe
      O4 - HKLM\..\RunOnce: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe rerun
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
      O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
      O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
      O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
      O4 - HKCU\..\Run: [Holesign] C:\DOCUME~1\SILIVI~1\APPLIC~1\IDOLOP~1\MFCDACID.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\system32\bkinst.exe ren time:1099051658
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm122
      O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Hijacked Internet access by New.Net
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
      O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
      O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
      O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
      O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
      O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D2426C53-74F2-4D36-BA47-0309D6C0C01B}: NameServer = 195.121.1.34 195.121.1.66

      Comment


      • #4
        Hoi Silvia,

        Kun je even opnieuw opstarten, een nieuw logje aanmaken, en dat hier posten? Waarschijnlijk zullen diverse regels daardoor terugkomen, en ik wil graag weten of dat gebeurt, ja of nee

        Comment


        • #5
          Hoi Hans,

          Ik heb gedaan wat je mij gevraagd hebt,ik heb opnieuw opgestart en een nieuwe log gemaakt.

          Logfile of HijackThis v1.98.2
          Scan saved at 14:27:23, on 29-10-2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
          C:\WINDOWS\System32\drivers\CDAC11BA.EXE
          C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
          C:\WINDOWS\System32\CTsvcCDA.EXE
          C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
          C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
          C:\Program Files\F-Secure Internet Security\fswsclds.exe
          C:\Program Files\IP Insight\ARMon32a.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
          C:\WINDOWS\System32\MsPMSPSv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Creative\ShareDLL\CtNotify.exe
          C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
          C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\BearShare\BearShare.exe
          C:\Program Files\Messenger Plus! 3\MsgPlus.exe
          C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
          C:\Program Files\Creative\ShareDLL\MediaDet.Exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\BearShare\BearShare.exe
          C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
          C:\Program Files\System Soap Pro\soap.exe
          c:\progra~1\intern~1\iexplore.exe
          C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
          C:\WINDOWS\addins\faxinfo.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wdjkzdappayknqgc.com/Kdx2ULN7mVgmUYQwQ8zZEXy_JhQMdeCT6UjS/iNjWC2INYxudTzQDVfBYWDrcyyQ.asp
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hdqfmpgojwhh.com/Kdx2ULN7mVhsjXW2PMNGN/luh1yRoRZe1ZmkH6RuvJc.jpg
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
          O1 - Hosts: fferoptimizer.com
          O1 - Hosts: timizer.com
          O1 - Hosts: optimizer.com
          O1 - Hosts: eroptimizer.com
          O1 - Hosts: fferoptimizer.com
          O1 - Hosts: .offeroptimizer.com
          O1 - Hosts: so.offeroptimizer.com
          O1 - Hosts: 127
          O1 - Hosts: adso.offeroptimizer.com
          O1 - Hosts: 12
          O1 - Hosts: 1
          O1 - Hosts: 1
          O1 - Hosts: 1
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: C:\WINDOWS\lbbho.dll - {0A4381C0-001F-4D10-9B9F-39ADB6517437} - C:\WINDOWS\lbbho.dll
          O2 - BHO: (no name) - {34E39622-8865-D962-8312-C24BD2825246} - C:\PROGRA~1\MEETSO~1\Spam 01.exe (file missing)
          O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\ofnixaf.dat
          O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
          O2 - BHO: (no name) - {6F206384-15BB-DD3A-D52B-D9AD1657CA8A} - C:\DOCUME~1\SILIVI~1\APPLIC~1\MEETSO~1\Spam 01.exe
          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
          O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll
          O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
          O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
          O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
          O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
          O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
          O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
          O4 - HKLM\..\Run: [The support more base] C:\Documents and Settings\All Users\Application Data\Pop bias the support\AXISROAD.exe
          O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
          O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
          O4 - HKLM\..\Run: [HOLD FOR THUNK BARB] C:\Documents and Settings\All Users\Application Data\Bows real hold for\TypeGrid.exe
          O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
          O4 - HKLM\..\Run: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe
          O4 - HKLM\..\RunOnce: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe rerun
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
          O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
          O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
          O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
          O4 - HKCU\..\Run: [Holesign] C:\DOCUME~1\SILIVI~1\APPLIC~1\IDOLOP~1\MFCDACID.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\system32\bkinst.exe ren time:1099051658
          O4 - Global Startup: BTTray.lnk = ?
          O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm122
          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Hijacked Internet access by New.Net
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
          O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
          O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
          O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
          O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
          O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
          O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{D2426C53-74F2-4D36-BA47-0309D6C0C01B}: NameServer = 195.121.1.34 195.121.1.66

          Comment


          • #6
            Hoi Silvia,

            Bedankt

            We hebben heel veel dingen te verwijderen, dus doe je best het zo goed mogelijk uit te voeren

            Vooraf: BearShare is een slecht P2P programma, het is beter dat je het verwijderd (komt nog terug in de instructies, maar zonder uitleg waarom het weg moet, dus zet ik dat hier even neer ) Tevens is System Soap Pro een verkeerd programma, ik weet niet of je dit zelf geinstalleerd hebt, maar het moet van je PC af

            1. Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map . Dit in verband met de backups die dit programma maakt

            2. Vink deze aan in HijackThis:

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wdjkzdappayknqgc.com/Kdx2...fBYWDrcyyQ.asp
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hdqfmpgojwhh.com/Kdx2ULN7...ZmkH6RuvJc.jpg
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html

            R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

            O1 - Hosts: fferoptimizer.com
            O1 - Hosts: timizer.com
            O1 - Hosts: optimizer.com
            O1 - Hosts: eroptimizer.com
            O1 - Hosts: fferoptimizer.com
            O1 - Hosts: .offeroptimizer.com
            O1 - Hosts: so.offeroptimizer.com
            O1 - Hosts: 127
            O1 - Hosts: adso.offeroptimizer.com
            O1 - Hosts: 12
            O1 - Hosts: 1
            O1 - Hosts: 1
            O1 - Hosts: 1

            O2 - BHO: C:\WINDOWS\lbbho.dll - {0A4381C0-001F-4D10-9B9F-39ADB6517437} - C:\WINDOWS\lbbho.dll
            O2 - BHO: (no name) - {34E39622-8865-D962-8312-C24BD2825246} - C:\PROGRA~1\MEETSO~1\Spam 01.exe (file missing)
            O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
            O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\ofnixaf.dat
            O2 - BHO: (no name) - {6F206384-15BB-DD3A-D52B-D9AD1657CA8A} - C:\DOCUME~1\SILIVI~1\APPLIC~1\MEETSO~1\Spam 01.exe
            O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\Simpelinternet\Easybar\ToolbarStarter.dll

            O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
            O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
            O4 - HKLM\..\Run: [The support more base] C:\Documents and Settings\All Users\Application Data\Pop bias the support\AXISROAD.exe
            O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
            O4 - HKLM\..\Run: [HOLD FOR THUNK BARB] C:\Documents and Settings\All Users\Application Data\Bows real hold for\TypeGrid.exe
            O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
            O4 - HKLM\..\Run: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe
            O4 - HKLM\..\RunOnce: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe rerun
            O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
            O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\system32\bkinst.exe ren time:1099051658

            O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm122

            O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
            3. Sluit alle andere vensters en browsers, en klik op Fix Checked.

            4. Ga nu naar Start - Configuratiescherm - Software en de-installeer:
            - New.Net (kan er ook staan als "NewDotNet")
            - BearShare
            - System Soap Pro
            - WinTools
            - HotBar/WeatherOnTray
            - SimpelInternet/EasyBar

            5. Start opnieuw op in veilige modus.
            Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

            6. Verwijder, in veilige modus:
            Mappen
            C:\Program Files\MEETSO...
            C:\Program Files\NewDotNet
            C:\Program Files\Simpelinternet
            C:\Documents and Settings\SILIVI~1\Application Data\MEETSO...
            C:\Program Files\Hotbar
            C:\Program Files\System Soap Pro
            C:\Documents and Settings\All Users\Application Data\Pop bias the support
            C:\Program Files\Common Files\WinTools
            C:\Documents and Settings\All Users\Application Data\Bows real hold for

            Bestanden
            C:\WINDOWS\system32\bkinst.exe
            C:\WINDOWS\addins\faxinfo.exe

            7. Start opnieuw op in normale modus.

            8. Draai een volledige scan met Ad Aware en Spybot S&D.

            9. Start opnieuw op, maak een nieuw HijackThis logje, en post dat hier.

            Voor de regels in je logje met een sterretje is een speciale fix nodig, maar ik wil eerst het ergste van je PC afhebben

            Comment


            • #7
              Wanneer je met bovenstaande instructies klaar bent, ook graag het volgende uitvoeren:

              Download VX2Finder hiervandaan:
              http://www.downloads.subratam.org/VX2Finder.exe

              Draai VX2Finder. Klik op de "click to find VX2.BetterInternet" knop. Klik daarna op "Make Log"

              Kopier en plak de inhoud van dit log in een nieuw reply hier

              Comment


              • #8
                Ik heb twee vragen:

                1) Ik kan Wintools,System Soap pro en Hotbar/WeatherOnTray niet vinden in software.
                Dus ik kan die ook niet verwijderen.

                2) Kan ke mij ook uitleggen hoe ik in de veilig modus kom en hoe ik er weer uit kom?
                Deze vraag stel ik omdat een kennis van mij niet meer uit de veilig modus kon komen en daarom haar pc weg moest brengen voor ''reparatie'' en daar heb ik natuurlijk geen zin in.


                BTW mijn pc loopt al sneller als voorheen,dat voordeel heb ik nu dus al!

                Comment


                • #9
                  Als je ze niet kunt vinden hoef je ze ook niet te verwijderen

                  Voor je tweede vraag: http://www.virushelp.nl/veilige_modus.htm

                  Comment


                  • #10
                    Ik kan die mappen niet vinden in de veilige modes.

                    Comment


                    • #11
                      Geen van allen?

                      Comment


                      • #12
                        Nee,misschien doe ik wel iets fout hoor,maar ik heb naar mijn weten alles nagekeken.

                        Comment


                        • #13
                          Vandaag nogmaals geprobeert die mappen te vinden en te verwijderen in een veilige modus,maar weer kom ik die mappen niet vinden en dus ook niet verwijderen.
                          Kan iemand mij misschien een tip geven hoe ik dat wel kan vinden?

                          Groetjes van silvia

                          Comment


                          • #14
                            Vreemd, maar niet onoverkomelijk. Kun je een nieuw HijackThis logje plaatsen s.v.p.?

                            Comment


                            • #15
                              Ook vanavond weer geprobeert die mappen toe zoeken in een veilige modus,weer zonder resultaat helaas,maar ik heb op jou verzoek weer een log gemaakt.
                              Komt ie:

                              Logfile of HijackThis v1.98.2
                              Scan saved at 22:24:31, on 31-10-2004
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
                              C:\WINDOWS\System32\drivers\CDAC11BA.EXE
                              C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
                              C:\WINDOWS\System32\CTsvcCDA.EXE
                              C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
                              C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
                              C:\Program Files\F-Secure Internet Security\fswsclds.exe
                              C:\Program Files\IP Insight\ARMon32a.exe
                              C:\WINDOWS\System32\nvsvc32.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
                              C:\WINDOWS\System32\MsPMSPSv.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\Program Files\Creative\ShareDLL\CtNotify.exe
                              C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
                              C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                              C:\Program Files\Messenger Plus! 3\MsgPlus.exe
                              C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
                              C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
                              C:\Program Files\Creative\ShareDLL\MediaDet.Exe
                              C:\WINDOWS\system32\rundll32.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
                              c:\progra~1\intern~1\iexplore.exe
                              C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
                              C:\WINDOWS\addins\diskvga.exe
                              C:\Program Files\Messenger\msmsgs.exe
                              C:\WINDOWS\Help\starter\runwin.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Program Files\MSN Messenger\msnmsgr.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Hijack This\HijackThis.exe

                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ralljrqwpmprdhk.us/Kdx2ULN7mVgmUYQwQ8zZEXy_JhQMdeCT6UjS/iNjWC2fd5opPGorCFfBYWDrcyyQ.html
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megwqpywfdfqzdug.info/Kdx2ULN7mVhsjXW2PMNGN3WCQus3Ln2q1ZmkH6RuvJc.cgi
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O1 - Hosts: .com
                              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                              O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
                              O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\SILIVI~1\LOCALS~1\Temp\niwnur.dat
                              O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
                              O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
                              O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
                              O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
                              O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
                              O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
                              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
                              O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
                              O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                              O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
                              O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
                              O4 - HKLM\..\Run: [*faxinfo] C:\WINDOWS\addins\faxinfo.exe
                              O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
                              O4 - HKLM\..\RunOnce: [*runwin] C:\WINDOWS\Help\starter\runwin.exe rerun
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
                              O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
                              O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
                              O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                              O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
                              O4 - HKCU\..\Run: [Holesign] C:\DOCUME~1\SILIVI~1\APPLIC~1\IDOLOP~1\MFCDACID.exe
                              O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
                              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                              O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\system32\bkinst.exe ren time:1099129123
                              O4 - Global Startup: BTTray.lnk = ?
                              O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                              O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
                              O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O10 - Hijacked Internet access by New.Net
                              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                              O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
                              O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
                              O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
                              O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
                              O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
                              O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
                              O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
                              O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
                              O17 - HKLM\System\CCS\Services\Tcpip\..\{D2426C53-74F2-4D36-BA47-0309D6C0C01B}: NameServer = 195.121.1.34 195.121.1.66

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X