Vraag & Antwoord

Beveiliging & privacy

HiJack verzoek

13 antwoorden
  • Hallo, Zou iemand zo vriendelijk willen zijn de HiJacklog te checken. Volgens mij zit ie vol met zooi. Bij voorbaat dabk. Zabadak Logfile of HijackThis v1.99.0 Scan saved at 11:27:22, on 13-2-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files\ISTsvc\istsvc.exe D:\WINDOWS\dumdrlco.exe D:\Program Files\Internet Optimizer\optimize.exe D:\Program Files\Web_Rebates\WebRebates0.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe D:\PROGRA~1\mcafee.com\agent\mcagent.exe D:\Program Files\Windows AdStatus\WinStat.exe D:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\?ttrib.exe D:\Documents and Settings\ThugBunny\Application Data\asan.exe D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe D:\Program Files\Windows AdStatus\WinStatKeep.exe D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\PROGRA~1\COMMON~1\qrrk\qrrka.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Web_Rebates\WebRebates1.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Network Associates\VirusScan\VsStat.exe D:\Program Files\Network Associates\VirusScan\Vshwin32.exe D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe D:\Program Files\Network Associates\VirusScan\Avconsol.exe D:\Program Files\Network Associates\VirusScan\Webscanx.exe C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 143 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lookfor.cc?pin=28129 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing) O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe" O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [exwdkp] D:\WINDOWS\exwdkp.exe O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [navapp] D:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe O4 - HKCU\..\Run: [qrrk] D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind13.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.124.130 (HKLM) O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gpa.exe O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://008i.com/pic//28129.chm::/open.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • Eerst maar eens scannen met Ad-aware en Spybot S&D of [url=www.hitmanpro.nl]hitmanpro[/url] Daarna een nieuw log posten. Sjaak
  • Hallo, dank voor je reactie. Ad Aware is al een paar maal gedraaid, met recentste list. Er blijken echter een 6 tal spywaretaken niet verwijderbaar. Maar ik zal nog eens een extra herstart maken en daarna nog eens AdAware draaien zabadak
  • Na herstarts blijft AdAware 7 taken steeds opnieuw vinden. Inmiddels heb ik in HiJackThis een aantal zaken verwijderd, zoals die Trusted zone items en die minibar search items. maar hij zet er spontaan weer een aantal terug. Ik kan inmiddels wel weer via de "besmette" PC fatsoenlijk op dit Forum komen Ik hoop dat iemand met een betere deskundigheid dan de mijne mij verder kan helpen. Dit is een nieuwe Log, Bij voorbaat dank, Zabadak Logfile of HijackThis v1.99.0 Scan saved at 13:15:18, on 13-2-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe D:\WINDOWS\dumdrlco.exe D:\PROGRA~1\mcafee.com\agent\mcagent.exe D:\Program Files\Windows AdStatus\WinStat.exe D:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe D:\Program Files\Windows AdStatus\WinStatKeep.exe D:\Program Files\Web_Rebates\WebRebates0.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files\ISTsvc\istsvc.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\?ttrib.exe D:\Documents and Settings\ThugBunny\Application Data\asan.exe D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe D:\PROGRA~1\COMMON~1\qrrk\qrrka.exe D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Network Associates\VirusScan\VsStat.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Network Associates\VirusScan\Vshwin32.exe D:\Program Files\Network Associates\VirusScan\Avconsol.exe D:\Program Files\Network Associates\VirusScan\Webscanx.exe D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe D:\Program Files\Web_Rebates\WebRebates1.exe D:\Program Files\Internet Explorer\iexplore.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing) O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe" O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [navapp] D:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe O4 - HKCU\..\Run: [qrrk] D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind13.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • kijk eens bij software installeren deinstalleren of er new.net of newdot.net staat zo ja deinstalleren
  • Hallo, Nee Hij staat niet bij de software, maar ik heb m nu wel weggevinkt bij MSconfig/opstarten. Hier is weer een nieuwe log, Zabadak Logfile of HijackThis v1.99.0 Scan saved at 13:48:07, on 13-2-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe D:\WINDOWS\dumdrlco.exe D:\PROGRA~1\mcafee.com\agent\mcagent.exe D:\Program Files\Windows AdStatus\WinStat.exe D:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe D:\Program Files\ISTsvc\istsvc.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\?ttrib.exe D:\Documents and Settings\ThugBunny\Application Data\asan.exe D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe D:\Program Files\Windows AdStatus\WinStatKeep.exe D:\PROGRA~1\COMMON~1\qrrk\qrrka.exe D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Network Associates\VirusScan\VsStat.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Network Associates\VirusScan\Vshwin32.exe D:\Program Files\Network Associates\VirusScan\Avconsol.exe D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe D:\Program Files\Network Associates\VirusScan\Webscanx.exe D:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing) O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe" O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [navapp] D:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe O4 - HKCU\..\Run: [qrrk] D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind13.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • Sluit alle vensters behalve Hijackthis. Fix de volgende items: [b:bc9547e4ba]O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing) O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing) O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37 O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab [/b:bc9547e4ba] Herstart de computer en verwijder de volgende directories/bestanden. Zorg ervoor dat je besturingssysteembestanden en verborgenbestanden kunt zien. D:\WINDOWS\nem220.dll D:\WINDOWS\ALL USERS\APPLICATION DATA\SETUP\ D:\DOCUMENTS AND SETTINGS\ALLUSERS\APPLICATION DATA\Setup\ D:\Program Files\Common Files\Hyperbar\ D:\PROGRAM FILES\SIDEFIND\ D:\Program Files\NavExcel\ D:\Program Files\NavExcel Search Toolbar\ D:\PROGRAM FILES\DASHBAR\ D:\Program Files\NewDotNet\ D:\Documents and Settings\ThugBunny\Application Data\asan.exe En post een nieuw log Sjaak
  • Alles uitgevoerd, Ik werd verwezen door HiJack naar Spybot. Deze ook gedraaid en alles laten ruimen. Ik werd ook verwezen naar http://www.cexx.org/lspfix.htm en dat exe proggie gedraaid. Maar die New.Dot.Net blijft erin. Veilige modus geprobeerd. Starten op een ouwe ME flop geprobeerd: Dit lukte ook niet want dan wordt de directory (onder DOS) niet gevonden (schijf te groot? 20 Gig?) Ik ga dus als laatste de HD eruit halen en als extra schijf in een ander XP systeem hangen zodat ik wel die NewDot dirctory kan verwijdren en dan vooral die "newdotnet6_38.dll"die erin zit. Maar is de rest nu onder controle? Zabadak Logfile of HijackThis v1.99.0 Scan saved at 17:17:44, on 13-2-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe D:\PROGRA~1\mcafee.com\agent\mcagent.exe D:\Program Files\Windows AdStatus\WinStat.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows AdStatus\WinStatKeep.exe D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Network Associates\VirusScan\VsStat.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Network Associates\VirusScan\Vshwin32.exe D:\Program Files\Network Associates\VirusScan\Avconsol.exe D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe D:\Program Files\Network Associates\VirusScan\Webscanx.exe D:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing) O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~2\SDHelper.dll O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe" O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • Heb je al geprobeerd NewDotNet te verwijderen? Start - Configuratiescherm - Software Die newdotnet6_38.dll zou je ook kunnen verwijderen met Hijackthis. Onder Misc Tools section kiezen voor de optie Delete a file on reboot. Daarna alsnog proberen om de items in Hijackthis te fixen en directory verwijderen. D:\Program Files\NewDotNet\ Volgende moeten ook nog worden gefixed [b:a44523d6bc]R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing) O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\Program Files\Common Files\Hyperbar\ en volgende verwijderen: D:\Program Files\Common Files\Hyperbar\ D:\PROGRAM FILES\SEARCHRELEVANCY\ Sjaak[/b:a44523d6bc]
  • NewDotNet kon ook niet worden verwijderd via HiJack remove at reboot. Ik heb het wel opgelost gekregen doordat ik bestanden ging zoeken die waren aangemaakt op dezelfde datum als die dll, daarna sorteren op tijdstip en toen zag in in de D:\windows directory het bestand: NDNuninstall6_38.exe. De naam van dat bestand kon geen toeval zijn en ik heb m gestart warna de boel keurig uninstalde. Vreemd dat ik dit niet in de softwarelijst tegenkwam. De andere items zijn ook gewist via verkenner, waarbij Hyperbar niet in de "ProgramFiles" zat maar 3x in "DocumentsAndSettings". Het enige wat ik nu nog niet weg krijg zijn die "trusted zone" items. Zijn dit nu de laatste rariteiten in de log? Zabadak Logfile of HijackThis v1.99.0 Scan saved at 18:46:43, on 13-2-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Windows AdStatus\WinStat.exe D:\PROGRA~1\mcafee.com\agent\McAgent.exe D:\Program Files\Windows AdStatus\WinStatKeep.exe D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Network Associates\VirusScan\VsStat.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Network Associates\VirusScan\Vshwin32.exe D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe D:\Program Files\Network Associates\VirusScan\Avconsol.exe D:\Program Files\Network Associates\VirusScan\Webscanx.exe D:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~2\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\McAgent.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • Om die O15 te verwijderen, het volgende uitvoeren. Open Registry Editor. Click Start - Uitvoeren, type REGEDIT gevolgd door enter. ga naar: HKEY_CURRENT_USER>Software>Microsoft> Windows>CurrentVersion>Internet Settings> ZoneMap>Domains in het linker panel, right-click op de volgende registery sleutels, en kies voor Delete (een key tegelijk): *.frame.crazywinnings.com frame.crazywinnings.com *.crazywinnings.com crazywinnings.com *.static.topconverting.com static.topconverting.com *.topconverting.com topconverting.com Sluit Regedit. Met Hijackthis het volgende item nog fixen: [b:14946840bc]O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe [/b:14946840bc] en de volgende directory na een reboot verwijderen: D:\Program Files\Windows AdStatus\WinStat.exe Sjaak
  • Deze laatste punten doe ik morgenavond. De gehele zondag hiermee bezig geweest. Computeren blijft een tijdrovende hobby... Ik wil jullie hartelijk danken voor de hulp. what would I be without you... Thanx! zabbie
  • Als ik mag... Om die O15 sleutels te fixen: Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: fix.reg Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:e6edf3e027] REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com] "*"=dword:00000004 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com] "*"=dword:00000004 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com] "*"=dword:00000004 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com] "*"=dword:00000004 [/code:1:e6edf3e027] Dubbelklik klik op de fix.reg file en laat de wijzigingen aan het register toevoegen. Ze zitten ook onder hklm... :wink:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.