Vraag & Antwoord

Beveiliging & privacy

Computer is prooi van hacker, zie hijack log.

12 antwoorden
  • L.S. Sinds vorige week is mijn eigen beveiligde router niet meer te bereiken ik wordt steeds aan een onbeveiligde router geplugd. Ik kan geen beveiligde sites op internet meer bereiken, zoals Bank etc. Mijn muis beweegt slecht, batterijen reeds vervangen. Ik heb een 3 Ghz computer met Windows XP, Antivirus programma van Trust, Modem/Router Speedtouch van KPN/Hetnet. Na het draaien van Hitman Pro, kwam er een geel waarschuwingsdriehoekje op het scherm met een zwart uitroepteken en de opmerking dat internet beperkt bereikbaar is. Vervolgens mijn abonnement Surfen en Bellen bij KPN geactiveerd. Ook het terugzetten naar een eerdere datum van mijn register wordt niet door het systeem geaccepteerd. Met mijn zakelijke Laptop maak ik zo verbinding met mijn eigen beveiligde Router/Modem. Ik kan niet meer draadloos op internet, maar wel vai Wlan Welke expert wil naar mijn Hijack Log kijken Logfile of HijackThis v1.99.1 Scan saved at 21:41:57, on 3-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe C:\WINDOWS\System32\svchost.exe d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\system32\VNICMon.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\DitExp.exe D:\Program Files\Photo Explorer8.0\Monitor.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ScanWizard 5\ScannerFinder.exe C:\WINDOWS\system32\wuauclt.exe D:\wincmd\WINCMD32.EXE C:\WINDOWS\System32\svchost.exe D:\Program Files\SpeedTouch6530E9\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [SSC Service Utility] D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] D:\Program Files\Photo Explorer8.0\Monitor.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Wat moet ik doen????? Alvast bedank voor jullie advies :roll: :roll:
  • Is U daar nog ?
  • Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php of hier http://cexx.org/LSPFix.exe voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net. Start het programma. Plaats een vinkje bij I know what I am doing. Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: newdotnet7_48.dll (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!) Klik op Finish en start de computer opnieuw. Optie 1: De-installeer via software (indien aanwezig): NewDotNet New.Net New.net Domains New.net Application Optie 2: Dubbelklik op Deze Computer Dubbelklik op C:/ Dubbelklik op de Program Files map Zoek de NewDotNet map op en dubbelklik erop. Zoek naar het bestand "uninstall6_72.exe". Dubbelklik hierop. Start opnieuw op wanneer dit gevraagd wordt. Optie 3: Dubbelklik op Deze Computer Dubbelklik op de C: drive Dubbelklik op de Windows/Winnt map Zoek naar en dubbelklik op het uninstall-bestand, het wordt “NDNuninstall6_72.exe” genoemd. Optie 4: Lukt dit niet, ga dan hier naar toe (alleen in het uiterste geval): http://www.newdotnet.com/removal.html, en voer procedure 4 uit. Na het un-installen van New.Net de pc herstarten.
  • Mogge justerr, Ik ben weer wat verder. Bij het scannen van mijn poorten (vai programma op Internet) kwam ik er achter dat een aantal overgenomen is door R.AT. bijv. spynet, gift enz. Bij het stoppen van de processen via de poorten, werd de computer automatisch afgesloten en opnieuw opgestart. De programma's (Trojans) die de hackers gebruiken worden niet herkend door Adware, Spy... etc. Wat staat mij nu te doen? :cry: :cry:
  • Ik zeg niet direct dat het onzin is, ik heb daar alleen nog niet van gehoord. Wel inzake rootkits die onzichtbaar zouden zijn. Eens kijken of we zo al wat wijzer worden. Wil je even alleen doen wat ik vraag aub, verder niet in paniek raken want daar zie ik iig geen reden toe. Download [url=http://download.bleepingcomputer.com/sUBs/combofix.exe][b:4398e9b0be]Combofix[/b:4398e9b0be][/url] naar je Bureaublad.[list:4398e9b0be] Dubbelklik [b:4398e9b0be]Combofix.exe[/b:4398e9b0be] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:4398e9b0be]NIET[/b:4398e9b0be] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4398e9b0be] Wanneer de fix voltooid is en na herstart, zal de log [b:4398e9b0be]combofix.txt[/b:4398e9b0be] openen. [i:4398e9b0be]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4398e9b0be] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Hallo Juisterr, Hier volgen Hijacklog en combofixlog. Ik wacht met spanning. :o :o Logfile of HijackThis v1.99.1 Scan saved at 18:22:49, on 9-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\system32\VNICMon.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\WINDOWS\DitExp.exe D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\Program Files\Photo Explorer8.0\Monitor.exe D:\Program Files\SPYWAREfighter\spftray.exe D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ScanWizard 5\ScannerFinder.exe d:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe D:\Program Files\SPYWAREfighter\spfprc.exe D:\Program Files\Port Explorer\PortExplorer.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe D:\wincmd\WINCMD32.EXE D:\Program Files\SpeedTouch6530E9\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [SSC Service Utility] "D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] "D:\Program Files\Photo Explorer8.0\Monitor.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [spywarefighterguard] "D:\Program Files\SPYWAREfighter\spftray.exe" O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LNSS Status Monitor.lnk = D:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -------------------------------------------------------------------------------- Wim - 07-01-09 18:27:04.03 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Wim\Bureaublad" ((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 )))))))))))))))))))))))))))))))))) 2007-01-09 18:06 <DIR> d-------- C:\Program Files\Windows Defender 2007-01-09 18:03 <DIR> d-------- C:\WINDOWS\LastGood 2007-01-08 22:15 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-01-08 22:15 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-01-08 22:15 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-01-08 22:15 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-01-08 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-01-08 21:39 <DIR> d-------- C:\Program Files\Common Files\Application 2007-01-07 22:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-01-07 21:59 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Uniblue 2007-01-07 21:35 40,960 --------- C:\WINDOWS\system32\dcsws2.dll 2007-01-04 21:22 <DIR> d-------- C:\Program Files\InterMute 2007-01-04 20:16 <DIR> d-------- C:\WINDOWS\WBEM 2007-01-04 20:16 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2007-01-04 20:14 <DIR> d--h-c--- C:\WINDOWS\ie7 2007-01-04 20:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2007-01-04 20:12 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-01-02 18:25 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-01-02 18:25 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Webroot 2006-12-29 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com 2006-12-09 16:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2006-12-09 16:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-09 17:47 -------- d-------- C:\Documents and Settings\Wim\Application Data\AdobeUM 2007-01-08 21:39 -------- d-a------ C:\Program Files\Common Files 2007-01-05 19:33 8146 --a------ C:\Documents and Settings\Wim\Application Data\wklnhst.dat 2007-01-04 20:18 -------- d-------- C:\Program Files\Outlook Express 2007-01-04 20:18 -------- d-------- C:\Program Files\Internet Explorer 2007-01-04 20:18 -------- d-------- C:\Program Files\Common Files\System 2007-01-04 19:24 -------- d-------- C:\Program Files\Java 2007-01-03 22:42 -------- d-------- C:\Program Files\Eset 2007-01-02 18:33 -------- d-------- C:\Program Files\Windows Media Player 2007-01-02 18:32 -------- d--h----- C:\Program Files\InstallShield Installation Information 2007-01-02 18:25 -------- d-------- C:\Program Files\Spybot - Search & Destroy 2007-01-02 18:25 -------- d-------- C:\Documents and Settings\Wim\Application Data\Lavasoft 2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-28 22:01 -------- d-------- C:\Program Files\AnfyTeam 2006-11-27 19:26 -------- d-------- C:\Documents and Settings\Wim\Application Data\Help 2006-11-21 17:59 -------- d-------- C:\Program Files\MSXML 4.0 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --------- C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --------- C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --------- C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --------- C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-23 16:19 662016 --a------ C:\WINDOWS\system32\wininet(4)(3).dll 2006-10-23 16:19 615424 --a------ C:\WINDOWS\system32\urlmon(4)(3).dll 2006-10-23 16:19 474624 --a------ C:\WINDOWS\system32\shlwapi(4)(3).dll 2006-10-23 16:19 1494528 --a------ C:\WINDOWS\system32\shdocvw(2)(3).dll 2006-10-20 02:39 714752 --a------ C:\WINDOWS\system32\sxs(4)(3).dll 2006-10-20 02:39 714752 --------- C:\WINDOWS\system32\sxs.dll 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-13 13:41 144384 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "Dit"="Dit.exe" "PRISMSTA.EXE"="\"PRISMSTA.EXE\" START" "NIC Monitor"="VNICMon.exe" "REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN" "Realtime Monitor"="\"C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe\" -s" "MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\"" "PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\"" "SSC Service Utility"="\"D:\\Digital Revolution Tool\\Digital Revolution Tool\\drtool.exe\" /s" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "Ulead AutoDetector"="\"D:\\Program Files\\Photo Explorer8.0\\Monitor.exe\"" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" "spywarefighterguard"="\"D:\\Program Files\\SPYWAREfighter\\spftray.exe\"" @="" "SpySweeper"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Exif Launcher.lnk" "backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe " "item"="Exif Launcher" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk" "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SCANPA~2\\ScnPanel.exe " "item"="ScanPanel" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Wim.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job Completion time: 07-01-09 18:28:17.79 C:\ComboFix.txt ... 07-01-09 18:28 C:\ComboFix2.txt ... 07-01-09 17:49 C:\ComboFix3.txt ... 07-01-05 19:40 C:\ComboFix40107.txt ... 07-01-09 17:50 Wat staat mij te doen? Alvast bedankt
  • Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net. [b:dd6525f421]Optie 1: [/b:dd6525f421] De-installeer via software (indien aanwezig): NewDotNet New.Net New.net Domains New.net Application [b:dd6525f421]Optie 2: [/b:dd6525f421] Dubbelklik op Deze Computer Dubbelklik op C:/ Dubbelklik op de Program Files map Zoek de NewDotNet map op en dubbelklik erop. Zoek naar het bestand "uninstall7_48.exe". Dubbelklik hierop. Start opnieuw op wanneer dit gevraagd wordt. [b:dd6525f421]Optie 3: [/b:dd6525f421] Dubbelklik op Deze Computer Dubbelklik op de C: drive Dubbelklik op de Windows/Winnt map Zoek naar en dubbelklik op het uninstall-bestand, het wordt “[b:dd6525f421]uninstallX_XX.exe[/b:dd6525f421] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.” genoemd. [b:dd6525f421]Optie 4: [/b:dd6525f421] Lukt dit niet, ga dan hier naar toe (alleen in het uiterste geval): http://www.newdotnet.com/removal.html, en voer procedure 4 uit. Na het un-installen van New.Net de pc herstarten.
  • Hallo Juisterr, Nu kom ik helemaal niet meer op internet. Dit bericht stuur ik met een andere computer. Door Microsoft Defender is NewDotNet verwijderd. Hieronder volgen mijn Hijacklog en combofixlog. Beide zijn niet via de veilige modus opgesteld. Ik hoop dat je mij kunt helpen. Logfile of HijackThis v1.99.1 Scan saved at 13:24:12, on 13-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\system32\VNICMon.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe C:\WINDOWS\DitExp.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\Program Files\Photo Explorer8.0\Monitor.exe D:\Program Files\SPYWAREfighter\spftray.exe D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ScanWizard 5\ScannerFinder.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe D:\Program Files\SPYWAREfighter\spfprc.exe d:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE C:\WINDOWS\System32\svchost.exe D:\Program Files\SpeedTouch6530E9\HijackThis.exe D:\wincmd\WINCMD32.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [SSC Service Utility] "D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] "D:\Program Files\Photo Explorer8.0\Monitor.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [spywarefighterguard] "D:\Program Files\SPYWAREfighter\spftray.exe" O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LNSS Status Monitor.lnk = D:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe en mijn combofixlog Wim - 07-01-13 13:51:07.71 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Wim\Bureaublad" ((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-13 12:17 -------- d-------- C:\Documents and Settings\Wim\Application Data\AdobeUM 2007-01-13 11:42 -------- d-------- C:\Program Files\Common Files\Adobe 2007-01-08 21:39 -------- d-a------ C:\Program Files\Common Files 2007-01-05 19:33 8146 --a------ C:\Documents and Settings\Wim\Application Data\wklnhst.dat 2007-01-04 20:18 -------- d-------- C:\Program Files\Outlook Express 2007-01-04 20:18 -------- d-------- C:\Program Files\Internet Explorer 2007-01-04 20:18 -------- d-------- C:\Program Files\Common Files\System 2007-01-04 19:24 -------- d-------- C:\Program Files\Java 2007-01-03 22:42 -------- d-------- C:\Program Files\Eset 2007-01-02 18:33 -------- d-------- C:\Program Files\Windows Media Player 2007-01-02 18:33 -------- d-------- C:\Program Files\Windows Media Connect 2 2007-01-02 18:32 -------- d--h----- C:\Program Files\InstallShield Installation Information 2007-01-02 18:25 -------- d-------- C:\Program Files\Spybot - Search & Destroy 2007-01-02 18:25 -------- d-------- C:\Documents and Settings\Wim\Application Data\Lavasoft 2006-12-07 07:40 2362184 --------- C:\WINDOWS\system32\wmvcore.dll 2006-11-28 22:01 -------- d-------- C:\Program Files\AnfyTeam 2006-11-27 19:26 -------- d-------- C:\Documents and Settings\Wim\Application Data\Help 2006-11-21 17:59 -------- d-------- C:\Program Files\MSXML 4.0 2006-11-08 06:07 679424 --------- C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --------- C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --------- C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --------- C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --------- C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-23 16:19 662016 --a------ C:\WINDOWS\system32\wininet(4)(3).dll 2006-10-23 16:19 615424 --a------ C:\WINDOWS\system32\urlmon(4)(3).dll 2006-10-23 16:19 474624 --a------ C:\WINDOWS\system32\shlwapi(4)(3).dll 2006-10-23 16:19 1494528 --a------ C:\WINDOWS\system32\shdocvw(2)(3).dll 2006-10-20 02:39 714752 --a------ C:\WINDOWS\system32\sxs(4)(3).dll 2006-10-20 02:39 714752 --------- C:\WINDOWS\system32\sxs.dll 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --------- C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-13 13:41 144384 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "Dit"="Dit.exe" "PRISMSTA.EXE"="\"PRISMSTA.EXE\" START" "NIC Monitor"="VNICMon.exe" "REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN" "Realtime Monitor"="\"C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe\" -s" "MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\"" "PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\"" "SSC Service Utility"="\"D:\\Digital Revolution Tool\\Digital Revolution Tool\\drtool.exe\" /s" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "Ulead AutoDetector"="\"D:\\Program Files\\Photo Explorer8.0\\Monitor.exe\"" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" "spywarefighterguard"="\"D:\\Program Files\\SPYWAREfighter\\spftray.exe\"" @="" "SpySweeper"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,86,01,00,00,00,00,00,00,7a,02,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Exif Launcher.lnk" "backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe " "item"="Exif Launcher" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk" "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SCANPA~2\\ScnPanel.exe " "item"="ScanPanel" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Wim.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job Completion time: 07-01-13 13:52:22.78 C:\ComboFix.txt ... 07-01-13 13:52 C:\ComboFix2.txt ... 07-01-13 13:45 C:\ComboFix3.txt ... 07-01-09 18:28 C:\ComboFix40107.txt ... 07-01-09 18:28 Laat het mij even horen.
  • Ik had toch wat anders aanbevolen en dat doe ik niet voor niks. [quote:30e49608ae] Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php of hier http://cexx.org/LSPFix.exe voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net. Start het programma. Plaats een vinkje bij I know what I am doing. Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: newdotnet7_48.dll (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!) Klik op Finish en start de computer opnieuw.[/quote:30e49608ae] Eens kijken of we dat nog herstellen kunnen. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:30e49608ae] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab [/b:30e49608ae] Klik op 'Fix checked' om de items te verwijderen. Probeer onderstaande tooltjes eens om de verbinding te herstellen. Download dit bestand, iefix.exe http://www.hitmanpro.nl/iefix.exe Dubbelklik op iefix.exe en voer het programma uit. Probeer ook deze IEFIX eens: http://windowsxp.mvps.org/IEFIX.htm Mogelijk wordt gevraagd om je Windows installatieCD. Herstart je PC en kijk of er verbetering is
  • Hallo juisterr, Hier volgt mijn hijacklog na het een en ader verwijderd te hebben Logfile of HijackThis v1.99.1 Scan saved at 21:41:57, on 12-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe C:\WINDOWS\System32\svchost.exe d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\system32\VNICMon.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\DitExp.exe D:\Program Files\Photo Explorer8.0\Monitor.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ScanWizard 5\ScannerFinder.exe C:\WINDOWS\system32\wuauclt.exe D:\wincmd\WINCMD32.EXE C:\WINDOWS\System32\svchost.exe D:\Program Files\SpeedTouch6530E9\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [SSC Service Utility] D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] D:\Program Files\Photo Explorer8.0\Monitor.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131817926671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131818128265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...53/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Wanneer het niet meer werkt wil ik mijn C schijf formatteren, maar is dan alle ellende voorbij? Met belangstelling zie ik je antwoord tegemoet.
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:1345586575] R3 - URLSearchHook: (no name) - - (no file) [/b:1345586575] Klik op 'Fix checked' om de items te verwijderen. [b:1345586575][color=blue:1345586575]Je Java software is verouderd.[/color:1345586575][/b:1345586575] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:1345586575]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:1345586575][list:1345586575] [*:1345586575]Download de nieuwste versie hier: [b:1345586575][url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6 [/url][/b:1345586575]. [*:1345586575]Scroll naar beneden tot waar er staat: "[i:1345586575]Java Runtime Environment (JRE) 6 The J2SE Runtime Environment (JRE) allows end-users to run Java applications.[/i:1345586575]". [*:1345586575]Klik dan rechts op de "[b:1345586575]>>Download[/b:1345586575]" knop. [*:1345586575]Vink het volgende aan waar er staat: "[b:1345586575][i:1345586575]Accept[/b:1345586575] License Agreement[/i:1345586575]". [*:1345586575]De pagina zal herladen. [*:1345586575]Klik op de link: [b:1345586575]Windows Offline Installation, Multi-language[/b:1345586575]. De download zal starten, sla deze op je bureaublad op. [*:1345586575]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:1345586575]Ga dan naar [b:1345586575]Start[/b:1345586575] > [b:1345586575]Configuratiescherm[/b:1345586575] en dubbelklik op [b:1345586575]software[/b:1345586575] en verwijder alle oudere versies van Java. [*:1345586575]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:1345586575]Klik dan op [b:1345586575]Verwijderen[/b:1345586575] of [b:1345586575]Wijzig/Verwijder[/b:1345586575] knop. [*:1345586575]Herhaal dit tot alle oudere versies verdwenen zijn. [*:1345586575]Na het verwijderen van alle oudere versies, herstart dan je pc. [*:1345586575]Dubbelklik dan op [b:1345586575]jre-6-windows-i586.exe[/b:1345586575] op je bureaublad om de nieuwste versie van Java te installeren. [/list:u:1345586575]
  • Mogge Juisterr, De oude Java versie's waren er met geen mogelijkheid af te krijgen. Mijn PC ging steeds trager werken. Ik heb ten einde raad de C schijf maar geformatteerd. En Windows XP er weer opgezet. In ieder geval bedankt voor je hulp Groetjes :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.