Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HiJack verzoek

None
13 antwoorden
  • Hallo, Zou iemand zo vriendelijk willen zijn de HiJacklog te checken.
    Volgens mij zit ie vol met zooi.

    Bij voorbaat dabk.
    Zabadak

    Logfile of HijackThis v1.99.0
    Scan saved at 11:27:22, on 13-2-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\WINDOWS\dumdrlco.exe
    D:\Program Files\Internet Optimizer\optimize.exe
    D:\Program Files\Web_Rebates\WebRebates0.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    D:\Program Files\Windows AdStatus\WinStat.exe
    D:\Program Files\NavExcel\NavHelper\v2.0.4d
    avapp.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\?ttrib.exe
    D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe
    D:\Program Files\Windows AdStatus\WinStatKeep.exe
    D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    D:\PROGRA~1\COMMON~1\qrrk\qrrka.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\Web_Rebates\WebRebates1.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Network Associates\VirusScan\VsStat.exe
    D:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    D:\Program Files\Network Associates\VirusScan\Avconsol.exe
    D:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 143
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lookfor.cc?pin=28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS
    em220.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll
    O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing)
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe
    O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [exwdkp] D:\WINDOWS\exwdkp.exe
    O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [navapp] D:\Program Files\NavExcel\NavHelper\v2.0.4d
    avapp.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe
    O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    O4 - HKCU\..\Run: [qrrk] D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe
    O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind13.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.124.130 (HKLM)
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gpa.exe
    O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://008i.com/pic//28129.chm::/open.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe






  • Eerst maar eens scannen met Ad-aware en Spybot S&D of hitmanpro
    Daarna een nieuw log posten.

    Sjaak
  • Hallo, dank voor je reactie.

    Ad Aware is al een paar maal gedraaid, met recentste list.
    Er blijken echter een 6 tal spywaretaken niet verwijderbaar.
    Maar ik zal nog eens een extra herstart maken en daarna nog eens AdAware draaien

    zabadak
  • Na herstarts blijft AdAware 7 taken steeds opnieuw vinden.
    Inmiddels heb ik in HiJackThis een aantal zaken verwijderd, zoals die Trusted zone items en die minibar search items. maar hij zet er spontaan weer een aantal terug.

    Ik kan inmiddels wel weer via de "besmette" PC fatsoenlijk op dit Forum komen

    Ik hoop dat iemand met een betere deskundigheid dan de mijne mij verder kan helpen. Dit is een nieuwe Log,

    Bij voorbaat dank,

    Zabadak

    Logfile of HijackThis v1.99.0
    Scan saved at 13:15:18, on 13-2-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe
    D:\WINDOWS\dumdrlco.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    D:\Program Files\Windows AdStatus\WinStat.exe
    D:\Program Files\NavExcel\NavHelper\v2.0.4d
    avapp.exe
    D:\Program Files\Windows AdStatus\WinStatKeep.exe
    D:\Program Files\Web_Rebates\WebRebates0.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\?ttrib.exe
    D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe
    D:\PROGRA~1\COMMON~1\qrrk\qrrka.exe
    D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    D:\Program Files\Network Associates\VirusScan\VsStat.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    D:\Program Files\Network Associates\VirusScan\Avconsol.exe
    D:\Program Files\Network Associates\VirusScan\Webscanx.exe
    D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    D:\Program Files\Web_Rebates\WebRebates1.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS
    em220.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll
    O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing)
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [navapp] D:\Program Files\NavExcel\NavHelper\v2.0.4d
    avapp.exe
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe
    O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    O4 - HKCU\..\Run: [qrrk] D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe
    O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind13.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe






  • kijk eens bij software installeren deinstalleren of er new.net of newdot.net staat
    zo ja deinstalleren
  • Hallo,
    Nee Hij staat niet bij de software, maar ik heb m nu wel weggevinkt bij MSconfig/opstarten.

    Hier is weer een nieuwe log,
    Zabadak

    Logfile of HijackThis v1.99.0
    Scan saved at 13:48:07, on 13-2-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe
    D:\WINDOWS\dumdrlco.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    D:\Program Files\Windows AdStatus\WinStat.exe
    D:\Program Files\NavExcel\NavHelper\v2.0.4d
    avapp.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\?ttrib.exe
    D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe
    D:\Program Files\Windows AdStatus\WinStatKeep.exe
    D:\PROGRA~1\COMMON~1\qrrk\qrrka.exe
    D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    D:\Program Files\Network Associates\VirusScan\VsStat.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    D:\Program Files\Network Associates\VirusScan\Avconsol.exe
    D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    D:\Program Files\Network Associates\VirusScan\Webscanx.exe
    D:\WINDOWS\system32\wuauclt.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS
    em220.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll
    O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing)
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [navapp] D:\Program Files\NavExcel\NavHelper\v2.0.4d
    avapp.exe
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe
    O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    O4 - HKCU\..\Run: [qrrk] D:\PROGRA~1\COMMON~1\qrrk\qrrkm.exe
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind13.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe






  • Sluit alle vensters behalve Hijackthis.
    Fix de volgende items:

    [b:bc9547e4ba]O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS
    em220.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho13.dll
    O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - D:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - D:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar21.dll (file missing)
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [Rkx] D:\WINDOWS\System32\?ttrib.exe
    O4 - HKCU\..\Run: [Mtoe] D:\Documents and Settings\ThugBunny\Application Data\asan.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab [/b:bc9547e4ba]

    Herstart de computer en verwijder de volgende directories/bestanden.
    Zorg ervoor dat je besturingssysteembestanden en verborgenbestanden kunt zien.

    D:\WINDOWS
    em220.dll
    D:\WINDOWS\ALL USERS\APPLICATION DATA\SETUP\
    D:\DOCUMENTS AND SETTINGS\ALLUSERS\APPLICATION DATA\Setup\
    D:\Program Files\Common Files\Hyperbar\
    D:\PROGRAM FILES\SIDEFIND\
    D:\Program Files\NavExcel\
    D:\Program Files\NavExcel Search Toolbar\
    D:\PROGRAM FILES\DASHBAR\
    D:\Program Files\NewDotNet\
    D:\Documents and Settings\ThugBunny\Application Data\asan.exe

    En post een nieuw log
    Sjaak

  • Alles uitgevoerd, Ik werd verwezen door HiJack naar Spybot. Deze ook gedraaid en alles laten ruimen. Ik werd ook verwezen naar http://www.cexx.org/lspfix.htm en dat exe proggie gedraaid.
    Maar die New.Dot.Net blijft erin. Veilige modus geprobeerd. Starten op een ouwe ME flop geprobeerd: Dit lukte ook niet want dan wordt de directory (onder DOS) niet gevonden (schijf te groot? 20 Gig?)

    Ik ga dus als laatste de HD eruit halen en als extra schijf in een ander XP systeem hangen zodat ik wel die NewDot dirctory kan verwijdren en dan vooral die "newdotnet6_38.dll"die erin zit.

    Maar is de rest nu onder controle?

    Zabadak




    Logfile of HijackThis v1.99.0
    Scan saved at 17:17:44, on 13-2-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    D:\Program Files\Windows AdStatus\WinStat.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows AdStatus\WinStatKeep.exe
    D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    D:\Program Files\Network Associates\VirusScan\VsStat.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    D:\Program Files\Network Associates\VirusScan\Avconsol.exe
    D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    D:\Program Files\Network Associates\VirusScan\Webscanx.exe
    D:\WINDOWS\system32\wuauclt.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~2\SDHelper.dll
    O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\WINDOWS\system32\lfbpnb.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe"
    O4 - HKLM\..\Run: [NHeP] D:\WINDOWS\dumdrlco.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [areslite] "D:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe



  • Heb je al geprobeerd NewDotNet te verwijderen?

    Start - Configuratiescherm - Software

    Die newdotnet6_38.dll zou je ook kunnen verwijderen met Hijackthis.
    Onder Misc Tools section kiezen voor de optie Delete a file on reboot.
    Daarna alsnog proberen om de items in Hijackthis te fixen en directory verwijderen.

    D:\Program Files\NewDotNet\

    Volgende moeten ook nog worden gefixed

    [b:a44523d6bc]R3 - URLSearchHook: HyperSearchHook - {ED76E61E-B268-4908-A9A9-2254AA54D09E} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: (no name) - {733FBA9B-0000-27DF-2E83-248799F7E994} - D:\Program Files\Common Files\Hyperbar\

    en volgende verwijderen:
    D:\Program Files\Common Files\Hyperbar\
    D:\PROGRAM FILES\SEARCHRELEVANCY\

    Sjaak[/b:a44523d6bc]
  • NewDotNet kon ook niet worden verwijderd via HiJack remove at reboot.
    Ik heb het wel opgelost gekregen doordat ik bestanden ging zoeken die waren aangemaakt op dezelfde datum als die dll, daarna sorteren op tijdstip en toen zag in in de D:\windows directory het bestand: NDNuninstall6_38.exe. De naam van dat bestand kon geen toeval zijn en ik heb m gestart warna de boel keurig uninstalde. Vreemd dat ik dit niet in de softwarelijst tegenkwam.

    De andere items zijn ook gewist via verkenner, waarbij Hyperbar niet in de "ProgramFiles" zat maar 3x in "DocumentsAndSettings".

    Het enige wat ik nu nog niet weg krijg zijn die "trusted zone" items.

    Zijn dit nu de laatste rariteiten in de log?

    Zabadak



    Logfile of HijackThis v1.99.0
    Scan saved at 18:46:43, on 13-2-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Windows AdStatus\WinStat.exe
    D:\PROGRA~1\mcafee.com\agent\McAgent.exe
    D:\Program Files\Windows AdStatus\WinStatKeep.exe
    D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    D:\Program Files\Network Associates\VirusScan\VsStat.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    D:\Program Files\Network Associates\VirusScan\Avconsol.exe
    D:\Program Files\Network Associates\VirusScan\Webscanx.exe
    D:\WINDOWS\system32\wuauclt.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~2\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O23 - Service: AVSync Manager - Unknown - D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: McShield - Unknown - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

  • Om die O15 te verwijderen, het volgende uitvoeren.
    Open Registry Editor.
    Click Start - Uitvoeren, type REGEDIT gevolgd door enter.
    ga naar:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Internet Settings>
    ZoneMap>Domains

    in het linker panel, right-click op de volgende registery sleutels, en kies voor Delete (een key tegelijk):
    *.frame.crazywinnings.com
    frame.crazywinnings.com
    *.crazywinnings.com
    crazywinnings.com
    *.static.topconverting.com
    static.topconverting.com
    *.topconverting.com
    topconverting.com
    Sluit Regedit.

    Met Hijackthis het volgende item nog fixen:
    [b:14946840bc]O4 - HKLM\..\Run: [Windows AdStatus] D:\Program Files\Windows AdStatus\WinStat.exe [/b:14946840bc]

    en de volgende directory na een reboot verwijderen:
    D:\Program Files\Windows AdStatus\WinStat.exe

    Sjaak
  • Deze laatste punten doe ik morgenavond. De gehele zondag hiermee bezig geweest. Computeren blijft een tijdrovende hobby…

    Ik wil jullie hartelijk danken voor de hulp.

    what would I be without you…

    Thanx!

    zabbie
  • Als ik mag…
    Om die O15 sleutels te fixen:
    Open een klablokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    [code:1:e6edf3e027]
    REGEDIT4

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com]
    "*"=dword:00000004

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\frame.crazywinnings.com]
    "*"=dword:00000004

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com]
    "*"=dword:00000004

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com]
    "*"=dword:00000004

    [/code:1:e6edf3e027]
    Dubbelklik klik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Ze zitten ook onder hklm… :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.