Vraag & Antwoord

Beveiliging & privacy

newsdot en hijackthis log

Anoniem
windowsXP-PRO
8 antwoorden
  • Hallo,
    Met Spybot een scan gedaan en daaruit bleek dat newsdot aanwezig is. Ik laat Spybot dat verwijderen maar keert toch telkens terug. Hierbij post ik mijn log. Kan iemand aangeven ajb wat ik moet doen.
    Alvast dank voor de hulp.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:44:39, on 11-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Personal Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Digital Revolution Tool\drtool.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Digital Image\Monitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\Digital Revolution Tool\drtool.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [OSS] C:\windows\system32\rk.exe -boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Monitor.lnk = C:\Program Files\Digital Image\Monitor.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: WlanUtility.lnk = C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136582184781
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4664/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    Anoniem
    Anoniem
  • Probeer eerst het volgende.

    In de programmalijst bij Configuratiescherm staan vast programma's in als die Newdot spyware. probeer dat eens te unstallen via die lijst.

    Daarna ff wachten tot de expert de log heeft gezien want daar mag ik niets meer over zeggen.
    Anoniem
    Anoniem
  • NewDotNet lijkt niet actief op je systeem, misschien staat er ergens nog een uninstaller die niet door Spybot verwijderd wordt.

    Doe het volgende maar eens:
    ownload ATF cleaner (gemaakt door Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:9778623f02]Select All[/b:9778623f02].
    Klik op de knop [b:9778623f02]Empty Selected[/b:9778623f02].

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:9778623f02]Select All[/b:9778623f02].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:9778623f02]Empty Selected[/b:9778623f02].

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij [b:9778623f02]Select All[/b:9778623f02].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:9778623f02]Empty Selected[/b:9778623f02].
    Ga naar het tabblad "Main" en klik op de knop [b:9778623f02]Exit[/b:9778623f02] om het programma af te sluiten.

    Ga naar start – uitvoeren en tik in: [b:9778623f02] ipconfig /flushdns[/b:9778623f02]

    Doe een online scan via Panda's online virus scan.
    Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

    Herstart je computer, start HijackThis opnieuw, maak een nieuwe log en post deze ter controle en post ook het logje van Panda.
    Anoniem
    Anoniem
  • @ smeenk volgens mij is dit ook een deel van een infectie

    O4 - HKLM\..\Run: [Dit] Dit.exe
    Anoniem
    Anoniem
  • Hoi sjouwer, ik denk dat het wel mee valt:
    http://www.liutilities.com/products/wintaskspro/processlibrary/dit/

    Groeten smeenk
    Anoniem
    Anoniem
  • Beste Smeenk heb je advies gevold. Hierbij nog een keer Hijack this en pandascan

    Logfile of HijackThis v1.99.1
    Scan saved at 17:16:53, on 13-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Personal Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Digital Revolution Tool\drtool.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Digital Image\Monitor.exe
    C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\Digital Revolution Tool\drtool.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [OSS] C:\windows\system32\rk.exe -boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Monitor.lnk = C:\Program Files\Digital Image\Monitor.exe
    O4 - Global Startup: WlanUtility.lnk = C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136582184781
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4664/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    Pandascan

    Incident Status Location

    Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall6_72.exe
    Adware:adware/wintools Not disinfected Windows Registry
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\6jzlrt55.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\6jzlrt55.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\6jzlrt55.default\cookies.txt[.tucows.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\6jzlrt55.default\cookies.txt[]
    Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Geena\Application Data\Mozilla\Firefox\Profiles\sc6dhljq.default\cookies.txt[]
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00035211.MOZ[]
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00035212.MOZ[]
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00035213.MOZ[]
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00035214.MOZ[]
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00035215.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035216.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035217.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035218.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035219.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035220.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035221.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035230.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035231.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035239.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035242.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035243.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035244.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035245.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035246.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035247.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035248.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035249.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035250.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035251.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035252.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035253.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035254.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035256.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035257.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035258.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035259.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035260.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035261.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035262.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035263.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035265.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035267.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035268.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035275.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035276.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035277.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035278.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035279.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035292.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035293.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035294.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035482.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035497.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035509.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035510.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035511.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035512.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035513.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035514.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035515.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035516.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035553.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035554.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035555.MOZ[]
    Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00035556.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035557.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035558.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035559.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035560.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035561.MOZ[]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00035569.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035571.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035573.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035579.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035580.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035581.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035582.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035583.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035584.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035585.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035586.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035587.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035658.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035659.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035660.MOZ[]
    Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\NPROTECT\00035697.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035698.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035699.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035700.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035701.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035702.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035703.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035704.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035705.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035706.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035707.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035708.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035709.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035710.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035712.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035713.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035714.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035735.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035736.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035738.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035739.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035740.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035742.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035744.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035745.MOZ[]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00035746.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035747.MOZ[]
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00035748.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035750.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035753.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035757.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035761.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035762.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035765.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035766.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035990.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035991.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035992.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00035993.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036000.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036001.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036002.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036003.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036004.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036005.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036006.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036007.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036008.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036009.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036015.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036029.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036030.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036031.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036032.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036033.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036039.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036040.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036041.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036047.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036048.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036049.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036064.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036065.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036066.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036067.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036069.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036074.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036075.MOZ[]
    Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00036076.MOZ[]
    Anoniem
    Anoniem
  • Zoals ik al vermoedde, je hebt nog een uninstaller van NewDotNet op je systeem staan, deze mag je wel manueel verwijderen:
    C:\WINDOWS\[b:571ea037e1]NDNuninstall6_72.exe[/b:571ea037e1]

    Daarnaast zijn er nog wat restantjes in je register, maar dat kan geen kwaad :wink:
    Het logje ziet er wel schoon uit hoor.

    Groeten smeenk
    Anoniem
    Anoniem
  • smeenk,

    Hartelijk dank heb hem gevonden.

    Groeten

    Michel
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!