Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Computer is prooi van hacker, zie hijack log.

juisterr
12 antwoorden
  • L.S.
    Sinds vorige week is mijn eigen beveiligde router niet meer te bereiken ik wordt steeds aan een onbeveiligde router geplugd. Ik kan geen beveiligde sites op internet meer bereiken, zoals Bank etc. Mijn muis beweegt slecht, batterijen reeds vervangen.
    Ik heb een 3 Ghz computer met Windows XP, Antivirus programma van Trust, Modem/Router Speedtouch van KPN/Hetnet. Na het draaien van Hitman Pro, kwam er een geel waarschuwingsdriehoekje op het scherm met een zwart uitroepteken en de opmerking dat internet beperkt bereikbaar is.
    Vervolgens mijn abonnement Surfen en Bellen bij KPN geactiveerd. Ook het terugzetten naar een eerdere datum van mijn register wordt niet door het systeem geaccepteerd. Met mijn zakelijke Laptop maak ik zo verbinding met mijn eigen beveiligde Router/Modem.
    Ik kan niet meer draadloos op internet, maar wel vai Wlan
    Welke expert wil naar mijn Hijack Log kijken
    Logfile of HijackThis v1.99.1
    Scan saved at 21:41:57, on 3-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\system32\VNICMon.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\DitExp.exe
    D:\Program Files\Photo Explorer8.0\Monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\wincmd\WINCMD32.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\SpeedTouch6530E9\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SSC Service Utility] D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector] D:\Program Files\Photo Explorer8.0\Monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Wat moet ik doen?????
    Alvast bedank voor jullie advies :roll: :roll:

  • Is U daar nog
    ?
  • Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php of hier http://cexx.org/LSPFix.exe

    voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net.

    Start het programma.
    Plaats een vinkje bij I know what I am doing.
    Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: newdotnet7_48.dll

    (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!)
    Klik op Finish en start de computer opnieuw.


    Optie 1:
    De-installeer via software (indien aanwezig):
    NewDotNet
    New.Net
    New.net Domains
    New.net Application

    Optie 2:
    Dubbelklik op Deze Computer
    Dubbelklik op C:/
    Dubbelklik op de Program Files map
    Zoek de NewDotNet map op en dubbelklik erop.
    Zoek naar het bestand "uninstall6_72.exe". Dubbelklik hierop.
    Start opnieuw op wanneer dit gevraagd wordt.

    Optie 3:
    Dubbelklik op Deze Computer
    Dubbelklik op de C: drive
    Dubbelklik op de Windows/Winnt map
    Zoek naar en dubbelklik op het uninstall-bestand, het wordt “NDNuninstall6_72.exe” genoemd.

    Optie 4:
    Lukt dit niet, ga dan hier naar toe (alleen in het uiterste geval):
    http://www.newdotnet.com
    emoval.html, en voer procedure 4 uit.

    Na het un-installen van New.Net de pc herstarten.
  • Mogge justerr,
    Ik ben weer wat verder. Bij het scannen van mijn poorten (vai programma op Internet) kwam ik er achter dat een aantal overgenomen is door R.AT. bijv. spynet, gift enz. Bij het stoppen van de processen via de poorten, werd de computer automatisch afgesloten en opnieuw opgestart.
    De programma's (Trojans) die de hackers gebruiken worden niet herkend door Adware, Spy… etc.
    Wat staat mij nu te doen?
    :cry: :cry:
  • Ik zeg niet direct dat het onzin is, ik heb daar alleen nog niet van gehoord. Wel inzake rootkits die onzichtbaar zouden zijn.

    Eens kijken of we zo al wat wijzer worden.

    Wil je even alleen doen wat ik vraag aub, verder niet in paniek raken want daar zie ik iig geen reden toe.

    Download [b:4398e9b0be]Combofix[/b:4398e9b0be] naar je Bureaublad.[list:4398e9b0be]
    Dubbelklik [b:4398e9b0be]Combofix.exe[/b:4398e9b0be]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:4398e9b0be]NIET[/b:4398e9b0be] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4398e9b0be]
    Wanneer de fix voltooid is en na herstart, zal de log [b:4398e9b0be]combofix.txt[/b:4398e9b0be] openen.
    [i:4398e9b0be]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4398e9b0be]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Hallo Juisterr,
    Hier volgen Hijacklog en combofixlog.
    Ik wacht met spanning.
    :o :o
    Logfile of HijackThis v1.99.1
    Scan saved at 18:22:49, on 9-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\system32\VNICMon.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    C:\WINDOWS\DitExp.exe
    D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program Files\Photo Explorer8.0\Monitor.exe
    D:\Program Files\SPYWAREfighter\spftray.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    d:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    D:\Program Files\SPYWAREfighter\spfprc.exe
    D:\Program Files\Port Explorer\PortExplorer.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    D:\wincmd\WINCMD32.EXE
    D:\Program Files\SpeedTouch6530E9\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
    O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
    O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SSC Service Utility] "D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector] "D:\Program Files\Photo Explorer8.0\Monitor.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [spywarefighterguard] "D:\Program Files\SPYWAREfighter\spftray.exe"
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
    O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LNSS Status Monitor.lnk = D:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    ——————————————————————————–
    Wim - 07-01-09 18:27:04.03 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Wim\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


    2007-01-09 18:06 <DIR> d——– C:\Program Files\Windows Defender
    2007-01-09 18:03 <DIR> d——– C:\WINDOWS\LastGood
    2007-01-08 22:15 15,360 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-01-08 22:15 14,848 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-01-08 22:15 13,824 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-01-08 22:15 117,248 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-01-08 22:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Webroot
    2007-01-08 21:39 <DIR> d——– C:\Program Files\Common Files\Application
    2007-01-07 22:00 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-01-07 21:59 <DIR> d——– C:\Documents and Settings\Wim\Application Data\Uniblue
    2007-01-07 21:35 40,960 ——— C:\WINDOWS\system32\dcsws2.dll
    2007-01-04 21:22 <DIR> d——– C:\Program Files\InterMute
    2007-01-04 20:16 <DIR> d——– C:\WINDOWS\WBEM
    2007-01-04 20:16 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2007-01-04 20:14 <DIR> d–h-c— C:\WINDOWS\ie7
    2007-01-04 20:13 121,856 ——— C:\WINDOWS\system32\xmllite.dll
    2007-01-04 20:12 <DIR> d——– C:\WINDOWS
    etwork diagnostic
    2007-01-02 18:25 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-01-02 18:25 <DIR> d——– C:\Documents and Settings\Wim\Application Data\Webroot
    2006-12-29 13:14 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Support.com
    2006-12-09 16:53 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2006-12-09 16:51 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-09 17:47 ——– d——– C:\Documents and Settings\Wim\Application Data\AdobeUM
    2007-01-08 21:39 ——– d-a—— C:\Program Files\Common Files
    2007-01-05 19:33 8146 –a—— C:\Documents and Settings\Wim\Application Data\wklnhst.dat
    2007-01-04 20:18 ——– d——– C:\Program Files\Outlook Express
    2007-01-04 20:18 ——– d——– C:\Program Files\Internet Explorer
    2007-01-04 20:18 ——– d——– C:\Program Files\Common Files\System
    2007-01-04 19:24 ——– d——– C:\Program Files\Java
    2007-01-03 22:42 ——– d——– C:\Program Files\Eset
    2007-01-02 18:33 ——– d——– C:\Program Files\Windows Media Player
    2007-01-02 18:32 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2007-01-02 18:25 ——– d——– C:\Program Files\Spybot - Search & Destroy
    2007-01-02 18:25 ——– d——– C:\Documents and Settings\Wim\Application Data\Lavasoft
    2006-12-07 07:40 2362184 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-28 22:01 ——– d——– C:\Program Files\AnfyTeam
    2006-11-27 19:26 ——– d——– C:\Documents and Settings\Wim\Application Data\Help
    2006-11-21 17:59 ——– d——– C:\Program Files\MSXML 4.0
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 ——— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 ——— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 ——— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 ——— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-23 16:19 662016 –a—— C:\WINDOWS\system32\wininet(4)(3).dll
    2006-10-23 16:19 615424 –a—— C:\WINDOWS\system32\urlmon(4)(3).dll
    2006-10-23 16:19 474624 –a—— C:\WINDOWS\system32\shlwapi(4)(3).dll
    2006-10-23 16:19 1494528 –a—— C:\WINDOWS\system32\shdocvw(2)(3).dll
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs(4)(3).dll
    2006-10-20 02:39 714752 ——— C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "updateMgr"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "CHotkey"="mHotkey.exe"
    "ledpointer"="CNYHKey.exe"
    "Dit"="Dit.exe"
    "PRISMSTA.EXE"="\"PRISMSTA.EXE\" START"
    "NIC Monitor"="VNICMon.exe"
    "REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN"
    "Realtime Monitor"="\"C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe\" -s"
    "MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
    "PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
    "SSC Service Utility"="\"D:\\Digital Revolution Tool\\Digital Revolution Tool\\drtool.exe\" /s"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "Ulead AutoDetector"="\"D:\\Program Files\\Photo Explorer8.0\\Monitor.exe\""
    "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
    "spywarefighterguard"="\"D:\\Program Files\\SPYWAREfighter\\spftray.exe\""
    @=""
    "SpySweeper"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Spyware Doctor"=""

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Spyware Doctor"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Exif Launcher.lnk"
    "backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
    "item"="Exif Launcher"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk"
    "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\SCANPA~2\\ScnPanel.exe "
    "item"="ScanPanel"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NEWDOT~2"
    "hkey"="HKLM"
    "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Wim.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

    Completion time: 07-01-09 18:28:17.79
    C:\ComboFix.txt … 07-01-09 18:28
    C:\ComboFix2.txt … 07-01-09 17:49
    C:\ComboFix3.txt … 07-01-05 19:40
    C:\ComboFix40107.txt … 07-01-09 17:50

    Wat staat mij te doen?
    Alvast bedankt




  • Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php
    voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net.

    [b:dd6525f421]Optie 1: [/b:dd6525f421]
    De-installeer via software (indien aanwezig):
    NewDotNet
    New.Net
    New.net Domains
    New.net Application

    [b:dd6525f421]Optie 2: [/b:dd6525f421]
    Dubbelklik op Deze Computer
    Dubbelklik op C:/
    Dubbelklik op de Program Files map
    Zoek de NewDotNet map op en dubbelklik erop.
    Zoek naar het bestand "uninstall7_48.exe". Dubbelklik hierop.
    Start opnieuw op wanneer dit gevraagd wordt.

    [b:dd6525f421]Optie 3: [/b:dd6525f421]
    Dubbelklik op Deze Computer
    Dubbelklik op de C: drive
    Dubbelklik op de Windows/Winnt map
    Zoek naar en dubbelklik op het uninstall-bestand, het wordt “[b:dd6525f421]uninstallX_XX.exe[/b:dd6525f421] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.” genoemd.

    [b:dd6525f421]Optie 4: [/b:dd6525f421]
    Lukt dit niet, ga dan hier naar toe (alleen in het uiterste geval):
    http://www.newdotnet.com
    emoval.html, en voer procedure 4 uit.

    Na het un-installen van New.Net de pc herstarten.
  • Hallo Juisterr,
    Nu kom ik helemaal niet meer op internet.
    Dit bericht stuur ik met een andere computer.
    Door Microsoft Defender is NewDotNet verwijderd.
    Hieronder volgen mijn Hijacklog en combofixlog. Beide zijn niet via de veilige modus opgesteld.
    Ik hoop dat je mij kunt helpen.
    Logfile of HijackThis v1.99.1
    Scan saved at 13:24:12, on 13-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\system32\VNICMon.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program Files\Photo Explorer8.0\Monitor.exe
    D:\Program Files\SPYWAREfighter\spftray.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    D:\Program Files\SPYWAREfighter\spfprc.exe
    d:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\SpeedTouch6530E9\HijackThis.exe
    D:\wincmd\WINCMD32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
    O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
    O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SSC Service Utility] "D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector] "D:\Program Files\Photo Explorer8.0\Monitor.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [spywarefighterguard] "D:\Program Files\SPYWAREfighter\spftray.exe"
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LNSS Status Monitor.lnk = D:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    en mijn combofixlog
    Wim - 07-01-13 13:51:07.71 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Wim\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))


    No new files created in this timespan


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-13 12:17 ——– d——– C:\Documents and Settings\Wim\Application Data\AdobeUM
    2007-01-13 11:42 ——– d——– C:\Program Files\Common Files\Adobe
    2007-01-08 21:39 ——– d-a—— C:\Program Files\Common Files
    2007-01-05 19:33 8146 –a—— C:\Documents and Settings\Wim\Application Data\wklnhst.dat
    2007-01-04 20:18 ——– d——– C:\Program Files\Outlook Express
    2007-01-04 20:18 ——– d——– C:\Program Files\Internet Explorer
    2007-01-04 20:18 ——– d——– C:\Program Files\Common Files\System
    2007-01-04 19:24 ——– d——– C:\Program Files\Java
    2007-01-03 22:42 ——– d——– C:\Program Files\Eset
    2007-01-02 18:33 ——– d——– C:\Program Files\Windows Media Player
    2007-01-02 18:33 ——– d——– C:\Program Files\Windows Media Connect 2
    2007-01-02 18:32 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2007-01-02 18:25 ——– d——– C:\Program Files\Spybot - Search & Destroy
    2007-01-02 18:25 ——– d——– C:\Documents and Settings\Wim\Application Data\Lavasoft
    2006-12-07 07:40 2362184 ——— C:\WINDOWS\system32\wmvcore.dll
    2006-11-28 22:01 ——– d——– C:\Program Files\AnfyTeam
    2006-11-27 19:26 ——– d——– C:\Documents and Settings\Wim\Application Data\Help
    2006-11-21 17:59 ——– d——– C:\Program Files\MSXML 4.0
    2006-11-08 06:07 679424 ——— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 ——— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 ——— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 ——— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 ——— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-23 16:19 662016 –a—— C:\WINDOWS\system32\wininet(4)(3).dll
    2006-10-23 16:19 615424 –a—— C:\WINDOWS\system32\urlmon(4)(3).dll
    2006-10-23 16:19 474624 –a—— C:\WINDOWS\system32\shlwapi(4)(3).dll
    2006-10-23 16:19 1494528 –a—— C:\WINDOWS\system32\shdocvw(2)(3).dll
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs(4)(3).dll
    2006-10-20 02:39 714752 ——— C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 ——— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "CHotkey"="mHotkey.exe"
    "ledpointer"="CNYHKey.exe"
    "Dit"="Dit.exe"
    "PRISMSTA.EXE"="\"PRISMSTA.EXE\" START"
    "NIC Monitor"="VNICMon.exe"
    "REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN"
    "Realtime Monitor"="\"C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe\" -s"
    "MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
    "PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
    "SSC Service Utility"="\"D:\\Digital Revolution Tool\\Digital Revolution Tool\\drtool.exe\" /s"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "Ulead AutoDetector"="\"D:\\Program Files\\Photo Explorer8.0\\Monitor.exe\""
    "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
    "spywarefighterguard"="\"D:\\Program Files\\SPYWAREfighter\\spftray.exe\""
    @=""
    "SpySweeper"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,86,01,00,00,00,00,00,00,7a,02,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Spyware Doctor"=""

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Spyware Doctor"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Exif Launcher.lnk"
    "backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
    "item"="Exif Launcher"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk"
    "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\SCANPA~2\\ScnPanel.exe "
    "item"="ScanPanel"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NEWDOT~2"
    "hkey"="HKLM"
    "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Wim.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

    Completion time: 07-01-13 13:52:22.78
    C:\ComboFix.txt … 07-01-13 13:52
    C:\ComboFix2.txt … 07-01-13 13:45
    C:\ComboFix3.txt … 07-01-09 18:28
    C:\ComboFix40107.txt … 07-01-09 18:28

    Laat het mij even horen.



  • Ik had toch wat anders aanbevolen en dat doe ik niet voor niks.
    [quote:30e49608ae]
    Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php of hier http://cexx.org/LSPFix.exe

    voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net.

    Start het programma.
    Plaats een vinkje bij I know what I am doing.
    Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: newdotnet7_48.dll

    (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!)
    Klik op Finish en start de computer opnieuw.[/quote:30e49608ae]

    Eens kijken of we dat nog herstellen kunnen.



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:30e49608ae]
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    [/b:30e49608ae]
    Klik op 'Fix checked' om de items te verwijderen.



    Probeer onderstaande tooltjes eens om de verbinding te herstellen.

    Download dit bestand, iefix.exe http://www.hitmanpro.nl/iefix.exe

    Dubbelklik op iefix.exe en voer het programma uit.

    Probeer ook deze IEFIX eens: http://windowsxp.mvps.org/IEFIX.htm
    Mogelijk wordt gevraagd om je Windows installatieCD.

    Herstart je PC en kijk of er verbetering is
  • Hallo juisterr,

    Hier volgt mijn hijacklog na het een en ader verwijderd te hebben
    Logfile of HijackThis v1.99.1
    Scan saved at 21:41:57, on 12-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\system32\VNICMon.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\DitExp.exe
    D:\Program Files\Photo Explorer8.0\Monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\wincmd\WINCMD32.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\SpeedTouch6530E9\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SSC Service Utility] D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector] D:\Program Files\Photo Explorer8.0\Monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu…?1131817926671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof…?1131818128265
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2…ll/xscan53.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is…53/mcfscan.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Wanneer het niet meer werkt wil ik mijn C schijf formatteren, maar is dan alle ellende voorbij?
    Met belangstelling zie ik je antwoord tegemoet.

  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:1345586575]
    R3 - URLSearchHook: (no name) - - (no file)
    [/b:1345586575]
    Klik op 'Fix checked' om de items te verwijderen.

    [b:1345586575]
  • Mogge Juisterr,
    De oude Java versie's waren er met geen mogelijkheid af te krijgen. Mijn PC ging steeds trager werken.
    Ik heb ten einde raad de C schijf maar geformatteerd.
    En Windows XP er weer opgezet.
    In ieder geval bedankt voor je hulp
    Groetjes :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.