Vraag & Antwoord
Computer is prooi van hacker, zie hijack log.
12 antwoorden
- Ik zeg niet direct dat het onzin is, ik heb daar alleen nog niet van gehoord. Wel inzake rootkits die onzichtbaar zouden zijn.
Eens kijken of we zo al wat wijzer worden.
Wil je even alleen doen wat ik vraag aub, verder niet in paniek raken want daar zie ik iig geen reden toe.
Download [b:4398e9b0be]Combofix[/b:4398e9b0be] naar je Bureaublad.[list:4398e9b0be]
Dubbelklik [b:4398e9b0be]Combofix.exe[/b:4398e9b0be]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:4398e9b0be]NIET[/b:4398e9b0be] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4398e9b0be]
Wanneer de fix voltooid is en na herstart, zal de log [b:4398e9b0be]combofix.txt[/b:4398e9b0be] openen.
[i:4398e9b0be]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4398e9b0be]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - Hallo Juisterr,
Hier volgen Hijacklog en combofixlog.
Ik wacht met spanning.
:o :o
Logfile of HijackThis v1.99.1
Scan saved at 18:22:49, on 9-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\VNICMon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Photo Explorer8.0\Monitor.exe
D:\Program Files\SPYWAREfighter\spftray.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
d:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\Program Files\SPYWAREfighter\spfprc.exe
D:\Program Files\Port Explorer\PortExplorer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\wincmd\WINCMD32.EXE
D:\Program Files\SpeedTouch6530E9\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC Service Utility] "D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "D:\Program Files\Photo Explorer8.0\Monitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [spywarefighterguard] "D:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LNSS Status Monitor.lnk = D:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
——————————————————————————–
Wim - 07-01-09 18:27:04.03 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Wim\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))
2007-01-09 18:06 <DIR> d——– C:\Program Files\Windows Defender
2007-01-09 18:03 <DIR> d——– C:\WINDOWS\LastGood
2007-01-08 22:15 15,360 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-08 22:15 14,848 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-08 22:15 13,824 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-08 22:15 117,248 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-08 22:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Webroot
2007-01-08 21:39 <DIR> d——– C:\Program Files\Common Files\Application
2007-01-07 22:00 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
2007-01-07 21:59 <DIR> d——– C:\Documents and Settings\Wim\Application Data\Uniblue
2007-01-07 21:35 40,960 ——— C:\WINDOWS\system32\dcsws2.dll
2007-01-04 21:22 <DIR> d——– C:\Program Files\InterMute
2007-01-04 20:16 <DIR> d——– C:\WINDOWS\WBEM
2007-01-04 20:16 <DIR> d——– C:\WINDOWS\system32\nl-nl
2007-01-04 20:14 <DIR> d–h-c— C:\WINDOWS\ie7
2007-01-04 20:13 121,856 ——— C:\WINDOWS\system32\xmllite.dll
2007-01-04 20:12 <DIR> d——– C:\WINDOWS\network diagnostic
2007-01-02 18:25 <DIR> d——– C:\Program Files\SpywareBlaster
2007-01-02 18:25 <DIR> d——– C:\Documents and Settings\Wim\Application Data\Webroot
2006-12-29 13:14 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Support.com
2006-12-09 16:53 <DIR> d——– C:\Program Files\Windows Media Connect 2
2006-12-09 16:51 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-09 17:47 ——– d——– C:\Documents and Settings\Wim\Application Data\AdobeUM
2007-01-08 21:39 ——– d-a—— C:\Program Files\Common Files
2007-01-05 19:33 8146 –a—— C:\Documents and Settings\Wim\Application Data\wklnhst.dat
2007-01-04 20:18 ——– d——– C:\Program Files\Outlook Express
2007-01-04 20:18 ——– d——– C:\Program Files\Internet Explorer
2007-01-04 20:18 ——– d——– C:\Program Files\Common Files\System
2007-01-04 19:24 ——– d——– C:\Program Files\Java
2007-01-03 22:42 ——– d——– C:\Program Files\Eset
2007-01-02 18:33 ——– d——– C:\Program Files\Windows Media Player
2007-01-02 18:32 ——– d–h—– C:\Program Files\InstallShield Installation Information
2007-01-02 18:25 ——– d——– C:\Program Files\Spybot - Search & Destroy
2007-01-02 18:25 ——– d——– C:\Documents and Settings\Wim\Application Data\Lavasoft
2006-12-07 07:40 2362184 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-11-28 22:01 ——– d——– C:\Program Files\AnfyTeam
2006-11-27 19:26 ——– d——– C:\Documents and Settings\Wim\Application Data\Help
2006-11-21 17:59 ——– d——– C:\Program Files\MSXML 4.0
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 ——— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 ——— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 ——— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 ——— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-23 16:19 662016 –a—— C:\WINDOWS\system32\wininet(4)(3).dll
2006-10-23 16:19 615424 –a—— C:\WINDOWS\system32\urlmon(4)(3).dll
2006-10-23 16:19 474624 –a—— C:\WINDOWS\system32\shlwapi(4)(3).dll
2006-10-23 16:19 1494528 –a—— C:\WINDOWS\system32\shdocvw(2)(3).dll
2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs(4)(3).dll
2006-10-20 02:39 714752 ——— C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"Dit"="Dit.exe"
"PRISMSTA.EXE"="\"PRISMSTA.EXE\" START"
"NIC Monitor"="VNICMon.exe"
"REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN"
"Realtime Monitor"="\"C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe\" -s"
"MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
"PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"SSC Service Utility"="\"D:\\Digital Revolution Tool\\Digital Revolution Tool\\drtool.exe\" /s"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Ulead AutoDetector"="\"D:\\Program Files\\Photo Explorer8.0\\Monitor.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"spywarefighterguard"="\"D:\\Program Files\\SPYWAREfighter\\spftray.exe\""
@=""
"SpySweeper"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Exif Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SCANPA~2\\ScnPanel.exe "
"item"="ScanPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Wim.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
Completion time: 07-01-09 18:28:17.79
C:\ComboFix.txt … 07-01-09 18:28
C:\ComboFix2.txt … 07-01-09 17:49
C:\ComboFix3.txt … 07-01-05 19:40
C:\ComboFix40107.txt … 07-01-09 17:50
Wat staat mij te doen?
Alvast bedankt - L.S.
Sinds vorige week is mijn eigen beveiligde router niet meer te bereiken ik wordt steeds aan een onbeveiligde router geplugd. Ik kan geen beveiligde sites op internet meer bereiken, zoals Bank etc. Mijn muis beweegt slecht, batterijen reeds vervangen.
Ik heb een 3 Ghz computer met Windows XP, Antivirus programma van Trust, Modem/Router Speedtouch van KPN/Hetnet. Na het draaien van Hitman Pro, kwam er een geel waarschuwingsdriehoekje op het scherm met een zwart uitroepteken en de opmerking dat internet beperkt bereikbaar is.
Vervolgens mijn abonnement Surfen en Bellen bij KPN geactiveerd. Ook het terugzetten naar een eerdere datum van mijn register wordt niet door het systeem geaccepteerd. Met mijn zakelijke Laptop maak ik zo verbinding met mijn eigen beveiligde Router/Modem.
Ik kan niet meer draadloos op internet, maar wel vai Wlan
Welke expert wil naar mijn Hijack Log kijken
Logfile of HijackThis v1.99.1
Scan saved at 21:41:57, on 3-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\VNICMon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\DitExp.exe
D:\Program Files\Photo Explorer8.0\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\wuauclt.exe
D:\wincmd\WINCMD32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\SpeedTouch6530E9\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC Service Utility] D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] D:\Program Files\Photo Explorer8.0\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Wat moet ik doen?????
Alvast bedank voor jullie advies :roll: :roll: - Is U daar nog
? - Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php of hier http://cexx.org/LSPFix.exe
voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net.
Start het programma.
Plaats een vinkje bij I know what I am doing.
Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: newdotnet7_48.dll
(Let op enkel deze mogen in het remove-venster staan, geen anderen!!!)
Klik op Finish en start de computer opnieuw.
Optie 1:
De-installeer via software (indien aanwezig):
NewDotNet
New.Net
New.net Domains
New.net Application
Optie 2:
Dubbelklik op Deze Computer
Dubbelklik op C:/
Dubbelklik op de Program Files map
Zoek de NewDotNet map op en dubbelklik erop.
Zoek naar het bestand "uninstall6_72.exe". Dubbelklik hierop.
Start opnieuw op wanneer dit gevraagd wordt.
Optie 3:
Dubbelklik op Deze Computer
Dubbelklik op de C: drive
Dubbelklik op de Windows/Winnt map
Zoek naar en dubbelklik op het uninstall-bestand, het wordt “NDNuninstall6_72.exe” genoemd.
Optie 4:
Lukt dit niet, ga dan hier naar toe (alleen in het uiterste geval):
http://www.newdotnet.com/removal.html, en voer procedure 4 uit.
Na het un-installen van New.Net de pc herstarten. - Mogge justerr,
Ik ben weer wat verder. Bij het scannen van mijn poorten (vai programma op Internet) kwam ik er achter dat een aantal overgenomen is door R.AT. bijv. spynet, gift enz. Bij het stoppen van de processen via de poorten, werd de computer automatisch afgesloten en opnieuw opgestart.
De programma's (Trojans) die de hackers gebruiken worden niet herkend door Adware, Spy… etc.
Wat staat mij nu te doen?
:cry: :cry: - Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php
voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net.
[b:dd6525f421]Optie 1: [/b:dd6525f421]
De-installeer via software (indien aanwezig):
NewDotNet
New.Net
New.net Domains
New.net Application
[b:dd6525f421]Optie 2: [/b:dd6525f421]
Dubbelklik op Deze Computer
Dubbelklik op C:/
Dubbelklik op de Program Files map
Zoek de NewDotNet map op en dubbelklik erop.
Zoek naar het bestand "uninstall7_48.exe". Dubbelklik hierop.
Start opnieuw op wanneer dit gevraagd wordt.
[b:dd6525f421]Optie 3: [/b:dd6525f421]
Dubbelklik op Deze Computer
Dubbelklik op de C: drive
Dubbelklik op de Windows/Winnt map
Zoek naar en dubbelklik op het uninstall-bestand, het wordt “[b:dd6525f421]uninstallX_XX.exe[/b:dd6525f421] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.” genoemd.
[b:dd6525f421]Optie 4: [/b:dd6525f421]
Lukt dit niet, ga dan hier naar toe (alleen in het uiterste geval):
http://www.newdotnet.com/removal.html, en voer procedure 4 uit.
Na het un-installen van New.Net de pc herstarten. - Hallo Juisterr,
Nu kom ik helemaal niet meer op internet.
Dit bericht stuur ik met een andere computer.
Door Microsoft Defender is NewDotNet verwijderd.
Hieronder volgen mijn Hijacklog en combofixlog. Beide zijn niet via de veilige modus opgesteld.
Ik hoop dat je mij kunt helpen.
Logfile of HijackThis v1.99.1
Scan saved at 13:24:12, on 13-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\VNICMon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Photo Explorer8.0\Monitor.exe
D:\Program Files\SPYWAREfighter\spftray.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\Program Files\SPYWAREfighter\spfprc.exe
d:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\SpeedTouch6530E9\HijackThis.exe
D:\wincmd\WINCMD32.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC Service Utility] "D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "D:\Program Files\Photo Explorer8.0\Monitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [spywarefighterguard] "D:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LNSS Status Monitor.lnk = D:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131817926671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131818128265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - D:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
en mijn combofixlog
Wim - 07-01-13 13:51:07.71 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Wim\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-13 12:17 ——– d——– C:\Documents and Settings\Wim\Application Data\AdobeUM
2007-01-13 11:42 ——– d——– C:\Program Files\Common Files\Adobe
2007-01-08 21:39 ——– d-a—— C:\Program Files\Common Files
2007-01-05 19:33 8146 –a—— C:\Documents and Settings\Wim\Application Data\wklnhst.dat
2007-01-04 20:18 ——– d——– C:\Program Files\Outlook Express
2007-01-04 20:18 ——– d——– C:\Program Files\Internet Explorer
2007-01-04 20:18 ——– d——– C:\Program Files\Common Files\System
2007-01-04 19:24 ——– d——– C:\Program Files\Java
2007-01-03 22:42 ——– d——– C:\Program Files\Eset
2007-01-02 18:33 ——– d——– C:\Program Files\Windows Media Player
2007-01-02 18:33 ——– d——– C:\Program Files\Windows Media Connect 2
2007-01-02 18:32 ——– d–h—– C:\Program Files\InstallShield Installation Information
2007-01-02 18:25 ——– d——– C:\Program Files\Spybot - Search & Destroy
2007-01-02 18:25 ——– d——– C:\Documents and Settings\Wim\Application Data\Lavasoft
2006-12-07 07:40 2362184 ——— C:\WINDOWS\system32\wmvcore.dll
2006-11-28 22:01 ——– d——– C:\Program Files\AnfyTeam
2006-11-27 19:26 ——– d——– C:\Documents and Settings\Wim\Application Data\Help
2006-11-21 17:59 ——– d——– C:\Program Files\MSXML 4.0
2006-11-08 06:07 679424 ——— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 ——— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 ——— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 ——— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 ——— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-23 16:19 662016 –a—— C:\WINDOWS\system32\wininet(4)(3).dll
2006-10-23 16:19 615424 –a—— C:\WINDOWS\system32\urlmon(4)(3).dll
2006-10-23 16:19 474624 –a—— C:\WINDOWS\system32\shlwapi(4)(3).dll
2006-10-23 16:19 1494528 –a—— C:\WINDOWS\system32\shdocvw(2)(3).dll
2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs(4)(3).dll
2006-10-20 02:39 714752 ——— C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 ——— C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"Dit"="Dit.exe"
"PRISMSTA.EXE"="\"PRISMSTA.EXE\" START"
"NIC Monitor"="VNICMon.exe"
"REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN"
"Realtime Monitor"="\"C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe\" -s"
"MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
"PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"SSC Service Utility"="\"D:\\Digital Revolution Tool\\Digital Revolution Tool\\drtool.exe\" /s"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Ulead AutoDetector"="\"D:\\Program Files\\Photo Explorer8.0\\Monitor.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"spywarefighterguard"="\"D:\\Program Files\\SPYWAREfighter\\spftray.exe\""
@=""
"SpySweeper"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,86,01,00,00,00,00,00,00,7a,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Exif Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SCANPA~2\\ScnPanel.exe "
"item"="ScanPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Wim.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
Completion time: 07-01-13 13:52:22.78
C:\ComboFix.txt … 07-01-13 13:52
C:\ComboFix2.txt … 07-01-13 13:45
C:\ComboFix3.txt … 07-01-09 18:28
C:\ComboFix40107.txt … 07-01-09 18:28
Laat het mij even horen. - Ik had toch wat anders aanbevolen en dat doe ik niet voor niks.
[quote:30e49608ae]
Download LSPfix, http://www.bleepingcomputer.com/files/lspfix.php of hier http://cexx.org/LSPFix.exe
voor het geval je internetverbinding verbroken wordt na het verwijderen van New.Net.
Start het programma.
Plaats een vinkje bij I know what I am doing.
Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: newdotnet7_48.dll
(Let op enkel deze mogen in het remove-venster staan, geen anderen!!!)
Klik op Finish en start de computer opnieuw.[/quote:30e49608ae]
Eens kijken of we dat nog herstellen kunnen.
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:30e49608ae]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
[/b:30e49608ae]
Klik op 'Fix checked' om de items te verwijderen.
Probeer onderstaande tooltjes eens om de verbinding te herstellen.
Download dit bestand, iefix.exe http://www.hitmanpro.nl/iefix.exe
Dubbelklik op iefix.exe en voer het programma uit.
Probeer ook deze IEFIX eens: http://windowsxp.mvps.org/IEFIX.htm
Mogelijk wordt gevraagd om je Windows installatieCD.
Herstart je PC en kijk of er verbetering is - Hallo juisterr,
Hier volgt mijn hijacklog na het een en ader verwijderd te hebben
Logfile of HijackThis v1.99.1
Scan saved at 21:41:57, on 12-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\VNICMon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\DitExp.exe
D:\Program Files\Photo Explorer8.0\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\wuauclt.exe
D:\wincmd\WINCMD32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\SpeedTouch6530E9\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC Service Utility] D:\Digital Revolution Tool\Digital Revolution Tool\drtool.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] D:\Program Files\Photo Explorer8.0\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu…?1131817926671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof…?1131818128265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2…ll/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.bibliotheekwarnsveld.nl/catalogus/msrdp.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is…53/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Wanneer het niet meer werkt wil ik mijn C schijf formatteren, maar is dan alle ellende voorbij?
Met belangstelling zie ik je antwoord tegemoet. - Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:1345586575]
R3 - URLSearchHook: (no name) - - (no file)
[/b:1345586575]
Klik op 'Fix checked' om de items te verwijderen.
[b:1345586575] - Mogge Juisterr,
De oude Java versie's waren er met geen mogelijkheid af te krijgen. Mijn PC ging steeds trager werken.
Ik heb ten einde raad de C schijf maar geformatteerd.
En Windows XP er weer opgezet.
In ieder geval bedankt voor je hulp
Groetjes
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.