Mededeling

Collapse
No announcement yet.

Log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Log

    Dit is mij log, ik wil u alvast bedanken voor uw hulp

    Logfile of HijackThis v1.98.2
    Scan saved at 14:36:59, on 4-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\WINDOWS\System32\iosdt\iosdt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\svchost.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Fatih Kalyon.KALYON\Bureaublad\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crmioucascdoh.net/atAAxekQd16F/WBnnI4sG4OVuCWcIxoQVwFZ9lZFjgamna7kYbxuFGYTNVdN1rHF.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skhqbchcqseysri.com/atAAxekQd16Oui/VHhLYaY4YAzLb_5aSOVYP0gET84E.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)
    F3 - REG:win.ini: run=litleozy.exe
    O1 - Hosts: 222.89.98.219 98983.com
    O1 - Hosts: 222.89.98.219 wisa.cn
    O1 - Hosts: 222.89.98.219 www.look8.net
    O1 - Hosts: 222.89.98.219 howow.net
    O1 - Hosts: 222.89.98.219 www.ca183.com
    O1 - Hosts: 222.89.98.219 mv99.com
    O1 - Hosts: 222.89.98.219 www.tongchi.com
    O1 - Hosts: 222.89.98.219 webcool.net
    O1 - Hosts: 222.89.98.219 www.cmfu.com
    O1 - Hosts: 222.89.98.219 soyeah.com
    O1 - Hosts: 222.89.98.219 7k7k.com
    O1 - Hosts: 222.89.98.219 www.nowok.net
    O1 - Hosts: 222.89.98.219 www.bwwz.com
    O1 - Hosts: 222.89.98.219 www.wo365.com
    O1 - Hosts: 222.89.98.219 678a.com
    O1 - Hosts: 222.89.98.219 www.wisa.cn
    O1 - Hosts: 222.89.98.219 www.8goo.com
    O1 - Hosts: 222.89.98.219 6235.com
    O1 - Hosts: 222.89.98.219 www.7t7t.com
    O1 - Hosts: 222.89.98.219 baimin.com
    O1 - Hosts: 222.89.98.219 wo123.com
    O1 - Hosts: 222.89.98.219 wo99.com
    O1 - Hosts: 222.89.98.219 www.sia.com.cn
    O1 - Hosts: 222.89.98.219 wysw.com
    O1 - Hosts: 222.89.98.219 www.page.com.cn
    O1 - Hosts: 222.89.98.219 www.k369.com
    O1 - Hosts: 222.89.98.219 tongchi.com
    O1 - Hosts: 222.89.98.219 msncn.com
    O1 - Hosts: 222.89.98.219 www.678a.com
    O1 - Hosts: 222.89.98.219 www.msncn.com
    O1 - Hosts: 222.89.98.219 5126.net
    O1 - Hosts: 222.89.98.219 www.wo99.com
    O1 - Hosts: 222.89.98.219 www.net114.com
    O1 - Hosts: 222.89.98.219 zhao99.com
    O1 - Hosts: 222.89.98.219 9i0.com
    O1 - Hosts: 222.89.98.219 fj3721.com
    O1 - Hosts: 222.89.98.219 www.link999.com
    O1 - Hosts: 222.89.98.219 sowang.cn
    O1 - Hosts: 222.89.98.219 www.youav.com
    O1 - Hosts: 222.89.98.219 www.001wz.com
    O1 - Hosts: 222.89.98.219 www.zhao99.com
    O1 - Hosts: 222.89.98.219 3tom.com
    O1 - Hosts: 222.89.98.219 cy.51sobu.com
    O1 - Hosts: 222.89.98.219 7510.com
    O1 - Hosts: 222.89.98.219 fm1000.net
    O1 - Hosts: 222.89.98.219 www.14.com.cn
    O1 - Hosts: 222.89.98.219 wangzhiku.com
    O1 - Hosts: 222.89.98.219 wisa.com.cn
    O1 - Hosts: 222.89.98.219 page.com.cn
    O1 - Hosts: 222.89.98.219 xxwww.com
    O1 - Hosts: 222.89.98.219 www.5126.net
    O1 - Hosts: 222.89.98.219 www.wangzhiku.com
    O1 - Hosts: 222.89.98.219 www.hao6.com
    O1 - Hosts: 222.89.98.219 www.howow.net
    O1 - Hosts: 222.89.98.219 8goo.com
    O1 - Hosts: 222.89.98.219 www.ok135.com
    O1 - Hosts: 222.89.98.219 www.skywz.com
    O1 - Hosts: 222.89.98.219 skywz.com
    O1 - Hosts: 222.89.98.219 www.432.cn
    O1 - Hosts: 222.89.98.219 www.mv99.com
    O1 - Hosts: 222.89.98.219 yhjm.com
    O1 - Hosts: 222.89.98.219 www.soyeah.com
    O1 - Hosts: 222.89.98.219 hao6.com
    O1 - Hosts: 222.89.98.219 www.7k7k.com
    O1 - Hosts: 222.89.98.219 bwwz.com
    O1 - Hosts: 222.89.98.219 7t7t.com
    O1 - Hosts: 222.89.98.219 www.77177.com
    O1 - Hosts: 222.89.98.219 cnww.net
    O1 - Hosts: 222.89.98.219 link999.com
    O1 - Hosts: 222.89.98.219 www.9flash.com
    O1 - Hosts: 222.89.98.219 www.65658.com
    O1 - Hosts: 222.89.98.219 001wz.com
    O1 - Hosts: 222.89.98.219 zzkan.com
    O1 - Hosts: 222.89.98.219 www.zzkan.com
    O1 - Hosts: 222.89.98.219 www.98983.com
    O1 - Hosts: 222.89.98.219 cmfu.com
    O1 - Hosts: 222.89.98.219 www.yhjm.com
    O1 - Hosts: 222.89.98.219 7o7o.com
    O1 - Hosts: 222.89.98.219 www.6235.com
    O1 - Hosts: 222.89.98.219 114.com.cn
    O1 - Hosts: 222.89.98.219 65658.com
    O1 - Hosts: 222.89.98.219 www.mtvav.com
    O1 - Hosts: 222.89.98.219 www.webcool.net
    O1 - Hosts: 222.89.98.219 ok135.com
    O1 - Hosts: 222.89.98.219 www.wo123.com
    O1 - Hosts: 222.89.98.219 9flash.com
    O1 - Hosts: 222.89.98.219 www.baimin.com
    O1 - Hosts: 222.89.98.219 432.cn
    O1 - Hosts: 222.89.98.219 www.sowang.cn
    O1 - Hosts: 222.89.98.219 www.7510.com
    O1 - Hosts: 222.89.98.219 www.51sobu.com
    O1 - Hosts: 222.89.98.219 nowok.net
    O1 - Hosts: 222.89.98.219 www.fm1000.net
    O1 - Hosts: 222.89.98.219 www.xxwww.com
    O1 - Hosts: 222.89.98.219 www.7o7o.com
    O1 - Hosts: 222.89.98.219 51sobu.com
    O1 - Hosts: 222.89.98.219 www.fj3721.com
    O1 - Hosts: 222.89.98.219 ca183.com
    O1 - Hosts: 222.89.98.219 77177.com
    O1 - Hosts: 222.89.98.219 www.114.com.cn
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Sécurity Center] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
    O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ddmmsbbhook.dll,_mainRD
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [bukeyfs] C:\WINDOWS\System32\yprjza.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [DVP95_0] C:\WINDOWS\HFxXwL5kvDt.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ThatDupe] C:\DOCUME~1\FATIHK~1.KAL\APPLIC~1\MATHSK~1\KeepStore.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZNxdm414XXUS
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5b2f12423f01fa3f255a10cc9af8f7b5d60c0438ad44fd2a1a760d51c0241936773ca04aab07790 5855565abe08139a2080b:c7857c068f27d7cc50f91b20c15a3e0e
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/GamyunIeToolbar.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095180728374
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O18 - Protocol: bw+0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

  • #2
    Hi TurkRambo,

    Het is handig om deze pagina op te slaan in je favorieten zodat je deze makkelijker kan vinden wanneer je terugkomt.

    Verplaats HijackThis, bij voorkeur naar c:\Program Files\HijackThis. Overal is goed, behalve je Bureaublad of een tijdelijke map. Als HijackThis in een tijdelijke map loop je het risico dat backups verwijderd worden, en het Bureaublad wordt anders een puinhoop met alle backups.
    Als je Windows XP gebruikt, kan het zijn dat je hebt dubbelgeklikt op het bestand HijackThis.exe. Dan wordt het programma uitgepakt naar en tijdelijke map. Selecteer het bestand pak het uit.

    Hoe maak je een nieuwe map:

    Klik op "Mijn Computer", dan "C:\" en op "Program Files".
    Uit het menu kies "Bestand"->"Nieuw"->"Map"
    Dat maakt een map met de naam "Nieuwe map", die je kan hernoemen tot "HJT" of "HijackThis"
    Nu heb je "C:\Program Files\HijackThis". Plaats HijackThis.exe daar.

    Je draait NewDotNet. Als je dit zelf hebt geïnstalleerd, raad ik je aan om het te verwijderen. Als je het niet hebt geïnstalleerd al helemaal! Om het weg te halen ga naar deze site en volg de instrukties (Engels)http://www.newdotnet.com/removal.html

    Open het Configuratiescherm, dan "Software" en "Programma's wijzigen of verwijderen". Selecteer de volgende onderdelen en klik op "Verwijderen" voor elk van deze:
    • My Search Bar
    • MyWay Speed Bar
    • My Web Search Bar
    • Fun Web Products Easy Installer


    [edit]Het is handig om TeaTimer in dit geval uit te zetten, anders wordt je helemaal gek van alle bevestigingsvragen! Hoe zet je het uit: Start Spybot en
    zorg ervoor dat het menu "Advanced" is ("Mode" menu en een vink voor "Advanced Mode"). Klik op "Tools" in de linkerbalk. Kies "Resident" en ontvink "Resident "Tea Timer" (Protection of over-all system settings) active". Als je klaar bent kan je hem weer aanzetten ooor hem weer aan te vinken.[/edit]

    Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crmioucascdoh.net/atAAxek...TNVdN1rHF.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skhqbchcqseysri.com/atAAx...VYP0gET84E.htm

    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)

    F3 - REG:win.ini: run=litleozy.exe

    O1 - Hosts: 222.89.98.219 98983.com
    O1 - Hosts: 222.89.98.219 wisa.cn
    O1 - Hosts: 222.89.98.219 www.look8.net
    O1 - Hosts: 222.89.98.219 howow.net
    O1 - Hosts: 222.89.98.219 www.ca183.com
    O1 - Hosts: 222.89.98.219 mv99.com
    O1 - Hosts: 222.89.98.219 www.tongchi.com
    O1 - Hosts: 222.89.98.219 webcool.net
    O1 - Hosts: 222.89.98.219 www.cmfu.com
    O1 - Hosts: 222.89.98.219 soyeah.com
    O1 - Hosts: 222.89.98.219 7k7k.com
    O1 - Hosts: 222.89.98.219 www.nowok.net
    O1 - Hosts: 222.89.98.219 www.bwwz.com
    O1 - Hosts: 222.89.98.219 www.wo365.com
    O1 - Hosts: 222.89.98.219 678a.com
    O1 - Hosts: 222.89.98.219 www.wisa.cn
    O1 - Hosts: 222.89.98.219 www.8goo.com
    O1 - Hosts: 222.89.98.219 6235.com
    O1 - Hosts: 222.89.98.219 www.7t7t.com
    O1 - Hosts: 222.89.98.219 baimin.com
    O1 - Hosts: 222.89.98.219 wo123.com
    O1 - Hosts: 222.89.98.219 wo99.com
    O1 - Hosts: 222.89.98.219 www.sia.com.cn
    O1 - Hosts: 222.89.98.219 wysw.com
    O1 - Hosts: 222.89.98.219 www.page.com.cn
    O1 - Hosts: 222.89.98.219 www.k369.com
    O1 - Hosts: 222.89.98.219 tongchi.com
    O1 - Hosts: 222.89.98.219 msncn.com
    O1 - Hosts: 222.89.98.219 www.678a.com
    O1 - Hosts: 222.89.98.219 www.msncn.com
    O1 - Hosts: 222.89.98.219 5126.net
    O1 - Hosts: 222.89.98.219 www.wo99.com
    O1 - Hosts: 222.89.98.219 www.net114.com
    O1 - Hosts: 222.89.98.219 zhao99.com
    O1 - Hosts: 222.89.98.219 9i0.com
    O1 - Hosts: 222.89.98.219 fj3721.com
    O1 - Hosts: 222.89.98.219 www.link999.com
    O1 - Hosts: 222.89.98.219 sowang.cn
    O1 - Hosts: 222.89.98.219 www.youav.com
    O1 - Hosts: 222.89.98.219 www.001wz.com
    O1 - Hosts: 222.89.98.219 www.zhao99.com
    O1 - Hosts: 222.89.98.219 3tom.com
    O1 - Hosts: 222.89.98.219 cy.51sobu.com
    O1 - Hosts: 222.89.98.219 7510.com
    O1 - Hosts: 222.89.98.219 fm1000.net
    O1 - Hosts: 222.89.98.219 www.14.com.cn
    O1 - Hosts: 222.89.98.219 wangzhiku.com
    O1 - Hosts: 222.89.98.219 wisa.com.cn
    O1 - Hosts: 222.89.98.219 page.com.cn
    O1 - Hosts: 222.89.98.219 xxwww.com
    O1 - Hosts: 222.89.98.219 www.5126.net
    O1 - Hosts: 222.89.98.219 www.wangzhiku.com
    O1 - Hosts: 222.89.98.219 www.hao6.com
    O1 - Hosts: 222.89.98.219 www.howow.net
    O1 - Hosts: 222.89.98.219 8goo.com
    O1 - Hosts: 222.89.98.219 www.ok135.com
    O1 - Hosts: 222.89.98.219 www.skywz.com
    O1 - Hosts: 222.89.98.219 skywz.com
    O1 - Hosts: 222.89.98.219 www.432.cn
    O1 - Hosts: 222.89.98.219 www.mv99.com
    O1 - Hosts: 222.89.98.219 yhjm.com
    O1 - Hosts: 222.89.98.219 www.soyeah.com
    O1 - Hosts: 222.89.98.219 hao6.com
    O1 - Hosts: 222.89.98.219 www.7k7k.com
    O1 - Hosts: 222.89.98.219 bwwz.com
    O1 - Hosts: 222.89.98.219 7t7t.com
    O1 - Hosts: 222.89.98.219 www.77177.com
    O1 - Hosts: 222.89.98.219 cnww.net
    O1 - Hosts: 222.89.98.219 link999.com
    O1 - Hosts: 222.89.98.219 www.9flash.com
    O1 - Hosts: 222.89.98.219 www.65658.com
    O1 - Hosts: 222.89.98.219 001wz.com
    O1 - Hosts: 222.89.98.219 zzkan.com
    O1 - Hosts: 222.89.98.219 www.zzkan.com
    O1 - Hosts: 222.89.98.219 www.98983.com
    O1 - Hosts: 222.89.98.219 cmfu.com
    O1 - Hosts: 222.89.98.219 www.yhjm.com
    O1 - Hosts: 222.89.98.219 7o7o.com
    O1 - Hosts: 222.89.98.219 www.6235.com
    O1 - Hosts: 222.89.98.219 114.com.cn
    O1 - Hosts: 222.89.98.219 65658.com
    O1 - Hosts: 222.89.98.219 www.mtvav.com
    O1 - Hosts: 222.89.98.219 www.webcool.net
    O1 - Hosts: 222.89.98.219 ok135.com
    O1 - Hosts: 222.89.98.219 www.wo123.com
    O1 - Hosts: 222.89.98.219 9flash.com
    O1 - Hosts: 222.89.98.219 www.baimin.com
    O1 - Hosts: 222.89.98.219 432.cn
    O1 - Hosts: 222.89.98.219 www.sowang.cn
    O1 - Hosts: 222.89.98.219 www.7510.com
    O1 - Hosts: 222.89.98.219 www.51sobu.com
    O1 - Hosts: 222.89.98.219 nowok.net
    O1 - Hosts: 222.89.98.219 www.fm1000.net
    O1 - Hosts: 222.89.98.219 www.xxwww.com
    O1 - Hosts: 222.89.98.219 www.7o7o.com
    O1 - Hosts: 222.89.98.219 51sobu.com
    O1 - Hosts: 222.89.98.219 www.fj3721.com
    O1 - Hosts: 222.89.98.219 ca183.com
    O1 - Hosts: 222.89.98.219 77177.com
    O1 - Hosts: 222.89.98.219 www.114.com.cn
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)

    O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
    O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ddmmsbbhook.dll,_mainRD
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [bukeyfs] C:\WINDOWS\System32\yprjza.exe
    O4 - HKLM\..\Run: [DVP95_0] C:\WINDOWS\HFxXwL5kvDt.exe
    O4 - HKCU\..\Run: [ThatDupe] C:\DOCUME~1\FATIHK~1.KAL\APPLIC~1\MATHSK~1\KeepStore.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...L_ZNxdm414XXUS

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...f91b20c15a3e0e


    Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

    Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

    Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

    Mappen en bestanden met een tilde (~) betekenen dat er een map/bestand is dat begint met de 6 letters voor de tilde, houdt rekening ermee dat er spaties in kunnen staan. Als er meer dan één is, post dan wat gevonden is. Verwijder niet!

    Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

    C:\WINDOWS\System32\litleozy.exe
    C:\WINDOWS\Systools.exe
    c:\windows\ddmmsbbhook.dll
    C:\WINDOWS\System32\yprjza.exe
    C:\WINDOWS\HFxXwL5kvDt.exe

    Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

    C:\Program Files\INCRED~1
    C:\Program Files\MyWebSearch
    C:\Documents and Settings\Fatih Kalyon.KALYON\Application Data\MATHSK~1

    Herstart de computer en post een nieuwe log in deze thread.
    Last edited by Bobbi Flekman; 04-12-04, 14:50.

    Comment


    • #3
      Log2

      Logfile of HijackThis v1.98.2
      Scan saved at 16:20:14, on 4-12-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTSvcCDA.exe
      C:\WINDOWS\System32\iosdt\iosdt.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\svchost.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\Valve\Steam\Steam.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\hjk\hijackthis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crmioucascdoh.net/atAAxekQd16F/WBnnI4sG4OVuCWcIxoQVwFZ9lZFjgamna7kYbxuFGYTNVdN1rHF.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skhqbchcqseysri.com/atAAxekQd16Oui/VHhLYaY4YAzLb_5aSOVYP0gET84E.htm
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
      R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
      F3 - REG:win.ini: run=litleozy.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Sécurity Center] C:\WINDOWS\svchost.exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
      O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/GamyunIeToolbar.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095180728374
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
      O18 - Protocol: bw+0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

      Comment


      • #4
        Hi TurkRambo,

        Wilde je zeggen dat je NewDotNet wilde houden? Ik zou het er van afhalen!

        Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crmioucascdoh.net/atAAxek...TNVdN1rHF.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skhqbchcqseysri.com/atAAx...VYP0gET84E.htm

        R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
        R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)

        F3 - REG:win.ini: run=litleozy.exe

        O4 - HKLM\..\Run: [Sécurity Center] C:\WINDOWS\svchost.exe


        Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

        Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

        Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

        Mappen en bestanden met een tilde (~) betekenen dat er een map/bestand is dat begint met de 6 letters voor de tilde, houdt rekening ermee dat er spaties in kunnen staan. Als er meer dan één is, post dan wat gevonden is. Verwijder niet!

        Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

        c:\Windows\System32\litleozy.exe
        C:\WINDOWS\svchost.exe

        Herstart de computer en post een nieuwe log in deze thread.

        Comment


        • #5
          Log3

          Ik heb een probleem. Ik kan newdotnet helemaal niet verwijderen. Hij zegt dan dat ik alle browsers moet afsluiten, en dat ik het daarna opnieuw moet proberen. maar hij blijft nog steeds die fout geven van dat er een browser aanstaat en dat die uitmoet. Kan ik het niet op een andere manier verwijderen ofzo???
          En nog iets.
          Het bestandje c:\Windows\System32\litleozy.exe bestaat niet op mijn computer. Ik kan hem dus ook niet verwijderen.
          Ik hoop dat jullie me verder kunnen helpen.
          En nogmaals bedankt voor jullie hulp.

          Logfile of HijackThis v1.98.2
          Scan saved at 0:49:54, on 5-12-2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\Program Files\Messenger Plus! 3\MsgPlus.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Creative\ShareDLL\CtNotify.exe
          C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
          C:\WINDOWS\Systools.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Valve\Steam\Steam.exe
          C:\Program Files\Creative\ShareDLL\MediaDet.Exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\WINDOWS\system32\CTSvcCDA.exe
          C:\WINDOWS\System32\iosdt\iosdt.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\hjk\hijackthis.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
          O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
          O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
          O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
          O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
          O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/GamyunIeToolbar.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095180728374
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
          O18 - Protocol: bw+0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw+0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw-0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw-0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw00 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw00s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw10 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw10s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw20 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw20s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw30 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw30s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw40 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw40s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw50 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw50s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw60 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw60s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw70 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw70s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O18 - Protocol: bwg0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwg0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwq0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwq0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwr0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwr0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bws0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bws0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwt0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwt0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwu0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwu0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwv0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwv0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bww0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bww0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwx0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwx0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwy0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwy0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwz0 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwz0s - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: offline-8876480 - {77550848-A6AC-4C27-A406-F2CCC53F0368} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

          Comment


          • #6
            Hi TurkRambo,

            Ik heb een probleem. Ik kan newdotnet helemaal niet verwijderen. Hij zegt dan dat ik alle browsers moet afsluiten, en dat ik het daarna opnieuw moet proberen. maar hij blijft nog steeds die fout geven van dat er een browser aanstaat en dat die uitmoet. Kan ik het niet op een andere manier verwijderen ofzo???
            Kan je alle browsers afsluiten. HijackThis opstarten, een log maken en die posten. Daarna, klik op "Misc Tools". Kruis "List also minor sections (full)" en "List empty sections (complete)" aan en klik op "Generate StartupList log". Geef "Ja" als antwoord op de vraag. Hierna wordt Kladblok geopend met het bestand startuplist.txt. Selecteer alle tekst, kopieer en plak die in een nieuwe post.

            Dan kunnen we zien of er een bbrowser in je geheugen zit en zo ja waar.

            Comment


            • #7
              StartupList report, 5-12-2004, 16:46:16
              StartupList version: 1.52.2
              Started from : C:\hjk\hijackthis.EXE
              Detected: Windows XP SP2 (WinNT 5.01.2600)
              Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              * Using default options
              * Including empty and uninteresting sections
              * Showing rarely important sections
              ==================================================

              Running processes:

              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\SYSTEM32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\CTSvcCDA.exe
              C:\WINDOWS\System32\iosdt\iosdt.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Logitech\iTouch\iTouch.exe
              C:\Program Files\Messenger Plus! 3\MsgPlus.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
              C:\Program Files\Creative\ShareDLL\CtNotify.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
              C:\WINDOWS\Systools.exe
              C:\Program Files\Creative\ShareDLL\MediaDet.Exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Skype\Phone\Skype.exe
              C:\Valve\Steam\Steam.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Documents and Settings\Fatih Kalyon.KALYON\Bureaublad\ie6setup.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\DC++\DCPlusPlus.exe
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\hjk\hijackthis.exe
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

              --------------------------------------------------

              Listing of startup folders:

              Shell folders Startup:
              [C:\Documents and Settings\Fatih Kalyon.KALYON\Menu Start\Programma's\Opstarten]
              *No files*

              Shell folders AltStartup:
              *Folder not found*

              User shell folders Startup:
              *Folder not found*

              User shell folders AltStartup:
              *Folder not found*

              Shell folders Common Startup:
              [C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten]
              Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
              Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

              Shell folders Common AltStartup:
              *Folder not found*

              User shell folders Common Startup:
              *Folder not found*

              User shell folders Alternate Common Startup:
              *Folder not found*

              --------------------------------------------------

              Checking Windows NT UserInit:

              [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
              UserInit = C:\WINDOWS\system32\userinit.exe,

              [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
              *Registry key not found*

              [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
              *Registry value not found*

              [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\Run

              NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
              nwiz = nwiz.exe /install
              MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
              New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
              IMONTRAY = C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
              NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

              *No values found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

              *No values found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\Run

              ares = "C:\Program Files\Ares\Ares.exe" -h
              MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
              Windows Registry Repair Pro = C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
              CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
              Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
              Steam = C:\Valve\Steam\Steam.exe -silent
              SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

              *No values found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\Run

              [OptionalComponents]
              *No values found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\Run
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
              *No subkeys found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
              *Registry key not found*

              --------------------------------------------------

              Autorun entries in Registry subkeys of:
              HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
              *Registry key not found*

              --------------------------------------------------

              File association entry for .EXE:
              HKEY_CLASSES_ROOT\exefile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .COM:
              HKEY_CLASSES_ROOT\comfile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .BAT:
              HKEY_CLASSES_ROOT\batfile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .PIF:
              HKEY_CLASSES_ROOT\piffile\shell\open\command

              (Default) = "%1" %*

              --------------------------------------------------

              File association entry for .SCR:
              HKEY_CLASSES_ROOT\scrfile\shell\open\command

              (Default) = "%1" /S

              --------------------------------------------------

              File association entry for .HTA:
              HKEY_CLASSES_ROOT\htafile\shell\open\command

              (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

              --------------------------------------------------

              File association entry for .TXT:
              HKEY_CLASSES_ROOT\txtfile\shell\open\command

              (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

              --------------------------------------------------

              Enumerating Active Setup stub paths:
              HKLM\Software\Microsoft\Active Setup\Installed Components
              (* = disabled by HKCU twin)

              [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
              StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

              [>{26923b43-4d38-484f-9b9e-de460746276c}]
              StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

              [>{76E58462-3EEE-11D6-BF88-609353C10000}TBC489] *
              StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

              [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
              StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

              [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

              [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
              StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

              [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
              StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

              [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

              [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

              [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
              StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

              [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
              StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

              [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
              StubPath = regsvr32.exe /s /n /i:U shell32.dll

              [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
              StubPath = %SystemRoot%\system32\ie4uinit.exe

              [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
              StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

              --------------------------------------------------

              Enumerating ICQ Agent Autostart apps:
              HKCU\Software\Mirabilis\ICQ\Agent\Apps

              *Registry key not found*

              --------------------------------------------------

              Load/Run keys from C:\WINDOWS\WIN.INI:

              load=*INI section not found*
              run=*INI section not found*

              Load/Run keys from Registry:

              HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
              HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
              HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
              HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
              HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
              HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
              HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
              HKCU\..\Windows NT\CurrentVersion\Windows: load=
              HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
              HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

              --------------------------------------------------

              Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

              Shell=*INI section not found*
              SCRNSAVE.EXE=*INI section not found*
              drivers=*INI section not found*

              Shell & screensaver key from Registry:

              Shell=Explorer.exe
              SCRNSAVE.EXE=*Registry value not found*
              drivers=*Registry value not found*

              Policies Shell key:

              HKCU\..\Policies: Shell=*Registry key not found*
              HKLM\..\Policies: Shell=*Registry value not found*

              --------------------------------------------------

              Checking for EXPLORER.EXE instances:

              C:\WINDOWS\Explorer.exe: PRESENT!

              C:\Explorer.exe: not present
              C:\WINDOWS\Explorer\Explorer.exe: not present
              C:\WINDOWS\System\Explorer.exe: not present
              C:\WINDOWS\System32\Explorer.exe: not present
              C:\WINDOWS\Command\Explorer.exe: not present
              C:\WINDOWS\Fonts\Explorer.exe: not present

              --------------------------------------------------

              Checking for superhidden extensions:

              .lnk: HIDDEN! (arrow overlay: yes)
              .pif: HIDDEN! (arrow overlay: yes)
              .exe: not hidden
              .com: not hidden
              .bat: not hidden
              .hta: not hidden
              .scr: not hidden
              .shs: HIDDEN!
              .shb: HIDDEN!
              .vbs: not hidden
              .vbe: not hidden
              .wsh: not hidden
              .scf: HIDDEN! (arrow overlay: NO!)
              .url: HIDDEN! (arrow overlay: yes)
              .js: not hidden
              .jse: not hidden

              --------------------------------------------------

              Verifying REGEDIT.EXE integrity:

              - Regedit.exe found in C:\WINDOWS
              - .reg open command is normal (regedit.exe %1)
              - Company name OK: 'Microsoft Corporation'
              - Original filename OK: 'REGEDIT.EXE'
              - File description: 'Register-editor'

              Registry check passed

              --------------------------------------------------

              Enumerating Browser Helper Objects:

              AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
              URLLink Class - C:\Program Files\NewDotNet\newdotnet6_38.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
              (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
              (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

              --------------------------------------------------

              Enumerating Task Scheduler jobs:

              99E58B6F956A5627.job
              B21CDD59913B50C1.job
              Norton AntiVirus - Scan my computer - Fatih Kalyon.job
              Symantec NetDetect.job

              --------------------------------------------------

              Enumerating Download Program Files:

              [{00000055-9980-0010-8000-00AA00389B71}]
              CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB

              [Checkers Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
              CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

              [MessengerStatsClient Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
              CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

              [Minesweeper Flags Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
              CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab

              [Symantec AntiVirus scanner]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
              CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

              [GamyunNetToolbar]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\GamyunIeToolbar.dll
              CODEBASE = http://server.gamyun.net/GamyunIeToolbar.cab

              [WUWebControl Class]
              InProcServer32 = C:\WINDOWS\System32\wuweb.dll
              CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095180728374

              [Symantec RuFSI Utility Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
              CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

              [XML DOM Document 4.0]
              InProcServer32 = %SystemRoot%\System32\msxml4.dll
              CODEBASE = file://C:\TempEI4\EI40_\msxml4.cab

              [MessengerStatsClient Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
              CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab

              [ZoneIntro Class]
              InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
              CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

              [Shockwave Flash Object]
              InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
              CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

              --------------------------------------------------

              Enumerating Winsock LSP files:

              NameSpace #1: C:\WINDOWS\System32\mswsock.dll
              NameSpace #2: C:\WINDOWS\System32\winrnr.dll
              NameSpace #3: C:\WINDOWS\System32\mswsock.dll
              NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_38.dll
              Protocol #1: C:\Program Files\NewDotNet\newdotnet6_38.dll
              Protocol #2: C:\Program Files\NewDotNet\newdotnet6_38.dll
              Protocol #3: C:\WINDOWS\system32\mswsock.dll
              Protocol #4: C:\WINDOWS\system32\mswsock.dll
              Protocol #5: C:\WINDOWS\system32\mswsock.dll
              Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
              Protocol #7: C:\WINDOWS\system32\rsvpsp.dll
              Protocol #8: C:\WINDOWS\system32\mswsock.dll
              Protocol #9: C:\WINDOWS\system32\mswsock.dll
              Protocol #10: C:\WINDOWS\system32\mswsock.dll
              Protocol #11: C:\WINDOWS\system32\mswsock.dll
              Protocol #12: C:\WINDOWS\system32\mswsock.dll
              Protocol #13: C:\WINDOWS\system32\mswsock.dll
              Protocol #14: C:\WINDOWS\system32\mswsock.dll
              Protocol #15: C:\WINDOWS\system32\mswsock.dll
              Protocol #16: C:\Program Files\NewDotNet\newdotnet6_38.dll
              Protocol #17: C:\Program Files\NewDotNet\newdotnet6_38.dll

              --------------------------------------------------

              Enumerating Windows NT/2000/XP services

              Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
              Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
              Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
              Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
              Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
              Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
              Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
              ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
              Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
              Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
              ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
              Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
              Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              black: System32\drivers\BlackDrv.sys (system)
              Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Closed Caption-decoder: system32\DRIVERS\CCDECODE.sys (manual start)
              Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
              Indexing-service: C:\WINDOWS\System32\cisvc.exe (manual start)
              ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
              COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
              Creative Service for CDROM Access: C:\WINDOWS\system32\CTSvcCDA.exe (autostart)
              Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
              DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
              DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
              Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
              dmboot: System32\drivers\dmboot.sys (disabled)
              dmio: System32\drivers\dmio.sys (disabled)
              dmload: System32\drivers\dmload.sys (disabled)
              Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
              distributed.net client: "C:\WINDOWS\System32\iosdt\iosdt.exe" (autostart)
              DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
              Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
              Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
              Event Log: %SystemRoot%\system32\services.exe (autostart)
              COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
              Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
              Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
              FltMgr: system32\drivers\fltmgr.sys (system)
              Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
              Spelpoort-enumerator: System32\DRIVERS\gameenum.sys (manual start)
              Microsoft SideWinder Value Add - Filterstuurprogramma: System32\DRIVERS\GcKernel.sys (manual start)
              Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
              Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Mini-stuurprogramma voor virtueel HID-apparaat van Microsoft SideWinder: System32\DRIVERS\HIDSwvd.sys (manual start)
              Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
              HTTP: System32\Drivers\HTTP.sys (manual start)
              HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
              Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
              Filterstuurprogramma voor het branden van cd's: system32\DRIVERS\imapi.sys (system)
              COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
              Intel(R) Active Monitor: C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe (autostart)
              Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system)
              IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
              IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
              IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
              IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
              IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
              IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
              PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
              iSMBIOS: \??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS (autostart)
              iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
              Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
              Stuurprogramma voor toetsenbord-HID: System32\DRIVERS\kbdhid.sys (system)
              Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
              Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Logitech USB Filter Driver: System32\Drivers\LCcFltr.Sys (manual start)
              Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
              TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
              Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
              Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
              NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
              Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
              Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
              WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
              MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
              Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
              Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
              Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
              Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
              Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
              BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
              Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start)
              NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
              Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
              Microsoft TV/Video-verbinding: system32\DRIVERS\NdisIP.sys (manual start)
              RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)
              I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start)
              RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)
              NetBIOS-interface: System32\DRIVERS\netbios.sys (system)
              NetBT: System32\DRIVERS\netbt.sys (system)
              Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
              Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
              Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
              Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
              Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
              nv: system32\DRIVERS\nv4_mini.sys (manual start)
              NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
              IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
              IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
              Trust 320 SpaceCam: System32\Drivers\ov519vid.sys (manual start)
              Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
              PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
              PCIIde: System32\DRIVERS\pciide.sys (system)
              PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
              Plug and Play: %SystemRoot%\system32\services.exe (autostart)
              IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
              WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
              Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
              Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
              QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
              Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
              PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
              RapFile: \??\C:\WINDOWS\System32\drivers\RapFile.sys (manual start)
              RapNet: \??\C:\WINDOWS\System32\drivers\RapNet.sys (manual start)
              Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
              Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
              Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
              Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
              Rdbss: System32\DRIVERS\rdbss.sys (system)
              RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
              Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start)
              Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
              Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
              Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
              Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
              QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
              NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start)
              Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
              SB PCI Family Audio Driver (WDM): system32\drivers\sbpci.sys (manual start)
              Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
              Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Secdrv: System32\DRIVERS\secdrv.sys (autostart)
              Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
              Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
              Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
              Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              SIODRV: \??\C:\WINDOWS\System32\drivers\SIODRV.SYS (autostart)
              BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
              Intel (R) System Managment BIOS Service: System32\DRIVERS\SMBios.sys (manual start)
              Intel(R) SMBus 2.0 Driver: System32\DRIVERS\smb.sys (manual start)
              sojubus: system32\DRIVERS\sojubus.sys (system)
              sojuscsi: system32\DRIVERS\sojuscsi.sys (system)
              Sony USB-filterstuurrapparaat (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
              Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
              Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
              Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
              System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              SRV: System32\DRIVERS\srv.sys (manual start)
              SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
              Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
              BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
              SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
              Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
              Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
              MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{FA87AA34-8A61-486C-B454-809C9CC87BF1} (manual start)
              Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
              Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
              Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
              Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
              Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
              Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
              Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
              Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
              Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
              Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
              Stuurprogramma voor USB-audio (WDM): system32\drivers\usbaudio.sys (manual start)
              Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
              Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
              USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
              Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
              Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
              Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
              Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
              Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
              Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
              WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
              Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
              Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
              Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
              Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
              WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
              Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
              Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              World Standard Teletext-codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
              Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
              Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
              Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


              --------------------------------------------------

              Enumerating Windows NT logon/logoff scripts:
              *No scripts set to run*

              Windows NT checkdisk command:
              BootExecute = autocheck autochk *

              Windows NT 'Wininit.ini':
              PendingFileRenameOperations: *Registry value not found*

              --------------------------------------------------

              Enumerating ShellServiceObjectDelayLoad items:

              PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
              CDBurn: C:\WINDOWS\system32\SHELL32.dll
              WebCheck: C:\WINDOWS\System32\webcheck.dll
              SysTray: C:\WINDOWS\System32\stobject.dll

              --------------------------------------------------
              Autorun entries from Registry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

              *Registry key not found*

              --------------------------------------------------

              Autorun entries from Registry:
              HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

              *Registry key not found*

              --------------------------------------------------

              End of report, 36.219 bytes
              Report generated in 0,203 seconds

              Command line options:
              /verbose - to add additional info on each section
              /complete - to include empty sections and unsuspicious data
              /full - to include several rarely-important sections
              /force9x - to include Win9x-only startups even if running on WinNT
              /forcent - to include WinNT-only startups even if running on Win9x
              /forceall - to include all Win9x and WinNT startups, regardless of platform
              /history - to list version history only

              Comment


              • #8
                Hi TurkRambo,

                C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                Dit is ook een browser. Als je precies hebt gedaan wat ik vroeg, dan verwachte ik deze niet aan aan te treffen.

                Als je Firefox afsluit, kan je dan wel NewDotNet deïnstalleren?

                Comment


                • #9
                  nee da gaa nie

                  Comment


                  • #10
                    Oorspronkelijk geplaatst door TurkRambo
                    nee da gaa nie
                    Dit is mij een beetje te summier. Wat doet 'ie dan? Kan je Firefox afsluiten? Of niet? Indien ja, kan je dan NewDotNet deïnstalleren? Zo nee, wat zegt Windows? ...

                    Comment


                    • #11
                      ik kan firefox wel afsluite maar ik kan newdotnet niet verwijderen
                      ik krijg elke keer deze fout:
                      A compenent of New.net names is currently in use.
                      Please close all Internet Explorer windows, then click Retry to try again, or Cancel to quit without uninstalling.

                      Ik heb al mijn browsers uitstaan en toch krijg ik des fout. Dus ik kan hem op g1 1 manier verwijderen.

                      Comment


                      • #12
                        Hi TurkRambo,

                        We gaan het met de hand proberen te verwijderen.

                        Download LSPfix vanaf dit adres: http://www.nucia.eu/ne/expertzone/lspfix.html

                        Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

                        O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

                        Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked". Herstart de computer.

                        Start LSPFix, en klik op de "I know what I'm doing" checkbox.
                        Kruis alle instances van [newdotnet6_38.dll](en niets anders!) aan, en verplaats ze naar het "Remove" paneel.
                        Klik op "Finish" en herstart de computer.

                        Kan je nu wel NewDotNet verwijderen? Want NewDotNet zou nu niet meer in je browser moeten zitten.
                        Last edited by Bobbi Flekman; 06-12-04, 14:54.

                        Comment


                        • #13


                          Sorry dat ik geen antwoord heb gegeven op uw vraag maar ik wist niet dat u had gereageerd op mijn post.
                          Maar ik heb dus gedaaan wat u zei. Maar kijk, ik heb new.net helemaal niet in me browser staan. Ik denk dat dat komt omdat ik firefox gebruik. Ik kan new.net dus ook niet verwijderen.
                          Maar ik heb nu nog een probleem: Ik heb een trojan ontvangen via msn en die stuurt zich elke keer automatisch door en het is ook heel irritant. Ik weet alleen niet hoe ik ervan af kom. Ik denk dat er nu een kopie is van rundll en dat die kopie dan die trojan is maar ik weet het ook niet zeker. Kunt u me verder helpen aub. Thnx
                          En u verricht echt goed werk ga zo door

                          Comment


                          • #14
                            Hi TurkRambo,

                            Maar ik heb dus gedaaan wat u zei. Maar kijk, ik heb new.net helemaal niet in me browser staan. Ik denk dat dat komt omdat ik firefox gebruik. Ik kan new.net dus ook niet verwijderen.
                            Kan je naar C:\Program Files\NewDotNet6_38 gaan en het programma uninstall6_38.exe uitvoeren?

                            Maar ik heb nu nog een probleem: Ik heb een trojan ontvangen via msn en die stuurt zich elke keer automatisch door en het is ook heel irritant. Ik weet alleen niet hoe ik ervan af kom. Ik denk dat er nu een kopie is van rundll en dat die kopie dan die trojan is maar ik weet het ook niet zeker. Kunt u me verder helpen aub.
                            Laat je computer checken op deze sites:

                            Housecall Anti Virus Panda Anti Virus Trojan Scan
                            Weet je van wie de trojan afkomstig is? Dan kan je hem blocken in MSN...

                            Kan je hierna een HijackThis log plaatsen,

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X