Mededeling

Collapse
No announcement yet.

Nazicht HijackThis op Spyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Nazicht HijackThis op Spyware

    Logfile of HijackThis v1.98.2
    Scan saved at 14:48:05, on 10/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Documents and Settings\Administrator\Mijn documenten\Programma's Software PC\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
    O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1043\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {5D7334F5-CF58-4F22-8502-6CC0ACB2FEFF} - http://www.dialer-shop.com/protected/code/axrbpt.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100459582294
    O16 - DPF: {6814A9EF-FBF1-46B2-A46E-56B401079C26} - http://www.dialer-shop.com/cexe/b200999.exe

  • #2
    Hoi Weyn Frank,

    1. Ga naar Start - Configuratiescherm - Software, en de-installeer:
    - New.Net / NewDotNet

    2. Start opnieuw op, maak een nieuw logje aan, en post dat hier

    Comment


    • #3
      T.A.V. Hans
      Via start > configuratiescherm > software kan ik map New.Net/NewDotNet niet vinden.In map programme files via mijn computer staat de map wel,maar kan deze niet verwijderen > geeft fout aan "geweigerd kijk of schijf vol of tegen schrijven is beveiligd of in gebruik is".Hoe moet het nu verder

      Groetjes Frank

      Comment


      • #4
        Kun je even een nieuw logje plaatsen?

        Comment


        • #5
          log 13-12-04

          Logfile of HijackThis v1.98.2
          Scan saved at 23:03:28, on 13/12/2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\RunDll32.exe
          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
          C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          C:\WINDOWS\NCLAUNCH.EXe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\RFA\rfagent.exe
          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
          C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
          C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
          C:\WINDOWS\msagent\AgentSvr.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Documents and Settings\Administrator\Mijn documenten\Programma's Software PC\hijackthis 2.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
          O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
          O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
          O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
          O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
          O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
          O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1043\phdintl.dll/phdContext.htm
          O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net

          Comment


          • #6
            Hoi Frank,

            Kun je even updaten naar HijackThis 1.99.0:

            http://radiosplace.com

            Maak hiermee een nieuw logje aan, en post dat hier.

            Comment


            • #7
              Nieuwe log met 1.99.0

              Logfile of HijackThis v1.99.0
              Scan saved at 16:01:49, on 17/12/2004
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\RunDll32.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
              C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\WINDOWS\NCLAUNCH.EXe
              C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
              C:\Program Files\RFA\rfagent.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
              C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
              C:\WINDOWS\msagent\AgentSvr.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Documents and Settings\Administrator\Mijn documenten\Programma's Software PC\Hijackthis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
              O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
              O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
              O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
              O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
              O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
              O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1043\phdintl.dll/phdContext.htm
              O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
              O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exeLogfile of HijackThis v1.99.0
              Scan saved at 22:49:10, on 17/12/2004
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\RunDll32.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
              C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\WINDOWS\NCLAUNCH.EXe
              C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
              C:\Program Files\RFA\rfagent.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
              C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
              C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
              C:\WINDOWS\msagent\AgentSvr.exe
              C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
              C:\Documents and Settings\Administrator\Mijn documenten\Programma's Software PC\Hijackthis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
              O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
              O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
              O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
              O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
              O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1043\phdintl.dll/phdContext.htm
              O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O10 - Hijacked Internet access by New.Net
              O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
              O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
              Last edited by Weyn Frank; 17-12-04, 22:06. Reden: Nieuw logje van 23:02

              Comment


              • #8
                Hoi Frank,

                Ik moet even bekijken hoe we die O10-regels gaan wegkrijgen. Belangrijk: Ga ze niet zelf proberen te fixen met hijackThis! Dit kan internet problemen veroorzaken!

                De-installeer iMesh, het is een verkeerd programma:
                http://www.spywareinfo.com/articles/p2p/

                Start opnieuw op, maak een nieuw logje aan, en post dat hier

                Comment


                • #9
                  nieuwe log 18-12-2004

                  Logfile of HijackThis v1.99.0
                  Scan saved at 10:34:35, on 18/12/2004
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\RunDll32.exe
                  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
                  C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
                  C:\WINDOWS\system32\rundll32.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\MSN Messenger\MsnMsgr.Exe
                  C:\WINDOWS\NCLAUNCH.EXe
                  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                  C:\Program Files\RFA\rfagent.exe
                  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
                  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
                  C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                  C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
                  C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
                  C:\WINDOWS\msagent\AgentSvr.exe
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\Documents and Settings\Administrator\Mijn documenten\Programma's Software PC\Hijackthis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
                  O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
                  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
                  O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
                  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
                  O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                  O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1043\phdintl.dll/phdContext.htm
                  O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O10 - Hijacked Internet access by New.Net
                  O10 - Hijacked Internet access by New.Net
                  O10 - Hijacked Internet access by New.Net
                  O10 - Hijacked Internet access by New.Net
                  O10 - Hijacked Internet access by New.Net
                  O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
                  O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe

                  Comment


                  • #10
                    Hoi Frank,

                    1. Dubbelklik op Deze Computer
                    2. Dubbelklik op C:/
                    3. Dubbelklik op de Program Files map
                    4. Zoek de NewDotNet map op en dubbelklik erop.
                    5. Zoek naar het bestand "uninstallX_XX.exe ("X" houdt de versie van de uninstaller in). Dubbelklik hierop.
                    6. Start opnieuw op wanneer dit gevraagd wordt.

                    Laat me weten of New.Net hiermee verdwenen is

                    Comment


                    • #11
                      kan map Newdotnet niet verwijderen 20-12-2004

                      T.A.V.Hans
                      onder progr.files staat maar 1 map" newdotnet6_38.dll 6.0.0.38 New.net.Domains" > kan deze niet verwijderen > heb verborgen mappen weergegeven en staat geen verborgen map in prog.files
                      Vorige keer hebt u het zelfde aangeraden > zonder resultaat
                      moet ik eerst dit niet proberen te verwijderen ??
                      O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

                      Comment


                      • #12
                        Probeer dat maar, start opnieuw op, en kijk of je de map dan wel kan verwijderen

                        Comment


                        • #13
                          Log:22-12-04

                          Dag Mr Hans,Alles geprobeerd om deze map eruit te halen en niks lukt er.Wat nu?
                          Logfile of HijackThis v1.99.0
                          Scan saved at 11:46:55, on 22/12/2004
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\RunDll32.exe
                          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
                          C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
                          C:\Program Files\Telemeter 3.0\telemeter3.exe
                          C:\WINDOWS\system32\rundll32.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\MSN Messenger\MsnMsgr.Exe
                          C:\WINDOWS\NCLAUNCH.EXe
                          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                          C:\Program Files\RFA\rfagent.exe
                          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
                          C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
                          C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
                          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                          C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
                          C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
                          C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                          C:\WINDOWS\msagent\AgentSvr.exe
                          C:\Documents and Settings\Administrator\Mijn documenten\Programma's Software PC\Hijackthis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
                          O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
                          O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
                          O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
                          O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
                          O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
                          O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                          O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
                          O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
                          O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
                          O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                          O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1043\phdintl.dll/phdContext.htm
                          O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O10 - Hijacked Internet access by New.Net
                          O10 - Hijacked Internet access by New.Net
                          O10 - Hijacked Internet access by New.Net
                          O10 - Hijacked Internet access by New.Net
                          O10 - Hijacked Internet access by New.Net
                          O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
                          O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe

                          Comment


                          • #14
                            Aan Mr Hans.

                            Ik heb al een prive berichtje gestuurd,maar voor alle zekerheid zet ik hier ook hetzelfde. Aan heel het ASO-team de beste wensen voor het nieuwe jaar gewenst. Mr Hans,in mijn laatste logje heb ik u uitgelecht dat ik die beruchte map er niet uit krijg.Ondanks alles wat U vetelde en wat ik tot hier toe geprobeerd heb.Op mijn laatste logje 22/12/04 heb ik geen reactie meer gekregen.Ik hoop op uw bekwaamheid nog eens beroep te kunnen doen.De groeten Frank.

                            Comment


                            • #15
                              Kun je even een vers logje plaatsen? Aangezien je laatste logje al aardig oud is en er dingen veranderd kunnen zijn

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X