Ik weet niet wat er aan de hand is

Marion

19-10-2005 14:50

Ik heb zo goed mogelijk geprobeerd jullie stappenplan te volgen. Mijn Pc is echter heel traag en van de 10 sites die ik probeer te openen, blijft de pc zeker vier keer vasthangen. Is mijn pc gewoon op en moet ik hem misschien vervangen? Ik heb weinig verstand van pc's maar probeer wel van alles. Waarschijnlijk hoort dit probleem ook helemaal niet thuis op deze site, weet alleen niet waar ik de oplossing dan wel kan vinden, maar ik heb eens per ongeluk een koffertje WAVE verwijderd. Sindsdien is mijn geluid verschrikkelijk. Het zat echter niet in de prullenbak, waar is het dan gebleven? Hartelijk dank vast voor jullie hulp.
Logfile of HijackThis v1.99.1
Scan saved at 14:55:42, on 19-10-2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODWATCHER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\MIJN DOCUMENTEN\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\PROGRAM FILES\ACCOONA\ASEARCHASSIST.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: SysTray.Exe
O4 - HKLM\..\Run: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: C:\Program Files\iPod\Bin\iPodWatcher.exe
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: mstask.exe
O4 - HKLM\..\RunServices: C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM\..\RunServices: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {BCDB34A6-C1A6-4C89-9526-E84A579A0EF7} (VacPro.olanda_win98) - http://www9.advnt01.com/dialer/olanda_win98.CAB
Erik

19-10-2005 15:18

verwijder eerst newdotnet even op een van de manieren van de link:
www.newdotnet.com/removal.html
Start daarna alleen Hijackthis en vink alleen de volgende regels aan:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.accoona.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\PROGRAM FILES\ACCOONA\ASEARCHASSIST.DLL
Klik op fix checked.
O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {BCDB34A6-C1A6-4C89-9526-E84A579A0EF7} (VacPro.olanda_win98) - www9.advnt01.com/dialer/olanda_win98.CAB
Klik op fix checked
Herstart je PC en post daarna nog even een vers HJT logje svp
Marion

19-10-2005 16:14

Beste Erik,
In de hoop dat ik alles goed heb gedaan, hier mijn nieuwe log file:
Opnieuw, alvast bedankt! Marion
Logfile of HijackThis v1.99.1
Scan saved at 16:25:53, on 19-10-2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODWATCHER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\MIJN DOCUMENTEN\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: SysTray.Exe
O4 - HKLM\..\Run: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: C:\Program Files\iPod\Bin\iPodWatcher.exe
O4 - HKLM\..\Run: C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\RunServices: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: mstask.exe
O4 - HKLM\..\RunServices: C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKLM\..\RunServices: “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM\..\RunServices: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
Erik

19-10-2005 16:33

Hoi Marion,
Mooi schoon logje weer, haal wollies poetsvod eens door je PC: http://www.virushelp.nl/onderhoud.htm
S6 :-)

Ik weet niet wat er aan de hand is

Marion

Erik

Marion

Erik