Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Anders (software)

HiJackThis log vol spyware ?

None
2 antwoorden
  • Ja… PC van een kenis heeft 3 searchbars die niet weg willen. Heb AdAware, NAV2004, NOD32, SpyBotS&D etc etc erover heen gegooid, maar niks werkt[quote:5d5ef28f92]
    Logfile of HijackThis v1.97.7
    Scan saved at 19:21:39, on 20-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Vannilesoep\Local Settings\Temporary Internet Files\Content.IE5\85AZ0X6F\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tweakzone.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.aldi.com/
    O1 - Hosts file is located at: C:\WINDOWS\help\hosts
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.220.30 www.google.akadns.net
    O1 - Hosts: 207.44.220.30 www.google.com
    O1 - Hosts: 207.44.220.30 google.com
    O1 - Hosts: 207.44.220.30 www.altavista.com
    O1 - Hosts: 207.44.220.30 altavista.com
    O1 - Hosts: 207.44.220.30 search.yahoo.com
    O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
    O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
    O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
    O1 - Hosts: 207.44.220.30 au.search.yahoo.com
    O1 - Hosts: 207.44.220.30 de.search.yahoo.com
    O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
    O1 - Hosts: 207.44.220.30 www.lycos.de
    O1 - Hosts: 207.44.220.30 www.lycos.ca
    O1 - Hosts: 207.44.220.30 www.lycos.jp
    O1 - Hosts: 207.44.220.30 www.lycos.co.jp
    O1 - Hosts: 207.44.220.30 alltheweb.com
    O1 - Hosts: 207.44.220.30 web.ask.com
    O1 - Hosts: 207.44.220.30 ask.com
    O1 - Hosts: 207.44.220.30 www.ask.com
    O1 - Hosts: 207.44.220.30 www.teoma.com
    O1 - Hosts: 207.44.220.30 search.aol.com
    O1 - Hosts: 207.44.220.30 www.looksmart.com
    O1 - Hosts: 207.44.220.30 auto.search.msn.com
    O1 - Hosts: 207.44.220.30 search.msn.com
    O1 - Hosts: 207.44.220.30 ca.search.msn.com
    O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
    O1 - Hosts: 207.44.220.30 search.fr.msn.be
    O1 - Hosts: 207.44.220.30 search.fr.msn.ch
    O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
    O1 - Hosts: 207.44.220.30 search.msn.at
    O1 - Hosts: 207.44.220.30 search.msn.be
    O1 - Hosts: 207.44.220.30 search.msn.ch
    O1 - Hosts: 207.44.220.30 search.msn.co.in
    O1 - Hosts: 207.44.220.30 search.msn.co.jp
    O1 - Hosts: 207.44.220.30 search.msn.co.kr
    O1 - Hosts: 207.44.220.30 search.msn.com.br
    O1 - Hosts: 207.44.220.30 search.msn.com.hk
    O1 - Hosts: 207.44.220.30 search.msn.com.my
    O1 - Hosts: 207.44.220.30 search.msn.com.sg
    O1 - Hosts: 207.44.220.30 search.msn.com.tw
    O1 - Hosts: 207.44.220.30 search.msn.co.za
    O1 - Hosts: 207.44.220.30 search.msn.de
    O1 - Hosts: 207.44.220.30 search.msn.dk
    O1 - Hosts: 207.44.220.30 search.msn.es
    O1 - Hosts: 207.44.220.30 search.msn.fi
    O1 - Hosts: 207.44.220.30 search.msn.fr
    O1 - Hosts: 207.44.220.30 search.msn.it
    O1 - Hosts: 207.44.220.30 search.msn.nl
    O1 - Hosts: 207.44.220.30 search.msn.no
    O1 - Hosts: 207.44.220.30 search.msn.se
    O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
    O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
    O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
    O1 - Hosts: 207.44.220.30 search.yupimsn.com
    O1 - Hosts: 207.44.220.30 uk.search.msn.com
    O1 - Hosts: 207.44.220.30 search.lycos.com
    O1 - Hosts: 207.44.220.30 www.lycos.com
    O1 - Hosts: 207.44.220.30 www.google.ca
    O1 - Hosts: 207.44.220.30 google.ca
    O1 - Hosts: 207.44.220.30 www.google.uk
    O1 - Hosts: 207.44.220.30 www.google.co.uk
    O1 - Hosts: 207.44.220.30 www.google.com.au
    O1 - Hosts: 207.44.220.30 www.google.co.jp
    O1 - Hosts: 207.44.220.30 www.google.jp
    O1 - Hosts: 207.44.220.30 www.google.at
    O1 - Hosts: 207.44.220.30 www.google.be
    O1 - Hosts: 207.44.220.30 www.google.ch
    O1 - Hosts: 207.44.220.30 www.google.de
    O1 - Hosts: 207.44.220.30 www.google.se
    O1 - Hosts: 207.44.220.30 www.google.dk
    O1 - Hosts: 207.44.220.30 www.google.fi
    O1 - Hosts: 207.44.220.30 www.google.fr
    O1 - Hosts: 207.44.220.30 www.google.com.gr
    O1 - Hosts: 207.44.220.30 www.google.com.hk
    O1 - Hosts: 207.44.220.30 www.google.ie
    O1 - Hosts: 207.44.220.30 www.google.co.il
    O1 - Hosts: 207.44.220.30 www.google.it
    O1 - Hosts: 207.44.220.30 www.google.co.kr
    O1 - Hosts: 207.44.220.30 www.google.com.mx
    O1 - Hosts: 207.44.220.30 www.google.nl
    O1 - Hosts: 207.44.220.30 www.google.co.nz
    O1 - Hosts: 207.44.220.30 www.google.pl
    O1 - Hosts: 207.44.220.30 www.google.pt
    O1 - Hosts: 207.44.220.30 www.google.com.ru
    O1 - Hosts: 207.44.220.30 www.google.com.sg
    O1 - Hosts: 207.44.220.30 www.google.co.th
    O1 - Hosts: 207.44.220.30 www.google.com.tr
    O1 - Hosts: 207.44.220.30 www.google.com.tw
    O1 - Hosts: 207.44.220.30 go.google.com
    O1 - Hosts: 207.44.220.30 google.at
    O1 - Hosts: 207.44.220.30 google.be
    O1 - Hosts: 207.44.220.30 google.de
    O1 - Hosts: 207.44.220.30 google.dk
    O1 - Hosts: 207.44.220.30 google.fi
    O1 - Hosts: 207.44.220.30 google.fr
    O1 - Hosts: 207.44.220.30 google.com.hk
    O1 - Hosts: 207.44.220.30 google.ie
    O1 - Hosts: 207.44.220.30 google.co.il
    O1 - Hosts: 207.44.220.30 google.it
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: TweakBar - {B02B3506-8251-40CA-8CF3-822B0AA31441} - C:\Program Files\TweakBar Toolbar\TweakBar.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1071333157187
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37664.0440393519
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan
    avonline.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://hosting0.gamepoint.net/2003/ds/sintgame/marsepein/dll/boom.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FD37F222-B32D-11D5-BFA4-0000B4A6D8A2} (CycloConnect AddressSelection2 Control) - http://www.cyclomedia.nl/download/components/CycloConnectCC.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F37DC4B-FD57-419C-B4FD-1FD869F3A32C}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5CC075-7882-41BC-98B2-CA0A25278318}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A16D7BD-3D22-4AC2-8657-9D2A01B06400}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F98DAE46-5D6B-49FD-BB27-BB3F21DEB47B}: NameServer = 216.127.92.38
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F37DC4B-FD57-419C-B4FD-1FD869F3A32C}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

    [/quote:5d5ef28f92]
  • eerst HijackThis uit de tempfolder….
    Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maak namelijk backups in de map waar het opgestart wordt.
    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:7bce10d358]
    alle O1 entries

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

    O3 - Toolbar: TweakBar - {B02B3506-8251-40CA-8CF3-822B0AA31441} - C:\Program Files\TweakBar Toolbar\TweakBar.dll

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup

    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F37DC4B-FD57-419C-B4FD-1FD869F3A32C}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5CC075-7882-41BC-98B2-CA0A25278318}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A16D7BD-3D22-4AC2-8657-9D2A01B06400}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F98DAE46-5D6B-49FD-BB27-BB3F21DEB47B}: NameServer = 216.127.92.38
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F37DC4B-FD57-419C-B4FD-1FD869F3A32C}: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
    [/b:7bce10d358]
    Als je dit gedaan hebt start je de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
    C:\PROGRA~1\NEWDOT~1 <— deze map

    Reboot, en post een nieuwe log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.