Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Logfile HijackThis spyware MxTarget

Anoniem
Kesselnaar
11 antwoorden
  • Hallo allemaal, wie kan mij s.v.p. helpen met het definitief verwijderen van spyware MxTarget. Ik heb deze verscheidene malen verwijders met Ad-Aware SE en Spybot, maar telkens bij het aanzetten van de computer installeert hij zich vanzelf weer! De Ad-Ons van Ad-Aware Se VX2 Cleaner werkt ook niet.

    Logfile of HijackThis v1.98.0
    Scan saved at 9:47:30, on 25-8-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\WINDOWS\System32\zqlyxm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\Sijsteembeheer\HijackThis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computertotaal.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = reg.planet.nl;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
    O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [bsjwcldicwncx] C:\WINDOWS\System32\zqlyxm.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
    O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} -
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Galjoen.local
    O17 - HKLM\Software\..\Telephony: DomainName = Galjoen.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Galjoen.local
    O20 - AppInit_DLLs: NVDESK32.DLL


  • er is al een nieuwere versie van hijackthis 1.98.2 maar ik zal er even naar kijken.. 8)
  • [quote:6ab0d77a6b]O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)

    O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll


    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [CARPService] carpserv.exe

    O4 - HKLM\..\Run: [bsjwcldicwncx] C:\WINDOWS\System32\zqlyxm.exe

    O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll

    O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll[/quote:6ab0d77a6b]
    ik heb dit eruit gehaald maar reiske is een expert erin dus vraag hem nog eens te checken en post je nieuwe 1.98.2 log 8)
  • Bedankt ik heb inmiddels HijackThis v.1.98.2 gedownload.

    Logfile of HijackThis v1.98.2
    Scan saved at 15:37:49, on 25-8-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\WINDOWS\System32\zqlyxm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Sijsteembeheer\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computertotaal.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = reg.planet.nl;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
    O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [bsjwcldicwncx] C:\WINDOWS\System32\zqlyxm.exe
    O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
    O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} -
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Galjoen.local
    O17 - HKLM\Software\..\Telephony: DomainName = Galjoen.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Galjoen.local :D

  • Graag zou ik weten op welke site Hijackthis is te downloaden. Ik krijg alleen een website waarop is vermeld dat tijdelijk niet is te downloaden.

    m.v.g.
    Bert
  • [quote:4223b5078b="G.C. Severijn"]Graag zou ik weten op welke site Hijackthis is te downloaden. Ik krijg alleen een website waarop is vermeld dat tijdelijk niet is te downloaden.

    m.v.g.
    Bert[/quote:4223b5078b]
    hierzo.. http://computercops.biz/downloads-file-328.html
  • Hallo Bert,

    Ik heb deze gedownload op:

    http://www.majorgeeks.com/download3155.html

    m.vr.gr.
  • :D
  • Hartelijk dank, ik heb de site gevonden en de PC gescand, de logfile is bijgevoegd.

    Bert
  • jah ik haal hem ook van major greeks maar dit is een directe download van =reiske= :roll:
  • O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
    O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
    O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll

    deze heb je nog vergeten.. :lol: 8)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.