Vraag & Antwoord

Beveiliging & privacy

Logfile HijackThis spyware MxTarget

Anoniem
Kesselnaar
11 antwoorden
 • Hallo allemaal, wie kan mij s.v.p. helpen met het definitief verwijderen van spyware MxTarget. Ik heb deze verscheidene malen verwijders met Ad-Aware SE en Spybot, maar telkens bij het aanzetten van de computer installeert hij zich vanzelf weer! De Ad-Ons van Ad-Aware Se VX2 Cleaner werkt ook niet.

  Logfile of HijackThis v1.98.0
  Scan saved at 9:47:30, on 25-8-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Dantz\Retrospect\retrorun.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\WINDOWS\System32\tcpsvcs.exe
  C:\WINDOWS\System32\snmp.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\carpserv.exe
  C:\WINDOWS\System32\zqlyxm.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\SpywareGuard\sgmain.exe
  C:\Program Files\SpywareGuard\sgbhp.exe
  C:\WINDOWS\system32\ntvdm.exe
  C:\Sijsteembeheer\HijackThis\HijackThis.exe
  C:\Program Files\Messenger\msmsgs.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computertotaal.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = reg.planet.nl;<local>
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
  O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
  O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKLM\..\Run: [bsjwcldicwncx] C:\WINDOWS\System32\zqlyxm.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
  O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} -
  O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
  O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
  O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
  O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} -
  O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
  O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} -
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Galjoen.local
  O17 - HKLM\Software\..\Telephony: DomainName = Galjoen.local
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Galjoen.local
  O20 - AppInit_DLLs: NVDESK32.DLL
 • er is al een nieuwere versie van hijackthis 1.98.2 maar ik zal er even naar kijken.. 8)
 • [quote:6ab0d77a6b]O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)

  O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll


  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

  O4 - HKLM\..\Run: [CARPService] carpserv.exe

  O4 - HKLM\..\Run: [bsjwcldicwncx] C:\WINDOWS\System32\zqlyxm.exe

  O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll

  O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll[/quote:6ab0d77a6b]
  ik heb dit eruit gehaald maar reiske is een expert erin dus vraag hem nog eens te checken en post je nieuwe 1.98.2 log 8)
 • Bedankt ik heb inmiddels HijackThis v.1.98.2 gedownload.

  Logfile of HijackThis v1.98.2
  Scan saved at 15:37:49, on 25-8-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Dantz\Retrospect\retrorun.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\WINDOWS\System32\tcpsvcs.exe
  C:\WINDOWS\System32\snmp.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\carpserv.exe
  C:\WINDOWS\System32\zqlyxm.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\SpywareGuard\sgmain.exe
  C:\Program Files\SpywareGuard\sgbhp.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\Sijsteembeheer\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computertotaal.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = reg.planet.nl;<local>
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
  O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
  O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKLM\..\Run: [bsjwcldicwncx] C:\WINDOWS\System32\zqlyxm.exe
  O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
  O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} -
  O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
  O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
  O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
  O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} -
  O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
  O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} -
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Galjoen.local
  O17 - HKLM\Software\..\Telephony: DomainName = Galjoen.local
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Galjoen.local :D
 • Graag zou ik weten op welke site Hijackthis is te downloaden. Ik krijg alleen een website waarop is vermeld dat tijdelijk niet is te downloaden.

  m.v.g.
  Bert
 • [quote:4223b5078b="G.C. Severijn"]Graag zou ik weten op welke site Hijackthis is te downloaden. Ik krijg alleen een website waarop is vermeld dat tijdelijk niet is te downloaden.

  m.v.g.
  Bert[/quote:4223b5078b]
  hierzo.. http://computercops.biz/downloads-file-328.html
 • Hallo Bert,

  Ik heb deze gedownload op:

  http://www.majorgeeks.com/download3155.html

  m.vr.gr.
 • :D
 • Hartelijk dank, ik heb de site gevonden en de PC gescand, de logfile is bijgevoegd.

  Bert
 • jah ik haal hem ook van major greeks maar dit is een directe download van =reiske= :roll:
 • O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
  O3 - Toolbar: KvK Toolbar - {F18D4965-532F-4907-A55F-7406218BF861} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O9 - Extra button: KvK - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll
  O9 - Extra 'Tools' menuitem: KvK Toolbar - {CEA35E49-7296-42ff-99EA-8392CACBB7AC} - C:\Program Files\Jaytown\KvK Toolbar\KvKShell.dll

  deze heb je nog vergeten.. :lol: 8)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.