Internet exlorer

Status
Niet open voor verdere reacties.
J

jaikke

Gebruiker
Lid geworden
1 jan 2001
Berichten
507
http://c31318.tdak.com/ Met dit adres start mijn internet steeds op, altijd startpagina.nl standaard geweest
Extra/ Internet opties invullen helpt niet.
Ik wordt er radeloos van, wie helpt mij svp.???
 
Logfile of HijackThis v1.94.0
Scan saved at 21:59:01, on 10-6-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://s32196.tdak.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=c31318.tdak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://s32196.tdak.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://s32196.tdak.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_80.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: BabeIE - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\Program Files\CommonName\Toolbar\BabeIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Zip Driver Loader] C:\WINDOWS\ZipLoad32.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\n-CASE\msbb.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [yrbrv] C:\DOCUME~1\KEESEN~1\APPLIC~1\craeoajy.exe -QuieT
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - javascript:{document.location='http://neosexvideo.com/webmasters/df052/access.htm';}
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://quickfix.chello.nl/sdccommon/download/tgctlins.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - http://www.newtopsites.com/fswinst.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.terra.es/personal9/centuryrules/wrn/mp3_plugin.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37604.0395833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\Software\..\Telephony: DomainName = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{772BF807-6378-4693-BD57-23B93CC1CA65}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E896BA53-42C8-443C-B69F-2EE1888339E7}: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
 
Ik heb in tijden niet zo'n hoop ellende bij elkaar gezien... :rolleyes:

Doe dit:

Download Spybot - Search & Destroy

Eerst klik je links op Online, dan "Search For Updates", en vervolgens alle updates aanvinken en downloaden ( 'download updates').

Nu Internet Explorer afsluiten.

Vervolgens klik je linksonder op "check for problems", laat scannen, en laat SB tenslotte alles verwijderen.
Het programma maakt automatisch backups aan.

Dat hoort al een hoop spyware weg te halen. Post vervolgens een nieuw Hijack This log, zodat we de overgebleven troep kunnen opruimen.

Succes,
 
Nou nou, das nogal wat zeg, ik weet in ieder geval dat deze weg kunnen, aanvinken en op FIX klikken.
Denk dat Pieter hier ook nog wel naar kijkt en de rest er tussen uit plukt.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://s32196.tdak.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=c31318.tdak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://s32196.tdak.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://s32196.tdak.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch

O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_80.dll

O2 - BHO: BabeIE - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\Program Files\CommonName\Toolbar\BabeIE.dll

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll

O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll

O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe

O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\n-CASE\msbb.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df052/access.htm';}

O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm

O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm

O9 - Extra button: Ebates (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName


Er zitten nog meer vage dingen tussen, maar kan ik zo effe niks over vinden.

Handig ook om effe je PC te scannen met SpyBot, hier te downloaden. Installeren, update binnenhalen en scannen, alles wat hij vindt laten verwijderen.
http://security.kolla.de/index.php?lang=en&page=download
 
nternet

Casper , download lukt niet, vraagt om donatie is dat goed??

En jij schrijft dat ik al vele weg kan halen, maar waar doe ik dat, ben een leek.

Alvast bedankt, gaat morgen verder, nu te laat geworden.
 
Volg de instructies van Kleinkramer eerst maar op, is verstandiger:D

Onderaan die pagina kan je downloaden, donatie is niet verplicht.
 
Je had er al flink wat uitgehaald, hoor.

Deze twee zullen in ieder geval handmatig weg moeten:

O4 - HKLM\..\Run: [Zip Driver Loader] C:\WINDOWS\ZipLoad32.exe
O4 - HKLM\..\Run: [yrbrv] C:\DOCUME~1\KEESEN~1\APPLIC~1\craeoajy.exe -QuieT

De eerste is een trojan, en de tweede LOP.

Maar eerst even SpyBot draaien, zou ik zeggen. Dan wordt het wat overzichtelijker.
 
internet

HELPPPP,
Ik heb HIjackTHis gedownload, en een scan gedraaid, alles wat daar in stond heb ik aangevikt en FIX geklikt.
Nu werken vele programma.s niet meer???

WAT NU????
 
Je moet ik niet ALLES aan klikken. Heb je een backup gemaakt? Zo ja, zet die dan terug. Welke Windows heb je trouwens?

Groetjes,
Bennie
 
Start HijackThis op klik op Config > Backups en zet de volgende terug:

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

Norton, DAP, FlashGet en Adobe Acrobat zul je in ieder geval opnieuw moeten installeren.

Waarom heb je alles aangevinkt? :confused:

Groetjes,

Pieter
 
OK, open HIJackThis en ga vervolgens in het programma naar de knop Config (rechtsonderin), ................. Laat maar, Pieter was me al voor :D
 
Geplaatst door Bennie
Je moet ik niet ALLES aan klikken. Heb je een backup gemaakt? Zo ja, zet die dan terug. Welke Windows heb je trouwens?

Groetjes,
Bennie
Klik om te vergroten...

Bennie,

Hij heeft XP, maar zou systeemherstel wel die BHO´s terugbrengen? Met HijackThis gaat dat namelijk niet.

Groetjes,

Pieter
 
In principe zou dat moeten lukken omdat het ook om registerinstellingen gaat. Niet geschoten is altijd misgeschoten....

Groetjes,
Bennie
 
Ok jaikke,

Probeer eerst met systeemherstel terug te gaan naar een tijdtip voordat je met HijackThis alles geFixed hebt.
Liefst nadat je met Spybot hebt gescand, maar als dat niet lukt: je kan niet alles hebben.
Maak dan een nieuw log en plaats dat alleen maar, nog niets Fixen. ;)

Groetjes,

Pieter
 
internet

Pieter Arntz,

Systeemhertsel perfect, alles weer terug, ook mijn eerste probleem weer, maar nu ga ik eerst spybot scannen en daarna zien we weer.

Bedankt
 
Bedank Bennie maar, want ik zou er zelf niet in geloofd hebben. :)
We zien je log wel verschijnen.

Groetjes,

Pieter
 
internet

alles werkt weer, bij deze stuur ik ter kontrole mijn spybot log file , misschien nog wat handmatig vereijderen of is alles goed.,iedereen die meegewerkt heeft aan oplossen van mijn probleem bedank ik via deze weg.

Logfile of HijackThis v1.94.0
Scan saved at 9:50:19, on 14-6-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_80.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zip Driver Loader] C:\WINDOWS\ZipLoad32.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - javascript:{document.location='http://neosexvideo.com/webmasters/df052/access.htm';}
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://quickfix.chello.nl/sdccommon/download/tgctlins.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - http://www.newtopsites.com/fswinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37604.0395833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\Software\..\Telephony: DomainName = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{772BF807-6378-4693-BD57-23B93CC1CA65}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E896BA53-42C8-443C-B69F-2EE1888339E7}: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
 
Hoi jaikke,

Vink de onderstaande items aan in HijackThis, zorg dat alle vensters behalve HijackThis dicht zijn en klik dan op Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.the-exit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_80.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df052/access.htm';}
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - http://www.newtopsites.com/fswinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\Software\..\Telephony: DomainName = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{772BF807-6378-4693-BD57-23B93CC1CA65}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E896BA53-42C8-443C-B69F-2EE1888339E7}: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com

Start daarna opnieuw op en controleer even of ze echt allemaal weg zijn.

Groetjes,

Pieter
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan Onderaan