Nieuwe werkbalk IE

Status
Niet open voor verdere reacties.
Z

Zleek

Gebruiker
Lid geworden
4 jan 2001
Berichten
308
Hi,

Een vriendin van me heeft ook opeens een mooie nieuwe werkbalk in IE. Hieronder de scan van Hijack.

Logfile of HijackThis v1.94.0
Scan saved at 19:14:51, on 20-6-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://l24460.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://l24460.find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.proteus.tudelft.nl/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://l24460.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://l24460.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://l24460.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://l24460.find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME1.DLL
O2 - BHO: (no name) - {f9a7fd45-870e-47b3-b607-16d64fe9e578} - C:\DOCUME~1\lisette\APPLIC~1\iewblcgraou.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ckngcquoatr - {add4f5f7-c245-4e99-8be3-7b1a4ae0c3dd} - C:\DOCUME~1\lisette\APPLIC~1\iewblcgraou.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [drgraw] C:\DOCUME~1\lisette\APPLIC~1\quckxmoa.exe -QuieT
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = B23621.find-quick.com
O17 - HKLM\Software\..\Telephony: DomainName = B23621.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01521E9F-D13B-4276-9222-B00A28010666}: Domain = B23621.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{07579651-168D-4D7C-8839-9EF236FDC0AB}: Domain = B23621.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{72A2BF17-780B-4077-A94C-EFD2C1E257F1}: Domain = B23621.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = B23621.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{01521E9F-D13B-4276-9222-B00A28010666}: Domain = B23621.find-quick.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = B23621.find-quick.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{01521E9F-D13B-4276-9222-B00A28010666}: Domain = B23621.find-quick.com

Welke moet ik weghalen?

Alvast bedankt.
 
Laat Hijackthis de volgende items fixen. Sluit alle browservensters.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://l24460.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://l24460.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://l24460.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://l24460.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://l24460.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://l24460.find-quick.com/searchbar.html
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME1.DLL
O2 - BHO: (no name) - {f9a7fd45-870e-47b3-b607-16d64fe9e578} - C:\DOCUME~1\lisette\APPLIC~1\iewblcgraou.dll
O3 - Toolbar: ckngcquoatr - {add4f5f7-c245-4e99-8be3-7b1a4ae0c3dd} - C:\DOCUME~1\lisette\APPLIC~1\iewblcgraou.dll
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = B23621.find-quick.com
O17 - HKLM\Software\..\Telephony: DomainName = B23621.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01521E9F-D13B-4276-9222-B00A28010666}: Domain = B23621.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{07579651-168D-4D7C-8839-9EF236FDC0AB}: Domain = B23621.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{72A2BF17-780B-4077-A94C-EFD2C1E257F1}: Domain = B23621.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = B23621.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{01521E9F-D13B-4276-9222-B00A28010666}: Domain = B23621.find-quick.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = B23621.find-quick.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{01521E9F-D13B-4276-9222-B00A28010666}: Domain = B23621.find-quick.com

Start ná het fixen de PC opnieuw op.

Download daarna Spybot:
http://security.kolla.de/index.php?lang=en&page=download

Update eerst het programma en laat het programma alsnog scannen voor Spyware.

Groetjes,
Bennie
 
Deze moet je ook laten fixen:

O4 - HKLM\..\Run: [drgraw] C:\DOCUME~1\lisette\APPLIC~1\quckxmoa.exe -QuieT

Na opnieuw opstarten even het bestand C:\Documenten en Instellingen\lisette\Application Data\quckxmoa.exe wissen.

Het behoort ook toe aan de LOP Adware: http://www.doxdesk.com/parasite/lop.html
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan Onderaan