Whazit

[WalterB]

Hallo,

ik heb ook de Whazit-startpagina gevonden (overigs niet op mijn eigen computer) en wil hem graag verwijderen. Ik heb ad-aware en Spybot al gedraait en vervolgens hijackthis gebruikt. Dit is de logfile. kan iemand mij nu verder helpen. Alvast bedankt.

gr.,

W!

Logfile of HijackThis v1.94.0
Scan saved at 22:36:13, on 11-6-2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://home.whazit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://home.whazit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://home.whazit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://search.whazit.com/ass.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://home.whazit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://home.whazit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina=file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000} - C:\WINDOWS.000\EFMCNFYU.DLL
O3 - Toolbar: Whazit Toolbar - {C9176930-9C9F-4cba-9723-0F58C3E7CED6} - C:\WINDOWS.000\RGJWOYFH.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [notepad lptt01] "C:\Program Files\wndows\notepad.exe"
O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
O4 - HKLM\..\Run: [MS-Connect] C:\WINDOWS.000\SYSTEM\CDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Plus.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zaplus.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexyworlds.nl/pr/231/plugin/plugin.exe
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {C87158C1-3C5B-4EE4-B87F-3457C83BC4CE} (Fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37638.5669560185
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {1F20CF42-B381-4181-8C2A-A389B1022E6E} (Dialer.Class1) - http://www.ipxs.nl/php/fundate.CAB
O16 - DPF: {4580026C-022A-4FDA-87BC-EDA848D0B7A6} (PKey Class) - http://66.51.29.59/ctavp.cab
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - http://bins.whazit.com/cerials/downloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = chello.nl

 

[Caspar107]

Vink de volgende aan en klik op FIX

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://home.whazit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://home.whazit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://home.whazit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://search.whazit.com/ass.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://home.whazit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://home.whazit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina=file:///C:/Program%20Files/MS-Connect/Portal/portal.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000} - C:\WINDOWS.000\EFMCNFYU.DLL
O3 - Toolbar: Whazit Toolbar - {C9176930-9C9F-4cba-9723-0F58C3E7CED6} - C:\WINDOWS.000\RGJWOYFH.DLL

O4 - HKLM\..\Run: [MS-Connect] C:\WINDOWS.000\SYSTEM\CDM.EXE

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexyworlds.nl/pr/231/plugin/plugin.exe
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {C87158C1-3C5B-4EE4-B87F-3457C83BC4CE} (Fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - http://bins.whazit.com/cerials/downloader.cab

 

[Kleinkramer]

EERST het volgende:

Je hebt de nieuwste versie van RapidBlaster, en die verandert waar je bij staat: http://www.wilderssecurity.net/specialinfo/rapidblaster.html

Je hebt deze variant:

O4 - HKLM\..\Run: [notepad lptt01] "C:\Program Files\wndows\notepad.exe"

Allereerst download je deze RapidBlaster killer: http://www.wilderssecurity.net/downloads/rbkiller.exe

Klik op Scan. Hij zoekt dan vanzelf alle RapidBlaster processen op, en je kunt die met een druk op de knop laten verwijderen.

Pas daarná Hijack This draaien.

 

[WalterB]

Alvast bedankt

Hoi caspar en Kleinkamer,

Alvast bedankt voor jullie medewerking, zodra ik weer achter die computer zit, zal ik jullie aanwijzingen uitvoeren.

gr.,

Walter