Vraag & Antwoord

Beveiliging & privacy

hardnekkige spyware

Anoniem
None
26 antwoorden
 • De problemen:
  - hardnekkige startpagina, en bij het doorsurfen naar andere sites telkens op reclamesites terechtkomen. Enkel via verkenner nog fatsoenlijk op net.
  - Downloadsites van spybot, adware, cwshredder, hijackthis gaven ook lastige pagina's zodat de software niet binnen te halen was. De software dan maar via msn doorgestuurd gekregen.
  - Zowel spybot als adware vonden immens veel (circa 400), maar melden tevens dat ze niet alles konden wissen, mogelijk omdat bepaalde programma's in gebruik waren. Cwsshredder vond niets.
  - Spybot toonde ook 'DSO exploit', geen idee wat het is, maar er staat een verwijzing op m@rc z'n site.

  [b:43951aecb8]Logfile of HijackThis v1.99.0[/b:43951aecb8]
  Scan saved at 9:38:18, on 24/12/2004
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\WINNT\System32\rundll32.exe
  d:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  D:\WINNT\System32\P2P Networking\P2P Networking.exe
  D:\WINNT\vtqynxhv.exe
  D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  D:\WINNT\System32\internat.exe
  D:\WINNT\System32\hkeajn.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Documents and Settings\Administrator\Application Data\zu??.exe
  D:\Program Files\ISTsvc\istsvc.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
  O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
  O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
  O4 - HKLM\..\Run: [lite.exe] lite.exe
  O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
  O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
  O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
  O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
  O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
  O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
  O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
  O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
  O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
  O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
  ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
  O4 - HKCU\..\Run: [internat.exe] internat.exe
  O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\zu??.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

  Alvast bedankt,

  Guft. :wink:
 • Scan je PC ook eens met hitman ( www.hitmanpro.nl ).
 • [quote:19cb677b4e="JBS"]Scan je PC ook eens met hitman ( www.hitmanpro.nl ).[/quote:19cb677b4e]
  Leuk bedacht, maar HitmanPro is alleen een verzameling van de programma's die hij al heeft gebruikt.

  In AdAware zit geloof ik een optie "als het geinfecteerde programma in gebruik is, beeindig het dan" en ook nog een optie "sluit Explorer af als dat nodig is".
  Heb je die al geprobeerd?
 • Momentje, :wink:
 • Hallo Guft.

  Ik heb de items maar draai eerst eens een online scan als dat lukt. Liefst zelfs 2.
  bitdefender: http://www.bitdefender.com/scan/licence.php
  Trend micro: http://housecall.trendmicro.com/housecall/start_corp.asp

  Groetjes,
 • [quote:927fa180a5="m021"][quote:927fa180a5="JBS"]Scan je PC ook eens met hitman ( www.hitmanpro.nl ).[/quote:927fa180a5]
  Leuk bedacht, maar HitmanPro is alleen een verzameling van de programma's die hij al heeft gebruikt.

  In AdAware zit geloof ik een optie "als het geinfecteerde programma in gebruik is, beeindig het dan" en ook nog een optie "sluit Explorer af als dat nodig is".
  Heb je die al geprobeerd?[/quote:927fa180a5]
  In Hitman pro zit inderdaad Ad aware en Spybot. Maar het bevat ook nog meer software die hij nog niet gebruikt heeft. Spysweeper bijvoorbeeld, een erg goede anti spyware.
 • Scans zijn door persoon in kwestie uitgevoerd. Omdat tussen dit en het vorige bericht een hele tijdspanne zit, opnieuw spybot en adaware laten draaien.

  Hierbij de recentste log:

  [b:978b94f93b]Logfile of HijackThis v1.99.0[/b:978b94f93b]
  Scan saved at 19:25:34, on 3/01/2005
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\csrss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\WINNT\System32\rundll32.exe
  D:\WINNT\System32\P2P Networking\P2P Networking.exe
  D:\WINNT\vtqynxhv.exe
  D:\WINNT\System32\internat.exe
  D:\WINNT\System32\hkeajn.exe
  D:\Documents and Settings\Administrator\Application Data\ssdp.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\WINNT\explorer.exe
  D:\Program Files\ISTsvc\istsvc.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
  O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
  O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
  O4 - HKLM\..\Run: [lite.exe] lite.exe
  O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
  O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
  O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
  O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
  O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
  O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
  O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
  O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
  O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
  O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
  ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
  O4 - HKLM\..\RunOnce: [AAW] "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
  O4 - HKCU\..\Run: [internat.exe] internat.exe
  O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
  O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
  O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
  O4 - HKLM\..\Run: [lite.exe] lite.exe
  O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
  O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
  O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
  O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
  O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
  O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
  O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
  O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
  O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
  O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
  ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
  O4 - HKLM\..\RunOnce: [AAW] "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
  O4 - HKCU\..\Run: [internat.exe] internat.exe
  O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

  Alvast bedankt,

  Guft. :wink:
 • Ga naar start –> software –> configuratiescherm en deinstalleer:
  new.net
  newdotnet

  Herstart en plaats een nieuwe log,
 • Newdotnet niet gevonden.

  Nieuwe log:

  [b:bb633262cb]Logfile of HijackThis v1.99.0[/b:bb633262cb]
  Scan saved at 22:17:00, on 3/01/2005
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  d:\documents and settings\administrator\local settings\temp\VGrhoY.exe
  D:\WINNT\System32\P2P Networking\P2P Networking.exe
  D:\WINNT\vtqynxhv.exe
  D:\documents and settings\administrator\local settings\temp\VGrhoY.exe
  D:\WINNT\System32\internat.exe
  D:\WINNT\System32\hkeajn.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Program Files\ISTsvc\istsvc.exe
  D:\Documents and Settings\Administrator\Application Data\zu??.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
  O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
  O4 - HKLM\..\Run: [lite.exe] lite.exe
  O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
  O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
  O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
  O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
  O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
  O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
  O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
  O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
  O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
  ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
  O4 - HKLM\..\Run: [VGrhoY] D:\documents and settings\administrator\local settings\temp\VGrhoY.exe
  O4 - HKCU\..\Run: [internat.exe] internat.exe
  O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\zu??.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

  Alvast bedankt,

  Guft. :wink:
 • Er staan nogal wat problemen in het log.

  Ga naar start -> configuratiescherm -> software en verwijder indien mogelijk:
  istbar
  P2P Networking

  Scan nog een keer met hijackthis vink onderstaande aan, sluit alle vensters en klik op fix checked

  [b:515acc1a28]
  R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
  O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
  O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
  O4 - HKLM\..\Run: [lite.exe] lite.exe
  O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
  O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
  O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
  O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
  O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
  O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
  O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
  O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
  O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
  ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
  O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
  O4 - HKLM\..\Run: [VGrhoY] D:\documents and settings\administrator\local settings\temp\VGrhoY.exe
  O4 - HKCU\..\Run: [internat.exe] internat.exe
  O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe

  [/b:515acc1a28]

  herstart naar veilige modus en laat alle verborgen bestanden weergeven, verwijder indien aanwezig deze:


  D:\Program Files\ISTsvc <= deze map
  D:\Program Files\eSyndicate <= deze map
  D:\WINNT\vtqynxhv.exe
  D:\WINNT\System32\hkeajn.exe

  De volgende bestanden zoeken en verwijderen, mogelijk in D:\WINNT of D:\WINNT\System32
  Aqua.exe
  lite.exe
  vnmispoisn_downloader.exe
  internat.exe

  Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%.
  Selecteer alle bestanden in deze map en verwijder ze

  Herstart je computer en maak een nieuw log

  Sjaak
 • Vooreerst excuses voor het late uitvoeren van de instructies. Ik weet dat dat bij spywareproblemen niet ideaal is, maar het betreft hier niet mijn eigen pc, en de persoon in kwestie is niet van de snelste :-? .

  [b:9a0549643d]Logfile of HijackThis v1.99.0[/b:9a0549643d]
  Scan saved at 16:12:05, on 9/01/2005
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\WINNT\System32\P2P Networking\P2P Networking.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Documents and Settings\Administrator\Application Data\ssdp.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 • Er moet toch nog wel wat opgeruimd worden:

  Plaats het programma Hijackthis in een aparte folder bijv. D:\Hijackthis

  Herstart naar veilige modus voordat je met hijackthis bezig gaat.

  Ga naar start -> configuratiescherm -> software en verwijder indien mogelijk:
  istbar

  Fix dan volgende items:
  [b:ce2a9d41ef]O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
  O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  [/b:ce2a9d41ef]

  Verwijder de volgende bestanden:
  D:\WINNT\System32\P2P Networking <= hele directory
  D:\Program Files\ISTsvc <= hele directory
  D:\WINNT\System32\ldjea.dll
  D:\WINNT\vtqynxhv.exe
  D:\Documents and Settings\Administrator\Application Data\ssdp.exe

  Sjaak
 • Weeral behoorlijk laat :oops: .

  [b:04d164cad9]Logfile of HijackThis v1.99.0[/b:04d164cad9]
  Scan saved at 18:26:47, on 11/01/2005
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

  bedankt,

  Guft. :wink:
 • Scan nog een keer en vink deze aan:
  [list:c8cf115da2][b:c8cf115da2]O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe[/b:c8cf115da2][/list:u:c8cf115da2]
  Sluit alle vensters en kies fix checked.

  laat alle verborgen bestanden weergeven: http://www.spyware-politie.nl/Zichtbaar_maken_verborgen_bestanden.htm
  Herstart naar veilige modus: http://www.spyware-politie.nl/start_safemode_windows.htm

  Verwijder nu de dikgedrukte items (mappen incl inhoud tenzij anders aangegeven):
  D:\Program Files\[b:c8cf115da2]ISTsvc[/b:c8cf115da2]
  D:\WINNT\[b:c8cf115da2]vtqynxhv.exe[/b:c8cf115da2]

  Herstart en draai meteen een nieuw logje als dat kan, plaats dat hier.
 • Persoon heeft de 'map' en 'bestand' niet gevonden…

  [b:2677f201f4]Logfile of HijackThis v1.99.0[/b:2677f201f4]
  Scan saved at 19:08:43, on 11/01/2005
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 • Het is weer terug, of hij kijkt met zijn ogen dicht of er zit nog iets anders. Post eens een opstartlijst met hijackthis.
  (config —> misc tools —> generate startuplistlog)
 • Fix deze lijn terug in hijackthis:

  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe

  Open kladblok en kopieer en plak volgende erin:

  [code:1:a4030e6625]REGEDIT4

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe"=-[/code:1:a4030e6625]

  Sla dit op als [b:a4030e6625]fix.reg[/b:a4030e6625] en dubbelklik erop.
  Dit zou moeten volstaan.
 • hardnekkig karakter. Fix.reg hielp blijkbaar niet want log lijkt me niet veel veranderd. Startuplist staat er ook bij.

  [b:363fc22f07]Logfile of HijackThis v1.99.0[/b:363fc22f07]
  Scan saved at 22:36:31, on 11/01/2005
  Platform: Windows 2000 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
  O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
  O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
  O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


  ———————————

  StartupList report, 11/01/2005, 22:42:42
  StartupList version: 1.52.2
  Started from : D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.EXE
  Detected: Windows 2000 (WinNT 5.00.2195)
  Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  * Using default options
  ==================================================

  Running processes:

  D:\WINNT\System32\smss.exe
  D:\WINNT\system32\winlogon.exe
  D:\WINNT\system32\services.exe
  D:\WINNT\system32\lsass.exe
  D:\WINNT\system32\svchost.exe
  D:\WINNT\System32\svchost.exe
  D:\WINNT\system32\spoolsv.exe
  D:\Program Files\Norton AntiVirus\navapsvc.exe
  D:\WINNT\system32\regsvc.exe
  D:\WINNT\system32\MSTask.exe
  D:\WINNT\System32\WBEM\WinMgmt.exe
  D:\WINNT\Explorer.exe
  D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  D:\Program Files\Real\RealPlayer\RealPlay.exe
  D:\WINNT\loadqm.exe
  D:\PROGRA~1\NORTON~1\navapw32.exe
  D:\Program Files\Ahead\InCD\InCD.exe
  D:\Program Files\QuickTime\qttask.exe
  D:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

  ————————————————–

  Listing of startup folders:

  Shell folders Common Startup:
  [D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
  Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

  ————————————————–

  Checking Windows NT UserInit:

  [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  UserInit = D:\WINNT\system32\userinit.exe,

  ————————————————–

  Autorun entries from Registry:
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  Synchronization Manager = mobsync.exe /logon
  LVCOMS = D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
  RealTray = D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  LoadQM = loadqm.exe
  NAV Agent = D:\PROGRA~1\NORTON~1\navapw32.exe
  NeroCheck = D:\WINNT\System32\\NeroCheck.exe
  InCD = D:\Program Files\Ahead\InCD\InCD.exe
  QuickTime Task = "D:\Program Files\QuickTime\qttask.exe" -atboottime
  oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe = D:\WINNT\vtqynxhv.exe

  ————————————————–

  Autorun entries from Registry:
  HKCU\Software\Microsoft\Windows\CurrentVersion\Run

  msnmsgr = "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

  ————————————————–

  Shell & screensaver key from D:\WINNT\SYSTEM.INI:

  Shell=*INI section not found*
  SCRNSAVE.EXE=*INI section not found*
  drivers=*INI section not found*

  Shell & screensaver key from Registry:

  Shell=Explorer.exe
  SCRNSAVE.EXE=D:\WINNT\System32\ssstars.scr
  drivers=*Registry value not found*

  Policies Shell key:

  HKCU\..\Policies: Shell=*Registry key not found*
  HKLM\..\Policies: Shell=*Registry value not found*

  ————————————————–


  Enumerating Browser Helper Objects:

  (no name) - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
  (no name) - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
  NAV Helper - D:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

  ————————————————–

  Enumerating Task Scheduler jobs:

  Symantec NetDetect.job
  Norton AntiVirus - Mijn computer scannen.job

  ————————————————–

  Enumerating Download Program Files:

  [Checkers Class]
  InProcServer32 = D:\WINNT\Downloaded Program Files\msgrchkr.dll
  CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

  [QuickTime Object]
  InProcServer32 = D:\Program Files\QuickTime\QTPlugin.ocx
  CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

  [Minesweeper Flags Class]
  InProcServer32 = D:\WINNT\Downloaded Program Files\minesweeper.dll
  CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab

  [HouseCall Besturing]
  InProcServer32 = D:\WINNT\DOWNLO~1\xscan53.ocx
  CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

  [AvxScanOnline Control]
  InProcServer32 = D:\WINNT\DOWNLO~1\BITDEF~1.OCX
  CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

  [MessengerStatsClient Class]
  InProcServer32 = D:\WINNT\Downloaded Program Files\messengerstatsclient.dll
  CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab

  [Update Class]
  InProcServer32 = D:\WINNT\System32\iuctl.dll
  CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.3768518519

  [MsnMessengerSetupDownloadControl Class]
  InProcServer32 = D:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
  CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

  [MSN Photo Upload Tool]
  InProcServer32 = D:\WINNT\Downloaded Program Files\MsnPUpld.dll
  CODEBASE = http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

  [Shockwave Flash Object]
  InProcServer32 = D:\WINNT\System32\macromed\flash\Flash.ocx
  CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

  [{DDF44FD9-749F-4761-89BB-E8A59339E459}]
  InProcServer32 = D:\WINNT\System32\LiveService_9.dll
  CODEBASE = http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab

  [Solitaire Showdown Class]
  InProcServer32 = D:\WINNT\Downloaded Program Files\solitaireshowdown.dll
  CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

  [{F72BC3F0-6C20-4793-9DDA-258589D8A907}]
  InProcServer32 = D:\WINNT\System32\netslv32.dll
  CODEBASE = http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab

  ————————————————–

  Enumerating ShellServiceObjectDelayLoad items:

  Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll
  WebCheck: D:\WINNT\System32\webcheck.dll
  SysTray: stobject.dll

  ————————————————–
  End of report, 6.719 bytes
  Report generated in 0,110 seconds

  Command line options:
  /verbose - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full - to include several rarely-important sections
  /force9x - to include Win9x-only startups even if running on WinNT
  /forcent - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history - to list version history only


  Alvast bedankt,
  Guft :wink:
 • Kan zijn… waarschijnlijk wordt de sleutel hier niet goed weergegeven.

  Ga naar start > uitvoeren en kopieer in het veld:

  [code:1:b8f9dc1f86]regedit /e D:\regkey.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"[/code:1:b8f9dc1f86]

  Je zal volgend bestand (regkey.reg) daarna op je D:\ zien staan..
  Wil je dit dan even zippen en naar me doorsturen?
  miekiemoesATbluemedicine.be (AT=@)
 • Platform: Windows 2000 (WinNT 5.00.2195)


  Service Pack 4 is al een tijdje uit…

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.