Vraag & Antwoord

Beveiliging & privacy

hardnekkige spyware

Anoniem
None
26 antwoorden
  • De problemen:
    - hardnekkige startpagina, en bij het doorsurfen naar andere sites telkens op reclamesites terechtkomen. Enkel via verkenner nog fatsoenlijk op net.
    - Downloadsites van spybot, adware, cwshredder, hijackthis gaven ook lastige pagina's zodat de software niet binnen te halen was. De software dan maar via msn doorgestuurd gekregen.
    - Zowel spybot als adware vonden immens veel (circa 400), maar melden tevens dat ze niet alles konden wissen, mogelijk omdat bepaalde programma's in gebruik waren. Cwsshredder vond niets.
    - Spybot toonde ook 'DSO exploit', geen idee wat het is, maar er staat een verwijzing op m@rc z'n site.

    [b:43951aecb8]Logfile of HijackThis v1.99.0[/b:43951aecb8]
    Scan saved at 9:38:18, on 24/12/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\WINNT\System32\rundll32.exe
    d:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    D:\WINNT\System32\P2P Networking\P2P Networking.exe
    D:\WINNT\vtqynxhv.exe
    D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    D:\WINNT\System32\internat.exe
    D:\WINNT\System32\hkeajn.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator\Application Data\zu??.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
    O4 - HKLM\..\Run: [lite.exe] lite.exe
    O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
    O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
    O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
    O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
    O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
    O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
    O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
    ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\zu??.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    Alvast bedankt,

    Guft. :wink:
  • Scan je PC ook eens met hitman ( www.hitmanpro.nl ).
  • [quote:19cb677b4e="JBS"]Scan je PC ook eens met hitman ( www.hitmanpro.nl ).[/quote:19cb677b4e]
    Leuk bedacht, maar HitmanPro is alleen een verzameling van de programma's die hij al heeft gebruikt.

    In AdAware zit geloof ik een optie "als het geinfecteerde programma in gebruik is, beeindig het dan" en ook nog een optie "sluit Explorer af als dat nodig is".
    Heb je die al geprobeerd?
  • Momentje, :wink:
  • Hallo Guft.

    Ik heb de items maar draai eerst eens een online scan als dat lukt. Liefst zelfs 2.
    bitdefender: http://www.bitdefender.com/scan/licence.php
    Trend micro: http://housecall.trendmicro.com/housecall/start_corp.asp

    Groetjes,
  • [quote:927fa180a5="m021"][quote:927fa180a5="JBS"]Scan je PC ook eens met hitman ( www.hitmanpro.nl ).[/quote:927fa180a5]
    Leuk bedacht, maar HitmanPro is alleen een verzameling van de programma's die hij al heeft gebruikt.

    In AdAware zit geloof ik een optie "als het geinfecteerde programma in gebruik is, beeindig het dan" en ook nog een optie "sluit Explorer af als dat nodig is".
    Heb je die al geprobeerd?[/quote:927fa180a5]
    In Hitman pro zit inderdaad Ad aware en Spybot. Maar het bevat ook nog meer software die hij nog niet gebruikt heeft. Spysweeper bijvoorbeeld, een erg goede anti spyware.
  • Scans zijn door persoon in kwestie uitgevoerd. Omdat tussen dit en het vorige bericht een hele tijdspanne zit, opnieuw spybot en adaware laten draaien.

    Hierbij de recentste log:

    [b:978b94f93b]Logfile of HijackThis v1.99.0[/b:978b94f93b]
    Scan saved at 19:25:34, on 3/01/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\csrss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\WINNT\System32\rundll32.exe
    D:\WINNT\System32\P2P Networking\P2P Networking.exe
    D:\WINNT\vtqynxhv.exe
    D:\WINNT\System32\internat.exe
    D:\WINNT\System32\hkeajn.exe
    D:\Documents and Settings\Administrator\Application Data\ssdp.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\WINNT\explorer.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
    O4 - HKLM\..\Run: [lite.exe] lite.exe
    O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
    O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
    O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
    O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
    O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
    O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
    O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
    ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\RunOnce: [AAW] "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
    O4 - HKLM\..\Run: [lite.exe] lite.exe
    O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
    O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
    O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
    O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
    O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
    O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
    O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
    ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\RunOnce: [AAW] "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    Alvast bedankt,

    Guft. :wink:
  • Ga naar start –> software –> configuratiescherm en deinstalleer:
    new.net
    newdotnet

    Herstart en plaats een nieuwe log,
  • Newdotnet niet gevonden.

    Nieuwe log:

    [b:bb633262cb]Logfile of HijackThis v1.99.0[/b:bb633262cb]
    Scan saved at 22:17:00, on 3/01/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    d:\documents and settings\administrator\local settings\temp\VGrhoY.exe
    D:\WINNT\System32\P2P Networking\P2P Networking.exe
    D:\WINNT\vtqynxhv.exe
    D:\documents and settings\administrator\local settings\temp\VGrhoY.exe
    D:\WINNT\System32\internat.exe
    D:\WINNT\System32\hkeajn.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\ISTsvc\istsvc.exe
    D:\Documents and Settings\Administrator\Application Data\zu??.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
    O4 - HKLM\..\Run: [lite.exe] lite.exe
    O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
    O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
    O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
    O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
    O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
    O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
    O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
    O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
    ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [VGrhoY] D:\documents and settings\administrator\local settings\temp\VGrhoY.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\zu??.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    Alvast bedankt,

    Guft. :wink:
  • Er staan nogal wat problemen in het log.

    Ga naar start -> configuratiescherm -> software en verwijder indien mogelijk:
    istbar
    P2P Networking

    Scan nog een keer met hijackthis vink onderstaande aan, sluit alle vensters en klik op fix checked

    [b:515acc1a28]
    R3 - URLSearchHook: (no name) - {A6B4DDBD-F68E-02A7-7953-EE906B2253B7} - (no file)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - D:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
    O4 - HKLM\..\Run: [istinstall_zazzer.exe] istinstall_zazzer.exe
    O4 - HKLM\..\Run: [lite.exe] lite.exe
    O4 - HKLM\..\Run: [vnmispoisn_downloader.exe] vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
    O4 - HKLM\..\Run: [hwkVI] D:\documents and settings\administrator\local settings\temp\hwkVI.exe
    O4 - HKLM\..\Run: [F40ZhE] D:\documents and settings\administrator\local settings\temp\F40ZhE.exe
    O4 - HKLM\..\Run: [3h] D:\documents and settings\administrator\local settings\temp\3h.exe
    O4 - HKLM\..\Run: [CdwXcoYJ] D:\documents and settings\administrator\local settings\temp\CdwXcoYJ.exe
    O4 - HKLM\..\Run: [3XX] D:\documents and settings\administrator\local settings\temp\3XX.exe
    O4 - HKLM\..\Run: [bkE] D:\documents and settings\administrator\local settings\temp\bkE.exe
    O4 - HKLM\..\Run: [orl251] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [¢‰¸ÓÝ4‚’È
    ¤Á<ÉoUD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKLM\..\Run: [c8ZTN] D:\documents and settings\administrator\local settings\temp\c8ZTN.exe
    O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [VGrhoY] D:\documents and settings\administrator\local settings\temp\VGrhoY.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Gfu] D:\WINNT\System32\hkeajn.exe

    [/b:515acc1a28]

    herstart naar veilige modus en laat alle verborgen bestanden weergeven, verwijder indien aanwezig deze:


    D:\Program Files\ISTsvc <= deze map
    D:\Program Files\eSyndicate <= deze map
    D:\WINNT\vtqynxhv.exe
    D:\WINNT\System32\hkeajn.exe

    De volgende bestanden zoeken en verwijderen, mogelijk in D:\WINNT of D:\WINNT\System32
    Aqua.exe
    lite.exe
    vnmispoisn_downloader.exe
    internat.exe

    Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%.
    Selecteer alle bestanden in deze map en verwijder ze

    Herstart je computer en maak een nieuw log

    Sjaak
  • Vooreerst excuses voor het late uitvoeren van de instructies. Ik weet dat dat bij spywareproblemen niet ideaal is, maar het betreft hier niet mijn eigen pc, en de persoon in kwestie is niet van de snelste :-? .

    [b:9a0549643d]Logfile of HijackThis v1.99.0[/b:9a0549643d]
    Scan saved at 16:12:05, on 9/01/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\WINNT\System32\P2P Networking\P2P Networking.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator\Application Data\ssdp.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • Er moet toch nog wel wat opgeruimd worden:

    Plaats het programma Hijackthis in een aparte folder bijv. D:\Hijackthis

    Herstart naar veilige modus voordat je met hijackthis bezig gaat.

    Ga naar start -> configuratiescherm -> software en verwijder indien mogelijk:
    istbar

    Fix dan volgende items:
    [b:ce2a9d41ef]O2 - BHO: (no name) - {1ADE6F53-C666-69F6-8756-66550ED22A1B} - D:\WINNT\System32\ldjea.dll
    O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKCU\..\Run: [Uost] D:\Documents and Settings\Administrator\Application Data\ssdp.exe
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    [/b:ce2a9d41ef]

    Verwijder de volgende bestanden:
    D:\WINNT\System32\P2P Networking <= hele directory
    D:\Program Files\ISTsvc <= hele directory
    D:\WINNT\System32\ldjea.dll
    D:\WINNT\vtqynxhv.exe
    D:\Documents and Settings\Administrator\Application Data\ssdp.exe

    Sjaak
  • Weeral behoorlijk laat :oops: .

    [b:04d164cad9]Logfile of HijackThis v1.99.0[/b:04d164cad9]
    Scan saved at 18:26:47, on 11/01/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    bedankt,

    Guft. :wink:
  • Scan nog een keer en vink deze aan:
    [list:c8cf115da2][b:c8cf115da2]O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe[/b:c8cf115da2][/list:u:c8cf115da2]
    Sluit alle vensters en kies fix checked.

    laat alle verborgen bestanden weergeven: http://www.spyware-politie.nl/Zichtbaar_maken_verborgen_bestanden.htm
    Herstart naar veilige modus: http://www.spyware-politie.nl/start_safemode_windows.htm

    Verwijder nu de dikgedrukte items (mappen incl inhoud tenzij anders aangegeven):
    D:\Program Files\[b:c8cf115da2]ISTsvc[/b:c8cf115da2]
    D:\WINNT\[b:c8cf115da2]vtqynxhv.exe[/b:c8cf115da2]

    Herstart en draai meteen een nieuw logje als dat kan, plaats dat hier.
  • Persoon heeft de 'map' en 'bestand' niet gevonden…

    [b:2677f201f4]Logfile of HijackThis v1.99.0[/b:2677f201f4]
    Scan saved at 19:08:43, on 11/01/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • Het is weer terug, of hij kijkt met zijn ogen dicht of er zit nog iets anders. Post eens een opstartlijst met hijackthis.
    (config —> misc tools —> generate startuplistlog)
  • Fix deze lijn terug in hijackthis:

    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe

    Open kladblok en kopieer en plak volgende erin:

    [code:1:a4030e6625]REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe"=-[/code:1:a4030e6625]

    Sla dit op als [b:a4030e6625]fix.reg[/b:a4030e6625] en dubbelklik erop.
    Dit zou moeten volstaan.
  • hardnekkig karakter. Fix.reg hielp blijkbaar niet want log lijkt me niet veel veranderd. Startuplist staat er ook bij.

    [b:363fc22f07]Logfile of HijackThis v1.99.0[/b:363fc22f07]
    Scan saved at 22:36:31, on 11/01/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksjherentals.tk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\vtqynxhv.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
    O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


    ———————————

    StartupList report, 11/01/2005, 22:42:42
    StartupList version: 1.52.2
    Started from : D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.EXE
    Detected: Windows 2000 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\Explorer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINNT\loadqm.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator\Bureaublad\Spyware\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Common Startup:
    [D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = D:\WINNT\system32\userinit.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Synchronization Manager = mobsync.exe /logon
    LVCOMS = D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    RealTray = D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    LoadQM = loadqm.exe
    NAV Agent = D:\PROGRA~1\NORTON~1\navapw32.exe
    NeroCheck = D:\WINNT\System32\\NeroCheck.exe
    InCD = D:\Program Files\Ahead\InCD\InCD.exe
    QuickTime Task = "D:\Program Files\QuickTime\qttask.exe" -atboottime
    oÈ80+¿ÔÇè]lú*àaÍžéaD:\Program Files\ISTsvc\istsvc.exe = D:\WINNT\vtqynxhv.exe

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

    ————————————————–

    Shell & screensaver key from D:\WINNT\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=D:\WINNT\System32\ssstars.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–


    Enumerating Browser Helper Objects:

    (no name) - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    NAV Helper - D:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    ————————————————–

    Enumerating Task Scheduler jobs:

    Symantec NetDetect.job
    Norton AntiVirus - Mijn computer scannen.job

    ————————————————–

    Enumerating Download Program Files:

    [Checkers Class]
    InProcServer32 = D:\WINNT\Downloaded Program Files\msgrchkr.dll
    CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

    [QuickTime Object]
    InProcServer32 = D:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Minesweeper Flags Class]
    InProcServer32 = D:\WINNT\Downloaded Program Files\minesweeper.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab

    [HouseCall Besturing]
    InProcServer32 = D:\WINNT\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    [AvxScanOnline Control]
    InProcServer32 = D:\WINNT\DOWNLO~1\BITDEF~1.OCX
    CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

    [MessengerStatsClient Class]
    InProcServer32 = D:\WINNT\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab

    [Update Class]
    InProcServer32 = D:\WINNT\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.3768518519

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = D:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    [MSN Photo Upload Tool]
    InProcServer32 = D:\WINNT\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

    [Shockwave Flash Object]
    InProcServer32 = D:\WINNT\System32\macromed\flash\Flash.ocx
    CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

    [{DDF44FD9-749F-4761-89BB-E8A59339E459}]
    InProcServer32 = D:\WINNT\System32\LiveService_9.dll
    CODEBASE = http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab

    [Solitaire Showdown Class]
    InProcServer32 = D:\WINNT\Downloaded Program Files\solitaireshowdown.dll
    CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

    [{F72BC3F0-6C20-4793-9DDA-258589D8A907}]
    InProcServer32 = D:\WINNT\System32\netslv32.dll
    CODEBASE = http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll
    WebCheck: D:\WINNT\System32\webcheck.dll
    SysTray: stobject.dll

    ————————————————–
    End of report, 6.719 bytes
    Report generated in 0,110 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    Alvast bedankt,
    Guft :wink:
  • Kan zijn… waarschijnlijk wordt de sleutel hier niet goed weergegeven.

    Ga naar start > uitvoeren en kopieer in het veld:

    [code:1:b8f9dc1f86]regedit /e D:\regkey.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"[/code:1:b8f9dc1f86]

    Je zal volgend bestand (regkey.reg) daarna op je D:\ zien staan..
    Wil je dit dan even zippen en naar me doorsturen?
    miekiemoesATbluemedicine.be (AT=@)
  • Platform: Windows 2000 (WinNT 5.00.2195)


    Service Pack 4 is al een tijdje uit…

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.