Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis, zeker rommel

Anoniem
None
14 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 19:55:26, on 29/03/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Hitman Pro\srhelper.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\587a00ab61e8dafd71b30d6a3b165f\update\update.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Luc\Bureaublad\Nieuwe map\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.telenet.be
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft Internet Explorer aangeboden door Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
    Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check]
    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [win updates] wugrds.exe
    O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\Run: [starter] scvhosting.exe
    O4 - HKLM\..\Run: [Windows backup] systems.exe
    O4 - HKLM\..\Run: [wp_config] wpconfig.exe
    O4 - HKLM\..\Run: [Local Service] runndll.exe
    O4 - HKLM\..\Run: [NDIS Adapter] pwnageasda.exe
    O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKLM\..\Run: [Motive SmartBridge]
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
    Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark
    X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\RunServices: [win updates] wugrds.exe
    O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\RunServices: [starter] scvhosting.exe
    O4 - HKLM\..\RunServices: [MSN UPDATER] msnplugins.exe
    O4 - HKLM\..\RunServices: [Windows backup] systems.exe
    O4 - HKLM\..\RunServices: [wp_config] wpconfig.exe
    O4 - HKLM\..\RunServices: [Local Service] runndll.exe
    O4 - HKLM\..\RunServices: [NDIS Adapter] pwnageasda.exe
    O4 - HKCU\..\Run: [win updates] wugrds.exe
    O4 - HKCU\..\Run: [starter] scvhosting.exe
    O4 - HKCU\..\Run: [MSN UPDATER] msnplugins.exe
    O4 - HKCU\..\Run: [wp_config] wpconfig.exe
    O4 - HKCU\..\Run: [NDIS Adapter] pwnageasda.exe
    O4 - HKCU\..\Run: [Local Service] runndll.exe
    O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program
    Files\Hitman Pro\srhelper.exe"
    O4 - HKCU\..\RunServices: [MSN UPDATER] msnplugins.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk =
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet
    EasyCare\bin\matcli.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-45-A1AB-5D2C442ADFDE} -
    http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
    Utility Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
    Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
    http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
    Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program
    Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe

    Voor een vriend,

    bedankt.

  • Hey,

    Doe eerst eens een online virusscan via Bitdefender en/of Housecall en laat het alles verwijderen wat het vind.
    Plaats daarna een nieuw logje van HiajckThis.
  • Geen virus gevonden.


    :-?
  • [quote:c7b0f66493="kaarslicht"]Geen virus gevonden.


    :-?[/quote:c7b0f66493]
    O4 - HKLM\..\Run: [starter] scvhosting.exe
    Vreemd lees hier eens:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.e.html
    [quote:c7b0f66493]technical details

    Once the Trojan is executed, it performs the following actions:

    1. Adds the value:

    "starter" = "scvhosting.exe"

    to the following registry entries:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    so that the Trojan is executed automatically every time Windows starts.

    2. Copies itself as %System%\scvhosting.exe.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).[/quote:c7b0f66493]en:
    O4 - HKLM\..\Run: [Windows backup] systems.exe

    http://securityresponse.symantec.com/avcenter/venc/data/w32.cesca.html
  • [code:1:3781c43033]O4 - HKLM\..\Run: [win updates] wugrds.exe
    O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe[/code:1:3781c43033]
    zijn er ff 2 die ik er tussenuit pik
  • Blijkbaar wel alle exe-files opgeruimd maar nog niet uit de startup lijst verwijderd. Ze staan ook niet in de lijst van running processen, dus de scan zou kunnen kloppen.

    Je hebt het logje bewerkt om de regels niet te lang te maken.
    Volgende keer niet meer bewerken maar gewoon copy & paste.

    Je mag de volgende items fixen:
    [b:f8ba4beb15]
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [win updates] wugrds.exe
    O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\Run: [starter] scvhosting.exe
    O4 - HKLM\..\Run: [Windows backup] systems.exe
    O4 - HKLM\..\Run: [wp_config] wpconfig.exe
    O4 - HKLM\..\Run: [Local Service] runndll.exe
    O4 - HKLM\..\Run: [NDIS Adapter] pwnageasda.exe
    O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKLM\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKLM\..\RunServices: [win updates] wugrds.exe
    O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\RunServices: [starter] scvhosting.exe
    O4 - HKLM\..\RunServices: [MSN UPDATER] msnplugins.exe
    O4 - HKLM\..\RunServices: [Windows backup] systems.exe
    O4 - HKLM\..\RunServices: [wp_config] wpconfig.exe
    O4 - HKLM\..\RunServices: [Local Service] runndll.exe
    O4 - HKLM\..\RunServices: [NDIS Adapter] pwnageasda.exe
    O4 - HKCU\..\Run: [win updates] wugrds.exe
    O4 - HKCU\..\Run: [starter] scvhosting.exe
    O4 - HKCU\..\Run: [MSN UPDATER] msnplugins.exe
    O4 - HKCU\..\Run: [wp_config] wpconfig.exe
    O4 - HKCU\..\Run: [NDIS Adapter] pwnageasda.exe
    O4 - HKCU\..\Run: [Local Service] runndll.exe
    O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKCU\..\RunServices: [MSN UPDATER] msnplugins.exe
    [/b:f8ba4beb15]

    Sjaak
  • Logfile of HijackThis v1.99.1
    Scan saved at 23:25:04, on 30/03/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Hitman Pro\srhelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\Documents and Settings\Luc\Bureaublad\Nieuwe map\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe
    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-45-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {80DD2229-B4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  • Steggel gaf deze regel nog om te fixen

    O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe

    Doe dit eens! :wink:
  • Ik wacht even op Sjaak (steggel).
    Misschien is er nog meer… :wink:
  • Deze mag je fixen in Hijackthis

    O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe

    en dan C:\WINDOWS\System32\svcxnv32.exe verwijderen :wink:
  • Logfile of HijackThis v1.99.1
    Scan saved at 22:32:38, on 31/03/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Hitman Pro\srhelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Luc\Bureaublad\Nieuwe map\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-45-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {80DD2229-B4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Hopelijk terug alles clean?

  • Ziet er goed uit hoor:)
    Hoe werkt alles nu?
  • Alles werkt terug prima.

    Hartelijk bedankt!!! :D
  • Graag gedaan hoor :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.