Vraag & Antwoord

Beveiliging & privacy

Kan iemand mij van een Trojan.Vundo afhelpen?

10 antwoorden
  • Hallo, Mijn Norton Antivirus geeft aan dat hij automatisch een Trojan.Vundo heeft verwijderd. Na alles gedaan te hebben en opnieuw opgestart, begint het weer van voren af aan. Kan iemand mij van dit probleem afhelpen? Groeten PS Indien nodig hier alvast het Hijack logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:34:47, on 13-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\opt\MBCASE\WIS\TBCD\tbmux32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166308305562 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://sun.jerseyinsight.com/AxisCamControl.ocx O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - C:\opt\MBCASE\WIS\TBCD\tbmux32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe -- End of file - 12676 bytes
  • Download [b:acb06317dc][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:acb06317dc] naar je [b:acb06317dc]bureaublad[/b:acb06317dc] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:acb06317dc]download Combofix opnieuw[/b:acb06317dc]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:acb06317dc]combofix.exe[/u:acb06317dc] Kies voor "Continue" door [b:acb06317dc]1[/b:acb06317dc] te typen gevolgd door [b:acb06317dc]ENTER[/b:acb06317dc]. Tijdens het runnen van de fix, [b:acb06317dc]NIET[/b:acb06317dc] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:acb06317dc]combofix.txt[/b:acb06317dc] openen. [i:acb06317dc]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:acb06317dc] Succes! Pim
  • Hallo Pim, [b:0721332754]Hier de log van Combofix:[/b:0721332754] ComboFix 08-01-13.1 - pentium 2008-01-13 21:34:39.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.485 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\pentium\Bureaublad\ComboFix.exe [color=red:0721332754][b:0721332754]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:0721332754][/color:0721332754] . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))) . 2008-01-13 19:34 . 2008-01-13 19:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-13 16:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 16:00 . 2008-01-13 16:00 <DIR> d-------- C:\VundoFix Backups 2008-01-13 15:34 . 2008-01-13 15:34 80,412,038 --a------ C:\SYM_REGISTRY_BACKUP.reg 2008-01-13 12:13 . 2006-01-30 21:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-01-11 13:23 . 2008-01-11 13:23 <DIR> d-------- C:\Program Files\vso 2008-01-11 13:13 . 2008-01-11 13:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-11 13:13 . 2004-08-30 21:00 1,417,216 --a------ C:\WINDOWS\system32\BTCPatcher.exe~ 2008-01-11 13:13 . 2008-01-11 13:14 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-01-11 13:00 . 2008-01-11 13:00 <DIR> d-------- C:\Program Files\InfraRecorder 2008-01-11 13:00 . 2008-01-11 13:00 <DIR> d-------- C:\Documents and Settings\pentium\Application Data\InfraRecorder 2008-01-11 12:28 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx 2008-01-11 12:28 . 2002-12-20 12:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx 2008-01-11 12:27 . 2008-01-11 12:28 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-01-11 12:27 . 2008-01-11 12:28 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-01-11 12:27 . 2008-01-11 12:27 <DIR> d-------- C:\Program Files\Media Player Classic 2008-01-11 12:27 . 2004-10-27 13:01 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx 2008-01-11 12:27 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl 2008-01-11 12:27 . 2004-01-12 17:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax 2008-01-11 12:27 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx 2008-01-11 12:22 . 2008-01-13 12:23 <DIR> d-------- C:\Program Files\Gabest 2008-01-11 09:14 . 2008-01-13 12:24 <DIR> d-------- C:\Program Files\WinAVI Video Capture 2008-01-11 07:33 . 2002-12-17 15:20 1,081,344 --------- C:\WINDOWS\UNIDRV.exe 2008-01-11 07:33 . 2002-12-30 15:25 106,085 --------- C:\WINDOWS\UNIDRV.cfg 2008-01-11 07:33 . 2002-10-09 12:38 80,864 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-01-11 07:33 . 2002-12-17 12:00 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl 2008-01-11 07:02 . 2008-01-11 07:02 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe 2008-01-11 07:02 . 2008-01-13 19:22 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe 2008-01-11 07:02 . 2008-01-11 07:03 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2008-01-06 14:57 . 2008-01-06 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced 2007-12-26 10:33 . 2007-12-26 10:33 <DIR> d-------- C:\Program Files\uTorrent 2007-12-26 10:32 . 2008-01-11 17:54 <DIR> d-------- C:\Documents and Settings\pentium\Application Data\uTorrent 2007-12-23 14:12 . 2007-12-23 14:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-12-23 14:11 . 2007-12-23 14:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2007-12-19 22:04 . 2007-12-19 22:04 <DIR> d-------- C:\Documents and Settings\pentium\Application Data\Leadertech 2007-12-18 15:54 . 2007-12-18 15:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll 2007-12-15 17:28 . 2007-12-15 17:28 142 --a------ C:\WINDOWS\system32\spupdsvc.inf . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 20:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-13 15:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-13 15:47 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-13 15:47 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-13 15:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-13 15:47 --------- d-----w C:\Program Files\Symantec 2008-01-11 18:37 39,936 ----a-w C:\WINDOWS\system32\NTSpool.exe 2008-01-11 12:03 --------- d-----w C:\Program Files\Ahead 2008-01-10 21:28 --------- d-----w C:\Documents and Settings\pentium\Application Data\LimeWirePlus 2008-01-10 21:22 --------- d-----w C:\Program Files\CloneDVD 2008-01-06 13:57 --------- d-----w C:\Program Files\Hema Album Software Advanced 2008-01-04 05:54 --------- d-----w C:\Program Files\Norton Internet Security 2007-12-23 13:12 --------- d-----w C:\Program Files\Nokia 2007-12-23 13:12 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-12-23 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-12-21 18:35 35,528 ----a-w C:\Documents and Settings\pentium\Application Data\GDIPFONTCACHEV1.DAT 2007-12-18 20:29 --------- d-----w C:\Documents and Settings\pentium\Application Data\U3 2007-11-19 20:46 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2007-11-19 20:46 --------- d-----w C:\Program Files\Common Files\HP 2007-11-19 20:42 --------- d-----w C:\Documents and Settings\Jolanda\Application Data\HP 2007-11-19 10:36 64,000 ----a-w C:\WINDOWS\system32\spads.dll 2007-11-18 10:31 --------- d-----w C:\Documents and Settings\pentium\Application Data\TeamViewer 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-06-26 14:44 34,448 ----a-w C:\Documents and Settings\Jolanda\Application Data\GDIPFONTCACHEV1.DAT 2005-08-11 08:47 1,532,230 ----a-w C:\Documents and Settings\DI-524 (D)\autorun.exe 2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-13_16.36.11.82 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-27 15:13:16 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys + 2007-10-01 13:48:56 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys - 2007-08-27 15:13:20 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys + 2007-10-01 13:49:04 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys - 2007-08-27 15:13:28 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys + 2007-10-01 13:49:16 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys - 2007-08-27 15:13:24 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys + 2007-10-01 13:49:10 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys - 2007-08-27 15:13:32 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys + 2007-10-01 13:49:20 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys - 2007-08-27 15:13:36 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys + 2007-10-01 13:49:26 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys - 2008-01-13 14:22:27 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-13 17:25:20 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-13 14:22:27 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-01-13 17:25:20 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-01-13 14:22:27 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-13 17:25:20 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-13 14:22:27 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-01-13 17:25:20 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat - 2007-08-27 15:13:42 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll + 2007-10-01 13:49:38 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll - 2007-08-27 15:13:40 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll + 2007-10-01 13:49:36 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}] 2007-12-18 15:54 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] 2007-11-19 11:36 64000 --a------ C:\WINDOWS\system32\spads.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 14:07 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 16:49 1838592] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 14:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-02-12 19:57:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "System Patcher"= BTCPatcher.exe "NTSpool"= NTSpool.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2006-12-16 15:22] R2 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2006-05-29 10:40] R3 ROCKEYNT;Feitian ROCKEY4 Device Service;C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2007-07-26 21:16] S3 msloop;Stuurprogramma voor Microsoft Loopback-adapter;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53] S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys [2006-06-11 09:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{790617b1-0d41-11dc-9ef9-00138500054d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-01-12 07:07:38 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - pentium.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 21:36:34 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll . Voltooingstijd: 2008-01-13 21:37:03 ComboFix-quarantined-files.txt 2008-01-13 20:37:00 ComboFix2.txt 2008-01-13 20:30:40 ComboFix3.txt 2008-01-13 15:36:32 . 2008-01-09 15:23:06 --- E O F --- [b:0721332754]En hier de verse Hijackthis log:[/b:0721332754] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:38:49, on 13-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\opt\MBCASE\WIS\TBCD\tbmux32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166308305562 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://sun.jerseyinsight.com/AxisCamControl.ocx O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - C:\opt\MBCASE\WIS\TBCD\tbmux32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe -- End of file - 12465 bytes [b:0721332754]Alvast dank voor de inzet[/b:0721332754]
  • Start Hijackthis, kies voor [i:15d36cac14]'Do a system scan only'[/i:15d36cac14] en vink onderstaande regels aan: [b:15d36cac14] O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) [/b:15d36cac14] Sluit nu [u:15d36cac14]alle[/u:15d36cac14] openstaande vensters, behalve Hijackthis en klik op [b:15d36cac14]Fix Checked[/b:15d36cac14]. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:15d36cac14] File:: C:\WINDOWS\system32\dcads-remove.exe C:\WINDOWS\system32\dcads_sidebar_uninstall.exe C:\WINDOWS\system32\superiorads-uninst.exe C:\WINDOWS\system32\dcads_sidebar.dll C:\WINDOWS\system32\spads.dll Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "System Patcher"=- "NTSpool"=- [/b:15d36cac14] Sla dit op op je Bureaublad als [b:15d36cac14]CFScript.txt[/b:15d36cac14] Sleep [b:15d36cac14]CFScript.txt[/b:15d36cac14] in [b:15d36cac14]ComboFix.exe[/b:15d36cac14] zoals getoond in onderstaand voorbeeld : [img:15d36cac14]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:15d36cac14] Dit zal [b:15d36cac14]ComboFix[/b:15d36cac14] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:15d36cac14]Combofix.txt[/b:15d36cac14] in je volgende antwoord samen met een nieuw HijackThislogje. Hoe is het met je problemen? Succes! Pim
  • [b:f4edd12ff2]Hallo Pim, Na het opstarten geen melding meer van een virus..... :o Ik vind Hans Klok een amateur vergeleken wat jij doet :D Ik vind het super. Hier de logs:[/b:f4edd12ff2] ComboFix 08-01-13.1 - pentium 2008-01-13 22:36:51.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.532 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\pentium\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\pentium\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt [color=red:f4edd12ff2][b:f4edd12ff2]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:f4edd12ff2][/color:f4edd12ff2] FILE C:\WINDOWS\system32\dcads-remove.exe C:\WINDOWS\system32\dcads_sidebar.dll C:\WINDOWS\system32\dcads_sidebar_uninstall.exe C:\WINDOWS\system32\spads.dll C:\WINDOWS\system32\superiorads-uninst.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\WINDOWS\system32\dcads-remove.exe C:\WINDOWS\system32\dcads_sidebar.dll C:\WINDOWS\system32\dcads_sidebar_uninstall.exe C:\WINDOWS\system32\spads.dll C:\WINDOWS\system32\superiorads-uninst.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))) . 2008-01-13 19:34 . 2008-01-13 19:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-13 16:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 15:34 . 2008-01-13 15:34 80,412,038 --a------ C:\SYM_REGISTRY_BACKUP.reg 2008-01-13 12:13 . 2006-01-30 21:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2008-01-13 12:13 . 2006-01-30 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-01-11 13:23 . 2008-01-11 13:23 <DIR> d-------- C:\Program Files\vso 2008-01-11 13:13 . 2008-01-11 13:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-11 13:13 . 2004-08-30 21:00 1,417,216 --a------ C:\WINDOWS\system32\BTCPatcher.exe~ 2008-01-11 13:13 . 2008-01-11 13:14 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-01-11 13:00 . 2008-01-11 13:00 <DIR> d-------- C:\Program Files\InfraRecorder 2008-01-11 13:00 . 2008-01-11 13:00 <DIR> d-------- C:\Documents and Settings\pentium\Application Data\InfraRecorder 2008-01-11 12:28 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx 2008-01-11 12:28 . 2002-12-20 12:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx 2008-01-11 12:27 . 2008-01-11 12:28 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-01-11 12:27 . 2008-01-11 12:28 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-01-11 12:27 . 2008-01-11 12:27 <DIR> d-------- C:\Program Files\Media Player Classic 2008-01-11 12:27 . 2004-10-27 13:01 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx 2008-01-11 12:27 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl 2008-01-11 12:27 . 2004-01-12 17:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax 2008-01-11 12:27 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx 2008-01-11 12:22 . 2008-01-13 12:23 <DIR> d-------- C:\Program Files\Gabest 2008-01-11 09:14 . 2008-01-13 12:24 <DIR> d-------- C:\Program Files\WinAVI Video Capture 2008-01-11 07:33 . 2002-12-17 15:20 1,081,344 --------- C:\WINDOWS\UNIDRV.exe 2008-01-11 07:33 . 2002-12-30 15:25 106,085 --------- C:\WINDOWS\UNIDRV.cfg 2008-01-11 07:33 . 2002-10-09 12:38 80,864 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-01-11 07:33 . 2002-12-17 12:00 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl 2008-01-06 14:57 . 2008-01-06 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced 2007-12-26 10:33 . 2007-12-26 10:33 <DIR> d-------- C:\Program Files\uTorrent 2007-12-26 10:32 . 2008-01-11 17:54 <DIR> d-------- C:\Documents and Settings\pentium\Application Data\uTorrent 2007-12-23 14:12 . 2007-12-23 14:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-12-23 14:11 . 2007-12-23 14:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2007-12-19 22:04 . 2007-12-19 22:04 <DIR> d-------- C:\Documents and Settings\pentium\Application Data\Leadertech 2007-12-15 17:28 . 2007-12-15 17:28 142 --a------ C:\WINDOWS\system32\spupdsvc.inf . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 21:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-13 15:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-13 15:47 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-13 15:47 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-13 15:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-13 15:47 --------- d-----w C:\Program Files\Symantec 2008-01-11 18:37 39,936 ----a-w C:\WINDOWS\system32\NTSpool.exe 2008-01-11 12:03 --------- d-----w C:\Program Files\Ahead 2008-01-10 21:28 --------- d-----w C:\Documents and Settings\pentium\Application Data\LimeWirePlus 2008-01-10 21:22 --------- d-----w C:\Program Files\CloneDVD 2008-01-06 13:57 --------- d-----w C:\Program Files\Hema Album Software Advanced 2008-01-04 05:54 --------- d-----w C:\Program Files\Norton Internet Security 2007-12-23 13:12 --------- d-----w C:\Program Files\Nokia 2007-12-23 13:12 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-12-23 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-12-21 18:35 35,528 ----a-w C:\Documents and Settings\pentium\Application Data\GDIPFONTCACHEV1.DAT 2007-12-18 20:29 --------- d-----w C:\Documents and Settings\pentium\Application Data\U3 2007-11-19 20:46 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2007-11-19 20:46 --------- d-----w C:\Program Files\Common Files\HP 2007-11-19 20:42 --------- d-----w C:\Documents and Settings\Jolanda\Application Data\HP 2007-11-18 10:31 --------- d-----w C:\Documents and Settings\pentium\Application Data\TeamViewer 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-06-26 14:44 34,448 ----a-w C:\Documents and Settings\Jolanda\Application Data\GDIPFONTCACHEV1.DAT 2005-08-11 08:47 1,532,230 ----a-w C:\Documents and Settings\DI-524 (D)\autorun.exe 2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-13_16.36.11.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-13 15:32:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000001\NTUSER.DAT + 2008-01-13 21:36:43 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000001\NTUSER.DAT - 2008-01-13 15:32:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000002\UsrClass.dat + 2008-01-13 21:36:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000002\UsrClass.dat - 2008-01-13 15:32:41 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000003\NTUSER.DAT + 2008-01-13 21:36:43 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000003\NTUSER.DAT - 2008-01-13 15:32:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000004\UsrClass.dat + 2008-01-13 21:36:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000004\UsrClass.dat - 2008-01-13 15:32:41 5,439,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000005\NTUSER.DAT + 2008-01-13 21:36:44 5,439,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000005\NTUSER.DAT - 2008-01-13 15:32:41 200,704 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000006\UsrClass.dat + 2008-01-13 21:36:44 200,704 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:f4edd12ff2]0[/u:f4edd12ff2]0000006\UsrClass.dat - 2007-08-27 15:13:16 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys + 2007-10-01 13:48:56 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys - 2007-08-27 15:13:20 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys + 2007-10-01 13:49:04 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys - 2007-08-27 15:13:28 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys + 2007-10-01 13:49:16 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys - 2007-08-27 15:13:24 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys + 2007-10-01 13:49:10 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys - 2007-08-27 15:13:32 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys + 2007-10-01 13:49:20 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys - 2007-08-27 15:13:36 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys + 2007-10-01 13:49:26 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys - 2008-01-13 14:22:27 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-13 21:37:23 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-13 14:22:27 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-01-13 21:37:23 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-01-13 14:22:27 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-13 21:37:23 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-13 14:22:27 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-01-13 21:37:23 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat - 2007-08-27 15:13:42 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll + 2007-10-01 13:49:38 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll - 2007-08-27 15:13:40 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll + 2007-10-01 13:49:36 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 14:07 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 16:49 1838592] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 14:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-02-12 19:57:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2006-12-16 15:22] R2 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2006-05-29 10:40] R3 ROCKEYNT;Feitian ROCKEY4 Device Service;C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2007-07-26 21:16] S3 msloop;Stuurprogramma voor Microsoft Loopback-adapter;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53] S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys [2006-06-11 09:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{790617b1-0d41-11dc-9ef9-00138500054d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-01-12 07:07:38 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - pentium.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 22:40:26 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-13 22:40:54 ComboFix-quarantined-files.txt 2008-01-13 21:40:52 ComboFix2.txt 2008-01-13 20:37:03 ComboFix3.txt 2008-01-13 20:30:40 ComboFix4.txt 2008-01-13 15:36:32 . 2008-01-09 15:23:06 --- E O F --- [b:f4edd12ff2]En de Hijack :[/b:f4edd12ff2] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:49:41, on 13-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\opt\MBCASE\WIS\TBCD\tbmux32.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\HPZinw12.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166308305562 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://sun.jerseyinsight.com/AxisCamControl.ocx O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - C:\opt\MBCASE\WIS\TBCD\tbmux32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe -- End of file - 11972 bytes [b:f4edd12ff2]Groeten[/b:f4edd12ff2]
  • Haha, bedankt voor het mooie compliment :D Verwijder Combofix: Ga naar start --> uitvoeren en typ daar:[b:59320013f1]Combofix /U [/b:59320013f1] Dit zal Combofix verwijderen en je systeemherstel wordt schoongemaakt. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:59320013f1]ATF cleaner[/b:59320013f1] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:59320013f1]Firefox[/b:59320013f1] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:59320013f1]Opera[/b:59320013f1] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:59320013f1]Exit[/b:59320013f1] om het programma af te sluiten. Alle problemen voorbij? Pim
  • Hallo Pim, Ik dacht dat ik al klaar was, maar er kwam dus nog een vervolgje. Nadat ik ATF cleaner had gebruikt, kwam er een pop up schempje met de melding: "No files were removed" . Alles afgesloten, nog een keer opnieuw opgestart en nog steeds alles prima in orde :D . Groeten
  • Dan kan kloppen, dan zat er niks in je temp mappen, tenminste, ik neem aan dat die popup van ATF Cleaner was? Dan kunnen we hem afsluiten denk ik. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Pim :)
  • Mooi en duidelijk overzicht op die website. Ik heb al jaren Norton (welke ik over 55 dagen moet verlengen), en dat bevalt me eigenlijk wel goed. Wat er afgelopen weekend is gebeurt met die Trojan weet ik niet, maar Norton heeft hem niet tegen gehouden lijkt het wel. Tenzij jij andere adviezen heb wil ik eigenlijk wel bij Norotn blijven (is wel makkelijk om niet op zoek naar een andere te hoeven). Groeten en nogmaals dank.
  • Norton is een prima product, dus als je tevreden bent over Norton zou ik die gewoon behouden. Geen enkele scanner is perfect, waarschijnlijk zou bij een andere scanner deze er ook door zijn gekomen. Het schijnt wel zo te zijn dat Norton een vertragende factor kan zijn voor je computer, maar als je tevrede er over bent zou ik hem gewoon verlengen :)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.