Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan Horse SHeur.APDU

None
20 antwoorden
  • Hallo allemaal,

    Sinds enige tijd heb ik het virus Trojan Horse SHeur.APDU . :cry:

    Heel erg vervelend dus zou iemand a.u.b. mij willen helpen,

    Alvast heel erg bedankt.


    Hier is een HijackThis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:49:49, on 1-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Acer\Empowering Technology\admServ.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\WINDOWS\System32\snmp.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    C:\Acer\Empowering Technology\admtray.exe
    D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    D:\WINDOWS\system32\lvcomsx.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    D:\Program Files\Atheros\ACU.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\Program Files\SurfRight\Caretaker\Notifier.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [ACU] "D:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [CaretakerNotifier] D:\Program Files\SurfRight\Caretaker\Notifier.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Sample Toolband Serach - res://D:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


    End of file - 6774 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c1670df0ca]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    [/b:c1670df0ca]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    plaats even een nieuw HJT logje
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:19:15, on 1-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Acer\Empowering Technology\admServ.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\WINDOWS\System32\snmp.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    C:\Acer\Empowering Technology\admtray.exe
    D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    D:\WINDOWS\system32\lvcomsx.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    D:\Program Files\Atheros\ACU.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\Program Files\SurfRight\Caretaker\Notifier.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [ACU] "D:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [CaretakerNotifier] D:\Program Files\SurfRight\Caretaker\Notifier.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Sample Toolband Serach - res://D:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


    End of file - 6715 bytes
  • 1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:e790a5daba]Select All[/b:e790a5daba].
    Klik op de knop [b:e790a5daba]Empty Selected[/b:e790a5daba].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:e790a5daba]Select All[/b:e790a5daba].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:e790a5daba]Empty Selected[/b:e790a5daba].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:e790a5daba]Select All[/b:e790a5daba].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:e790a5daba]Empty Selected[/b:e790a5daba].
    Ga naar het tabblad "Main" en klik op de knop [b:e790a5daba]Exit[/b:e790a5daba] om het programma af te sluiten.

    2. Download [b:e790a5daba]Dr.Web CureIt[/color:e790a5daba][/b:e790a5daba] en sla het op je bureaublad op.
    [list:e790a5daba][*:e790a5daba]Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
    Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
    [*:e790a5daba]De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op '[b:e790a5daba]alles selecteren[/b:e790a5daba]' kies nu voor '[b:e790a5daba]repareren[/b:e790a5daba]' en uit het kleine menutje dat verschijnt kies je '[b:e790a5daba]verplaatsen[/b:e790a5daba]'.
    [*:e790a5daba]Kies bovenaan in het menu voor [b:e790a5daba]Language/Taal[/b:e790a5daba] en wijzig deze naar [b:e790a5daba]Dutch (Nederlands)[/b:e790a5daba] indien deze bij jou anders staat ingesteld.
    [*:e790a5daba]Druk op [b:e790a5daba]F9[/b:e790a5daba], kies daarna voor het tabblad [b:e790a5daba]Acties[/b:e790a5daba] en stel daar het volgende in onder [b:e790a5daba]Malware[/b:e790a5daba]:
    [list:e790a5daba]
    [*:e790a5daba][b:e790a5daba]Adware[/b:e790a5daba]: Verplaats
    [*:e790a5daba][b:e790a5daba]Dialers[/b:e790a5daba]: Verplaats
    [*:e790a5daba][b:e790a5daba]Jokes[/b:e790a5daba]: Rapportage
    [*:e790a5daba][b:e790a5daba]Riskware[/b:e790a5daba]: Rapportage
    [*:e790a5daba][b:e790a5daba]Hacktools[/b:e790a5daba]: Verplaats
    [*:e790a5daba]Haal dan het vinkje weg bij '[b:e790a5daba]Prompt bij actie[/b:e790a5daba]'.[/list:u:e790a5daba]
    [*:e790a5daba]Kies daarna voor het tabblad [b:e790a5daba]Scan[/b:e790a5daba] en verwijder het vinkje bij [b:e790a5daba]Heuristische analyse[/b:e790a5daba].
    Druk vervolgens op [b:e790a5daba]Toepassen[/b:e790a5daba] gevolgd door [b:e790a5daba]OK[/b:e790a5daba].
    [*:e790a5daba]Eenmaal als de korte scan is be?indigd vink je aan: [b:e790a5daba]Volledige scan[/b:e790a5daba].
    Druk daarna op het [b:e790a5daba]groene pijltje[/b:e790a5daba][/color:e790a5daba] (start knop) om de scan te starten.
    [*:e790a5daba]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
    [*:e790a5daba]Nadat de scan gedaan is ga dan naar [b:e790a5daba]Bestand[/b:e790a5daba] en kies [b:e790a5daba]Rapportage lijst opslaan[/b:e790a5daba].
    Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
    [*:e790a5daba]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
    [*:e790a5daba]Na het herstarten, [b:e790a5daba]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:e790a5daba].[/list:u:e790a5daba]
  • De log :

    Process.exe;D:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.Prockill;Verplaatst.;
    restart.exe;D:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.ShutDown.11;Verplaatst.;
    A0035326.exe;D:\System Volume Information\_restore{4ECF70A4-1223-470F-B908-A18E51007AC0}\RP70;Tool.Prockill;Verplaatst.;
    A0035327.exe;D:\System Volume Information\_restore{4ECF70A4-1223-470F-B908-A18E51007AC0}\RP70;Tool.ShutDown.11;Verplaatst.;
    Process.exe;D:\WINDOWS\system32;Tool.Prockill;Verplaatst.;
  • Nu komt trouwens als ik met AVG doe scannen ook dit:

    File:
    kernel32.dll
    user32.dll
    shell32.dll
    ntoskrnl.exe

    Result/Infection:
    Change
    Change
    Change
    Change

    Path:
    D:\WINDOWS\system32\kernel32.dll
    D:\WINDOWS\sytem32\user32.dll
    D:\WINDOWS\system32\shell32.dll
    D:\WINDOWS\sytem32
    toskrnl.exe


    Weet niet wat dit is en of het kwaad kan?
  • we zullen zien.


    Download [b:2f36f74a7f]Combofix[/b:2f36f74a7f] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:2f36f74a7f]download Combofix opnieuw[/b:2f36f74a7f]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:2f36f74a7f]
    Dubbelklik op [b:2f36f74a7f]Combofix.exe[/b:2f36f74a7f]
    Volg de instructies, aanvaard de disclaimer door [b:2f36f74a7f]1[/b:2f36f74a7f] (continue) te typen, gevolgd door [b:2f36f74a7f]ENTER[/b:2f36f74a7f].
    Tijdens het runnen van de fix, [b:2f36f74a7f]NIET[/b:2f36f74a7f] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:2f36f74a7f]
    Wanneer de fix voltooid is en na herstart, zal de log [b:2f36f74a7f]combofix.txt[/b:2f36f74a7f] openen.
    [i:2f36f74a7f]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:2f36f74a7f]
  • Combofix:

    ComboFix 08-02.02.5 - Ken Peeters 2008-02-02 13:36:53.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.617 [GMT 1:00]
    Gestart vanuit: D:\Documents and Settings\Ken Peeters\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    [b:174afd5eac]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:174afd5eac][/color:174afd5eac]
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    D:\WINDOWS\system32\drivers
    pf.sys
    D:\WINDOWS\system32\packet.dll
    D:\WINDOWS\system32\pthreadVC.dll
    D:\WINDOWS\system32\WanPacket.dll
    D:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\NPF


    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
    .

    2008-02-01 23:08 . 2008-02-01 23:08 <DIR> d——– D:\Documents and Settings\Ken Peeters\DoctorWeb
    2008-02-01 22:55 . 2008-02-02 13:52 54,156 –ah—– D:\WINDOWS\QTFont.qfn
    2008-02-01 22:55 . 2008-02-01 22:55 1,409 –a—— D:\WINDOWS\QTFont.for
    2008-02-01 22:52 . 2008-02-01 22:52 <DIR> d——– D:\Program Files\iTunes
    2008-02-01 22:52 . 2008-02-01 22:52 <DIR> d——– D:\Program Files\iPod
    2008-02-01 22:52 . 2008-02-01 22:52 <DIR> d——– D:\Program Files\Bonjour
    2008-02-01 22:52 . 2008-02-01 22:52 <DIR> d——– D:\Documents and Settings\Ken Peeters\Application Data\Apple Computer
    2008-02-01 22:51 . 2008-02-01 22:52 <DIR> d——– D:\Program Files\QuickTime
    2008-02-01 22:51 . 2008-02-01 22:51 <DIR> d——– D:\Program Files\Common Files\Apple
    2008-02-01 22:51 . 2008-02-01 22:51 <DIR> d——– D:\Program Files\Apple Software Update
    2008-02-01 22:51 . 2008-02-01 22:52 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-01 22:51 . 2008-02-01 22:51 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Apple
    2008-02-01 22:25 . 2008-02-01 22:42 <DIR> d——– D:\Documents and Settings\Ken Peeters\Application Data\LimeWire
    2008-02-01 22:24 . 2008-02-01 22:42 <DIR> d——– D:\Program Files\LimeWire
    2008-02-01 21:33 . 2008-02-01 21:33 <DIR> d——– D:\Program Files\Guild Wars
    2008-02-01 18:49 . 2008-02-01 18:49 <DIR> d——– D:\Program Files\Trend Micro
    2008-02-01 18:18 . 2008-02-01 18:18 <DIR> d——– D:\Program Files\Webroot
    2008-02-01 18:18 . 2008-02-01 18:32 <DIR> d——– D:\Program Files\Spyware Doctor
    2008-02-01 18:18 . 2008-02-01 18:18 <DIR> d——– D:\Documents and Settings\Ken Peeters\Application Data\PC Tools
    2008-02-01 18:18 . 2008-02-01 18:41 <DIR> d-a—— D:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-01 18:18 . 2007-12-10 14:53 81,288 –a—— D:\WINDOWS\system32\drivers\iksyssec.sys
    2008-02-01 18:18 . 2007-12-10 14:53 66,952 –a—— D:\WINDOWS\system32\drivers\iksysflt.sys
    2008-02-01 18:18 . 2007-12-10 14:53 41,864 –a—— D:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-02-01 18:18 . 2007-12-10 14:53 29,576 –a—— D:\WINDOWS\system32\drivers\kcom.sys
    2008-02-01 18:17 . 2008-02-01 18:17 164 –a—— D:\install.dat
    2008-02-01 18:16 . 2008-02-01 18:38 <DIR> d——– D:\Program Files\Spybot - Search & Destroy
    2008-02-01 18:16 . 2008-02-01 18:38 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-01 18:13 . 2005-08-25 18:18 118,784 –a—— D:\WINDOWS\system32\MSSTDFMT.DLL
    2008-02-01 18:13 . 2005-08-25 18:19 115,920 –a—— D:\WINDOWS\system32\MSINET.OCX
    2008-02-01 18:12 . 2008-02-01 18:11 512,096 –a—— D:\WINDOWS\system32\drivers\amon.sys
    2008-02-01 18:12 . 2008-02-01 18:11 298,104 –a—— D:\WINDOWS\system32\imon.dll
    2008-02-01 18:12 . 2008-02-01 18:11 15,424 –a—— D:\WINDOWS\system32\drivers
    od32drv.sys
    2008-02-01 18:11 . 2008-02-01 18:12 <DIR> d——– D:\Program Files\ESET
    2008-02-01 18:07 . 2008-02-01 18:07 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Prevx
    2008-02-01 17:59 . 2008-02-01 17:59 <DIR> d——– D:\Program Files\SurfRight
    2008-02-01 17:59 . 2008-02-01 17:59 <DIR> d——– D:\Documents and Settings\All Users\Application Data\SurfRight
    2008-02-01 17:52 . 2008-02-01 17:52 <DIR> d——– D:\WINDOWS\system32\GroupPolicy
    2008-02-01 17:52 . 2008-02-01 18:39 <DIR> d——– D:\Program Files\Hitman Pro
    2008-02-01 17:52 . 2006-02-28 13:43 1,077,344 –a—— D:\WINDOWS\system32\mscomctl.ocx
    2008-01-31 19:41 . 2008-01-31 19:41 <DIR> d——– D:\WINDOWS\Sun
    2008-01-28 18:24 . 2008-01-28 18:24 <DIR> d——– D:\Program Files\Windows Media Connect 2
    2008-01-28 18:22 . 2008-01-28 18:22 <DIR> d——– D:\WINDOWS\system32\LogFiles
    2008-01-28 18:22 . 2008-01-28 18:23 <DIR> d——– D:\WINDOWS\system32\drivers\UMDF
    2008-01-26 21:19 . 2007-09-05 23:22 289,144 –a—— D:\WINDOWS\system32\VCCLSID.exe
    2008-01-26 21:19 . 2006-04-27 16:49 288,417 –a—— D:\WINDOWS\system32\SrchSTS.exe
    2008-01-26 21:19 . 2007-12-20 23:11 81,920 –a—— D:\WINDOWS\system32\IEDFix.exe
    2008-01-26 21:19 . 2004-07-31 17:50 51,200 –a—— D:\WINDOWS\system32\dumphive.exe
    2008-01-26 21:19 . 2007-10-03 23:36 25,600 –a—— D:\WINDOWS\system32\WS2Fix.exe
    2008-01-26 21:19 . 2008-01-26 21:19 3,642 –a—— D:\WINDOWS\system32\tmp.reg
    2008-01-20 15:02 . 2008-01-20 15:02 <DIR> d——– D:\Documents and Settings\Ken Peeters\Application Data\Samsung
    2008-01-20 14:48 . 2008-01-20 14:48 <DIR> d——– D:\WINDOWS\system32\Samsung_USB_Drivers
    2008-01-20 14:48 . 2006-05-03 22:53 174,592 –a—— D:\WINDOWS\system32\framedyn.dll
    2008-01-20 14:48 . 2005-08-30 17:59 94,000 –a—— D:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-01-20 14:48 . 2005-08-30 17:57 58,320 –a—— D:\WINDOWS\system32\drivers\ss_bus.sys
    2008-01-20 14:48 . 2005-08-30 17:58 8,304 –a—— D:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-01-20 14:48 . 2005-08-30 17:58 6,144 –a—— D:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-01-20 14:48 . 2005-08-30 17:58 6,144 –a—— D:\WINDOWS\system32\drivers\ss_cm.sys
    2008-01-20 14:48 . 2005-08-30 17:57 5,808 –a—— D:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-01-20 14:48 . 2005-08-30 17:57 5,808 –a—— D:\WINDOWS\system32\drivers\ss_wh.sys
    2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d——– D:\Program Files\Samsung
    2008-01-20 14:47 . 2006-07-24 16:05 5,632 –a—— D:\WINDOWS\system32\drivers\StarOpen.sys
    2008-01-20 14:47 . 2005-08-28 20:51 766 –a—— D:\WINDOWS\system32\Uninstall.ico
    2008-01-19 20:24 . 2008-01-19 20:24 <DIR> d——– D:\Program Files\Common Files\Adobe Systems Shared
    2008-01-19 20:23 . 2008-02-01 17:59 <DIR> d——– D:\Program Files\Common Files\Adobe
    2008-01-19 19:05 . 2008-01-19 19:05 <DIR> d——– D:\Documents and Settings\Ken Peeters\Application Data\ATI
    2008-01-19 19:05 . 2008-01-19 19:05 <DIR> d——– D:\Documents and Settings\All Users\Application Data\ATI
    2008-01-19 19:03 . 2008-01-19 19:03 0 –a—— D:\WINDOWS\ativpsrm.bin
    2008-01-19 18:58 . 2007-12-20 21:05 593,920 ——— D:\WINDOWS\system32\ati2sgag.exe
    2008-01-19 17:25 . 2008-01-19 17:25 188 –a—— D:\WINDOWS\system32\eDataSecurity.dat
    2008-01-19 11:46 . 2008-01-19 11:46 <DIR> d——– D:\Program Files\Phoenix Technologies Ltd
    2008-01-19 11:46 . 1998-10-29 16:45 306,688 –a—— D:\WINDOWS\IsUninst.exe
    2008-01-16 16:28 . 2008-01-17 16:18 <DIR> d——– D:\Documents and Settings\Ken Peeters\Application Data\StarOffice8
    2008-01-14 16:10 . 2008-01-14 16:10 <DIR> d——– D:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-14 16:09 . 2004-08-04 00:03 221,184 –a—— D:\WINDOWS\system32\wmpns.dll
    2008-01-14 16:05 . 2008-01-14 16:05 <DIR> d——– D:\Program Files\MSXML 4.0
    2008-01-13 16:38 . 2004-08-03 23:15 140,928 –a—— D:\WINDOWS\system32\drivers\ks.sys
    2008-01-13 16:38 . 2004-03-16 10:58 136,960 –a—— D:\WINDOWS\system32\drivers\portcls.sys
    2008-01-13 16:38 . 2004-08-04 01:03 130,048 –a—— D:\WINDOWS\system32\ksproxy.ax
    2008-01-13 16:38 . 2004-08-03 23:08 60,288 –a—— D:\WINDOWS\system32\drivers\drmk.sys
    2008-01-13 16:38 . 2004-08-03 23:08 48,640 –a—— D:\WINDOWS\system32\drivers\stream.sys
    2008-01-13 16:38 . 2004-08-04 01:03 23,552 –a—— D:\WINDOWS\system32\wdmaud.drv
    2008-01-13 16:38 . 2004-08-04 01:03 4,096 –a—— D:\WINDOWS\system32\ksuser.dll
    2008-01-13 16:37 . 2008-01-13 16:37 92 –a—— D:\WINDOWS\GridV.UNI
    2008-01-13 16:36 . 2008-01-13 16:36 <DIR> d——– D:\Program Files\Acer Inc
    2008-01-13 16:33 . 2008-01-19 18:58 <DIR> d——– D:\Program Files\ATI Technologies
    2008-01-13 16:31 . 2008-01-13 16:31 <DIR> d——– D:\Program Files\Synaptics
    2008-01-13 16:31 . 2005-11-02 15:11 191,456 –a—— D:\WINDOWS\system32\drivers\SynTP.sys
    2008-01-13 16:31 . 2005-11-02 15:11 114,688 –a—— D:\WINDOWS\system32\SynCtrl.dll
    2008-01-13 16:31 . 2005-11-02 15:11 90,203 –a—— D:\WINDOWS\system32\SynTPAPI.dll
    2008-01-13 16:31 . 2005-11-02 15:11 82,014 –a—— D:\WINDOWS\system32\SynCOM.dll
    2008-01-13 16:31 . 2005-11-02 15:11 81,920 –a—— D:\WINDOWS\system32\SynTPCo2.dll
    2008-01-13 16:31 . 2005-11-02 15:11 69,723 –a—— D:\WINDOWS\system32\SynTPFcs.dll
    2008-01-13 16:26 . 2008-01-13 16:27 <DIR> d——– D:\Program Files\TVDriverUninstall
    2008-01-13 16:25 . 2008-01-13 16:25 <DIR> d——– D:\Program Files\Atheros
    2008-01-13 16:25 . 2004-12-27 17:04 1,396,830 –a—— D:\WINDOWS\system32\AegisE5.dll
    2008-01-13 16:25 . 2005-01-10 15:47 449,888 –a—— D:\WINDOWS\system32\ar5211.sys
    2008-01-13 16:25 . 2004-12-27 17:10 356,352 –a—— D:\WINDOWS\system32\athcfg11.dll
    2008-01-13 16:25 . 2004-12-27 17:11 229,376 –a—— D:\WINDOWS\system32\wcapi.dll
    2008-01-13 16:25 . 2005-01-31 08:05 217,088 –a—— D:\WINDOWS\system32\wgapi.dll
    2008-01-13 16:25 . 2004-12-27 17:04 192,512 –a—— D:\WINDOWS\system32\AegisI5.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-12 13:03 39,424 —-a-w D:\WINDOWS\system32\drivers\LVUSBSta.sys
    2008-01-12 13:03 1,097,728 —-a-w D:\WINDOWS\system32\drivers\lv321av.sys
    2008-01-10 22:00 ——— d—–w D:\Program Files\microsoft frontpage
    2007-12-21 03:53 2,843,136 —-a-w D:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-12-21 02:17 49,152 —-a-w D:\WINDOWS\system32\drivers\ati2erec.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
    "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
    "AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-12 12:47 579072]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "RTHDCPL"="RTHDCPL.EXE" [2005-11-17 11:27 15600128 D:\WINDOWS\RTHDCPL.exe]
    "LogitechCameraAssistant"="D:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
    "LogitechVideo[inspector]"="D:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
    "LogitechCameraService(E)"="D:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
    "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
    "LManager"="D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 17:11 458752]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2005-12-15 19:13 344064]
    "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-18 16:06 3079680]
    "LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
    "ACU"="D:\Program Files\Atheros\ACU.exe" [2005-01-31 08:05 253952]
    "SynTPLpr"="D:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 15:11 102491]
    "SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 15:11 692315]
    "StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
    "AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 12:47 219136]

    R1 OsaFsLoc;OsaFsLoc;D:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
    R2 EpmPsd;Acer EPM Power Scheme Driver;D:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
    R2 EpmShd;Acer EPM System Hardware Driver;D:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
    R2 osaio;osaio;D:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;D:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    R3 lv321av;Logitech USB PC Camera (VC0321);D:\WINDOWS\system32\DRIVERS\lv321av.sys [2008-01-12 14:03]
    R3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
    R3 NdisFilt;OSA NdisFilter Protocol;D:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
    R3 SMCB000;SMSC CIR HID Miniport Device Driver;D:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-02-01 21:51:42 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-12 12:03:56 D:\WINDOWS\Tasks\Norton Security Scan.job"
    - D:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-02 13:52:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Acer\Empowering Technology\admServ.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\WINDOWS\System32\snmp.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\WINDOWS\System32\rundll32.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-02-02 13:53:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-02 12:53:32
    .
    2008-01-30 14:04:13 — E O F —


    ———————————————————————————————————-

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:55:04, on 2-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Acer\Empowering Technology\admServ.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\WINDOWS\System32\snmp.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    D:\WINDOWS\system32\lvcomsx.exe
    C:\Acer\Empowering Technology\admtray.exe
    D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    D:\Program Files\Atheros\ACU.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\WINDOWS\system32
    otepad.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [ACU] "D:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Sample Toolband Serach - res://D:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


    End of file - 7354 bytes
  • En hoe gaat het nu ?
  • Trojan is volgens mij weg.

    Dat andere nog niet maar ik heb niet het idee dat dat iets ergs is, ik heb er in ieder geval geen last van.

    Dus hartstikke bedankt! :D
  • Probeer het eens zo.

    Download en installeer [b:4e306e8ac0]AVG Anti-Spyware 7.5[/color:4e306e8ac0][/b:4e306e8ac0] [list:4e306e8ac0]
    [*:4e306e8ac0]Scroll iets naar beneden, klik ?download now? en sla het programma op.
    [*:4e306e8ac0]Klik tweemaal ?uitvoeren? en selecteer een taal.
    [*:4e306e8ac0]Doorloop enkele vensters en klik op ?installeren?.
    [*:4e306e8ac0]Als het niet automatisch gebeurt klik je op ?updates?
    [*:4e306e8ac0]Selecteer[b:4e306e8ac0] "Scanner"[/b:4e306e8ac0] bovenin het scherm en selecteer dan[b:4e306e8ac0] "Settings"[/b:4e306e8ac0]
    [*:4e306e8ac0]Eenmaal in het Settings gedeelte klik je [b:4e306e8ac0]"Recommended actions"[/b:4e306e8ac0] en vervolgens [b:4e306e8ac0]"Quarantine"[/b:4e306e8ac0]
    [*:4e306e8ac0]Sluit Ewido. Laat het nog [b:4e306e8ac0]niet[/b:4e306e8ac0] scannen
    [/list:u:4e306e8ac0]

    Start nu je computer op in [b:4e306e8ac0]VEILIGE mode[/b:4e306e8ac0]
    Start de pc op in [b:4e306e8ac0]VEILIGE mode[/b:4e306e8ac0].
    Kijkhier hoe dat moet.

    Start AVG Anti-Spyware, (er is een icon op je desktop[list:4e306e8ac0]
    [*:4e306e8ac0]klik op [b:4e306e8ac0]Scanner[/b:4e306e8ac0]
    [*:4e306e8ac0]Klik op [b:4e306e8ac0]Complete System Scan[/b:4e306e8ac0]
    [*:4e306e8ac0]Laat het programma je pc scannen, dit kan even duren.
    [*:4e306e8ac0]Als er ge?nfecteerde bestanden zijn gevonden, klik dan op "[b:4e306e8ac0]Apply all actions[/b:4e306e8ac0]"
    Daarna zal je een knop zien [b:4e306e8ac0]Save report[/b:4e306e8ac0]
    [*:4e306e8ac0]Klik op [b:4e306e8ac0]Save Report[/b:4e306e8ac0]
    [*:4e306e8ac0]Klik daarna op [b:4e306e8ac0]Save Report as[/b:4e306e8ac0] en bewaar het rapport op op je bureaublad.
    [*:4e306e8ac0]Sluit AVG Anti-spyware af en herstart de computer in normale mode.[/list:u:4e306e8ac0]
    [b:4e306e8ac0]Post het log tesamen met een nieuw hijackthis log.[/b:4e306e8ac0]
  • ———————————————————
    AVG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 22:02:40 2-2-2008

    + Scan result:



    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : No action taken.
    :mozilla.106:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.164:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.91:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.94:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.95:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.97:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    D:\Documents and Settings\Ken Peeters\Cookies\ken_peeters@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.96:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Adobe : No action taken.
    :mozilla.168:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.169:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.170:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.138:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    D:\Documents and Settings\Ken Peeters\Cookies\ken_peeters@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.17:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.202:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.110:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.111:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.116:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.117:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.118:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.122:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.126:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.129:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.130:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.109:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
    :mozilla.119:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
    :mozilla.105:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.9:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
    :mozilla.10:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.14:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.15:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.16:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.146:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.147:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.148:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.149:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.150:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.151:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.152:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.73:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.76:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.133:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.134:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.135:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.136:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.137:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.100:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.101:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.62:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    D:\Documents and Settings\Ken Peeters\Cookies\ken_peeters@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.159:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
    :mozilla.53:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.54:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.55:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.56:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.57:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.58:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.59:D:\Documents and Settings\Ken Peeters\Application Data\Mozilla\Firefox\Profiles\hoblw4db.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


    ::Report end






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:09:34, on 2-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    C:\Acer\Empowering Technology\admtray.exe
    D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    D:\WINDOWS\system32\lvcomsx.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Atheros\ACU.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Acer\Empowering Technology\admServ.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\WINDOWS\System32\snmp.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [ACU] "D:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Sample Toolband Serach - res://D:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


    End of file - 7873 bytes
  • Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    [code:1:06d261b147]
    REGEDIT4

    [-HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj]
    [-HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1]
    [-HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID]
    [-HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer]
    [/code:1:06d261b147]
    Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Hoe gaat het nu ?
  • Ja bedankt het is weg! :D

    Bedankt!!!! :D :D :D :D :D
  • ik had toch nog een aanvulling gezet in mijn vorig bericht.
  • Ik krijg dan een foutmelding :?

    [img:0796bb4216]http://img205.imageshack.us/img205/4326/foutmeldingrn2.png[/img:0796bb4216]
  • Oeps, ik was wat vergeten mee te plakken.

    REGEDIT4

    probeer het nu nog eens aub.
  • Jep, deze keer deed hij het wel :)
  • Gaat het goed nu ?
  • Ja bedankt :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.