Vraag & Antwoord

Beveiliging & privacy

safe-site.com + set-upadvies gevraagd

68 antwoorden
  • Lijkt me dat er iets van spyware op je pc staat. In de [url=http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358]FAQ[/url] kan je o.a. lezen hoe je een hijackthis-log maakt. Als je dit log hier post, kan een van de experts je er vast wel mee helpen.
  • :o het log-je staat er ff na 13.00 uur op!
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:31, on 22-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Parental Control\ParentalControl.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file) O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file) O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: iifecda - iifecda.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) -- End of file - 5714 bytes
  • Download MBAM (Malwarebytes' Anti-Malware) via [url=http://www.besttechie.net/tools/mbam-setup.exe][b:2f842ca916][color=blue:2f842ca916]hier[/color:2f842ca916][/b:2f842ca916][/url] of [url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:2f842ca916][color=blue:2f842ca916]hier[/color:2f842ca916][/b:2f842ca916][/url]. [list:2f842ca916]Dubbelklik op [b:2f842ca916]mbam-setup.exe[/b:2f842ca916] om het programma te installeren.[list:2f842ca916] [*:2f842ca916]Zorg ervoor dat er een vinkje geplaatst is voor [b:2f842ca916]Update Malwarebytes' Anti-Malware[/b:2f842ca916] en [b:2f842ca916]Start Malwarebytes' Anti-Malware[/b:2f842ca916], Klik daarna op "Voltooien". [*:2f842ca916]Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden. [*:2f842ca916]Wanneer het programma volledig up to date is, selecteer dan in het tabblad [b:2f842ca916]Scanner[/b:2f842ca916] : "[b:2f842ca916]Snelle Scan[/b:2f842ca916]", daarna klik op [b:2f842ca916]Scan[/b:2f842ca916]. [*:2f842ca916]Het scannen kan een tijdje duren, dus wees geduldig. [*:2f842ca916]Wanneer de scan voltooid is, klik op [b:2f842ca916]OK[/b:2f842ca916], daarna "Bekijk Resultaten" om de resultaten te zien. [*:2f842ca916]Zorg ervoor dat daar [b:2f842ca916]alles aangevinkt is[/b:2f842ca916], daarna klik op: [b:2f842ca916]Verwijder geselecteerde[/b:2f842ca916]. [*:2f842ca916]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder) [*:2f842ca916]De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM. [*:2f842ca916]Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log. [/list:u:2f842ca916] [b:2f842ca916]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.[/b:2f842ca916][/list:u:2f842ca916]
  • Beste Pim, de scanner loopt... zal tussen de middag eens zien wat ie heeft gevonden, had er al 2 gevonden voordat ik de deur uit ging. een ander probleem is overigens dat er niet te surfen is op internet... laat (langzaam) de eerst pagina's zien maar dan houdt het toch op. in de veilige modus werk e.e.a. wel snel en goed, kan dat hier ook aan liggen of moet ik daar nog verder voor gaan zoeken? In heb ik de tussentijd nog een andere vraag.... wat is een goede setup om al dit soort problemen in de toekomst te voorkomen. [b:f810ebaec1]Algemeen:[/b:f810ebaec1] gebruikers: 2 volwassenen en 2 tieners wens: een vlot en betrouwbaar systeem met een gebruikers account per persoon [b:f810ebaec1]Voorstel:[/b:f810ebaec1] beveiliging: NOD32 + firewall van Windows brouwser: firefox overig: crawler parental control, Systweak Memory Optimizer [b:f810ebaec1]Systeem info:[/b:f810ebaec1] System Information by Systweak ************************************************** [b:f810ebaec1]*** General Information ***[/b:f810ebaec1] Computer Type: Intel Corporation Pentium 4 1860 MHz. BIOS: AT/AT COMPATIBLE Date: 09/14/01 Memory: Total physical: 255 MB. Used: 87% Monitor: Plug en Play-monitor Adapter: NVIDIA RIVA TNT2 Model 64/Model 64 Pro (Microsoft ... Mouse: PS/2-compatibele muis Keyboard: Standaardtoetsenbord (101/102 toetsen) of Microsof... Drives: 10 GB total free 37 GB total size in 1 drive Windows name and version: Uniprocessor Free (5.1.2600) ** ** IE version: 6.0.2900.2180 DirectX Version: Unknow or Newer then DirectX 9.0c (4.09.00.0904) [b:f810ebaec1]*** Windows Information ***[/b:f810ebaec1] Windows Name and Version: Uniprocessor Free (5.1.2600) Default Browser: C:\Program Files\Internet Explorer\iexplore.exe Default Email: C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE" Product ID: ** Software Count: 147 installed software. Language (ID): Original/English: Nederlands (Nederland) / Dutch (... Country (ID): Nederland NLD (31) TimeZone: West-Europa (standaardtijd) DVD-Zone: Not specified [b:f810ebaec1]*** Display Information ***[/b:f810ebaec1] Display: Plug en Play-monitor Max Resolution: 1024 x 768 - 32 bit Current Resolution: 1024 x 768 - 32 bit Adapter: NVIDIA RIVA TNT2 Model 64/Model 64 Pro (Microsoft ... Driver Version: 64.0 Technology: Raster Display Color Bits: 32 Fonts Resolution: 96 dpi Pixel width/height/diagonal: 36/36/51 [b:f810ebaec1]*** System Devices ***[/b:f810ebaec1] Manufactured: Intel Corporation Name: Pentium 4 CodeName: Willamette (0.18 µm) Frequency: 1860 MHz L1 cache: 20 KB L2 cache: 256 KB Socket: Socket 478 BIOS Manufactured: Award Software International, Inc. BIOS Date: 09/14/2001 BIOS Version: 6.00 PG BIOS Size: 256 KB [b:f810ebaec1]*** MultiMedia Devices ***[/b:f810ebaec1] Wave In: Intel(r) Integrated Audio v5.5 Wave Out: Intel(r) Integrated Audio v5.5 Midi In: MPU-401 v5.5 Midi Out: Microsoft GS Wavetable-software v5.5 Midi Out: MPU-401 v5.5 Mixer: Intel(r) Integrated Audio v5.5 [b:f810ebaec1]*** Printers ***[/b:f810ebaec1] Name: HP LaserJet 4L Port: LPT1: [b:f810ebaec1]*** Ports ***[/b:f810ebaec1] Name: Communicatiepoort (COM1) Class: Poorten (COM & LPT) Name: Printerpoort (LPT1) Class: Poorten (COM & LPT) Name: Communicatiepoort (COM2) Class: Poorten (COM & LPT) USB: {36FC9E60-C465-11CF-8056-444553540000}\0000 Class: USB Port USB: {36FC9E60-C465-11CF-8056-444553540000}\0001 Class: USB Port [b:f810ebaec1]*** Memory Information ***[/b:f810ebaec1] Total Physical Memory: 255 MB Total Windows Memory: 875 MB Free Memory: 433 MB Used Memory: 442 MB AllocGranularity: 65536 bytes MinAppAddress: 00010000 MaxAppAddress: 7FFEFFFF Page Size: 4096 bytes Total threads: 443 Total processes: 33 PageFile Total Size: 634064 KB (100%) PageFile Used: 222300 KB (35%) PageFile Free: 411764 KB (65%) [b:f810ebaec1]*** Communication ***[/b:f810ebaec1] Adapter: D-Link AirPlus DWL-520+ Wireless PCI Adapter - Pakketplanner-minipoort Address: 00:40:05:55:DA:D5 IP format: 0.0.0.0 Computer: ** Gateaway: Mask: 0.0.0.0 Winsock Description: WinSock 2.0 Winsock Version: 2.2 [b:f810ebaec1]*** DirectX Information ***[/b:f810ebaec1] Direct3D: Microsoft Direct3D Hardware-acceleratie via Direct3D-HAL Direct3D: Microsoft Direct3D Mono(Ramp) Software-emulatie Direct3D: Microsoft Direct3D RGB Software -emulatie DirectPlay: WinSock TCP-verbinding voor DirectPlay DirectPlay: WinSock IPX-verbinding voor DirectPlay DirectPlay: Modemverbinding voor DirectPlay DirectMusic: Microsoft Software Synthesizer [b:f810ebaec1]**************************************************[/b:f810ebaec1] [i:f810ebaec1]Systweak System Information Created: 23-4-2008 Please, visit our site http://www.systweak.com ** is verwijderde prive info[/i:f810ebaec1] Ik hoor graag jullie mening en voorstellen
  • Helaas is de eerste ronde van het scannen vastgelopen...:? Heb toen in de veilige modus een quick-scan gedaan en daarmee 3 problemen verwijdert. In de eerste scan had het programma 4 problemen gevonden dus nu loopt er een voledige scan in de veiligemodus (met netwerk):o De diverse logjes volgen later op de dag....
  • Malwarebytes' Anti-Malware 1.11 Database versie: 672 Scan type: Snelle Scan Objecten gescand: 46956 Verstreken tijd: 12 minute(s), 22 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) ***** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:14, on 23-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) [b:124b6b8b1a]Boot mode: Safe mode with network support[/b:124b6b8b1a] Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file) O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: iifecda - iifecda.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) -- End of file - 4941 bytes **** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:28, on 23-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) [b:124b6b8b1a]Boot mode: Normal[/b:124b6b8b1a] Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Parental Control\ParentalControl.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\iPod\bin\iPodService.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file) O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: iifecda - iifecda.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) -- End of file - 5574 bytes helaas krijg ik nog steeds dezelfde doorverwijzing en gaat surfen nog steeds erg moeizaam....
  • Volg [color=blue:e27fe32f58][url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze[/url][/color:e27fe32f58] instructies om [b:e27fe32f58]ComboFix[/b:e27fe32f58] te downloaden: [list:e27fe32f58] Voer de instructies op de BleepingComputer pagina uit, [i:e27fe32f58]inclusief het installeren van de XP Recovery Console[/i:e27fe32f58] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:e27fe32f58]download Combofix opnieuw.[/b:e27fe32f58] Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! [list:e27fe32f58] Dubbelklik op [b:e27fe32f58]Combofix.exe[/b:e27fe32f58] Tijdens het runnen van de fix, [b:e27fe32f58]NIET[/b:e27fe32f58] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:e27fe32f58]Combofix.txt[/b:e27fe32f58] openen. [/list:u:e27fe32f58] [i:e27fe32f58]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:e27fe32f58][/list:u:e27fe32f58]
  • ComboFix 08-04-22.5 - NJK 2008-04-23 20:18:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.75 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\NJK\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))) . 2008-04-23 20:17 . 2008-04-23 20:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\Malwarebytes 2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-22 12:45 . 2008-04-22 12:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-21 17:19 . 2008-04-22 07:39 165 --a------ C:\WINDOWS\startUp manager.INI 2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\Systweak 2008-04-21 12:52 . 2008-04-22 07:52 606 --a------ C:\WINDOWS\Uninstall Manager.INI 2008-04-21 12:43 . 2008-04-21 12:43 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\Systweak 2008-04-21 12:41 . 2008-04-21 12:42 <DIR> d-------- C:\Program Files\Advanced System Optimizer 2008-04-20 20:17 . 2008-04-20 20:17 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie 2008-04-20 12:04 . 2008-04-20 12:35 <DIR> d-------- C:\Program Files\Parental Control 2008-04-20 12:04 . 2008-04-23 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParentalControl 2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\ParentalControl 2008-04-19 16:57 . 2008-04-19 16:57 <DIR> d-------- C:\Documents and Settings\test\Application Data\ParentalControl 2008-04-19 16:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-19 16:28 . 2008-04-19 16:28 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-19 15:39 . 2008-04-19 15:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-04-19 15:06 . 2008-04-19 15:06 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\ParentalControl 2008-04-19 14:58 . 2008-04-19 14:58 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\ParentalControl 2008-04-19 10:47 . 2008-04-19 14:48 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d-------- C:\Program Files\uTorrent 2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\uTorrent 2008-04-18 18:08 . 2008-04-18 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-04-18 12:50 . 2008-04-18 18:05 <DIR> d-------- C:\Program Files\Panda Security 2008-04-18 12:44 . 2008-04-19 15:47 2,688 --a------ C:\WINDOWS\mozver.dat 2008-04-17 17:20 . 2008-04-19 16:56 <DIR> d-------- C:\Program Files\Mozilla Firefox(2) 2008-04-17 17:20 . 2008-04-17 17:20 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d-------- C:\Documents and Settings\test\Application Data\ESET 2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\ESET 2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-16 22:16 . 2008-04-19 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-16 17:18 . 2008-04-20 21:49 <DIR> d-------- C:\Program Files\Google 2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d-------- C:\Program Files\Webteh 2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d-------- C:\Program Files\ESET 2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-04-14 00:13 . 2008-04-14 00:13 <DIR> d-------- C:\N360_BACKUP 2008-04-13 17:15 . 2008-04-15 15:44 <DIR> d-------- C:\Program Files\Norton 360 2008-04-13 17:11 . 2008-04-22 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-13 17:09 . 2008-04-22 12:40 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-13 17:07 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-04-13 17:07 . 2008-04-13 17:07 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2008-04-13 17:07 . 2008-04-13 17:07 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-04-13 17:07 . 2008-04-13 17:07 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\vlc 2008-04-12 21:54 . 2008-04-13 16:50 <DIR> d-------- C:\Program Files\WinISO 2008-04-12 21:32 . 2008-04-12 21:32 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\vlc 2008-04-12 21:20 . 2008-04-15 17:52 <DIR> d-------- C:\Program Files\VideoLAN 2008-04-12 11:39 . 2008-04-12 11:39 <DIR> d-------- C:\fsaua.data 2008-04-06 18:36 . 2008-04-17 18:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-06 18:36 . 2008-04-17 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-06 14:52 . 2008-04-06 15:15 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-06 13:21 . 2008-02-27 16:52 49,152 --a------ C:\WINDOWS\system32\ArmAccess.dll 2008-04-06 13:19 . 2008-04-06 15:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-06 12:07 . 2008-04-06 12:07 51,355 --a------ C:\WINDOWS\system32\muzika.xm 2008-03-29 11:20 . 2008-03-29 11:20 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\Apple Computer . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 14:29 --------- d-----w C:\Program Files\Java 2008-04-19 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-04-18 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 10:37 --------- d-----w C:\Documents and Settings\NJK\Application Data\AVG7 2008-04-16 17:21 --------- d-----w C:\Documents and Settings\Sandra\Application Data\AVG7 2008-04-13 20:37 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-13 20:35 --------- d-----w C:\Program Files\Windows Live 2008-04-11 15:36 --------- d-----w C:\Program Files\TomTom HOME 2 2008-04-10 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-09 17:43 --------- d-----w C:\Documents and Settings\NJK\Application Data\LimeWire 2008-04-06 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-05 09:56 --------- d-----w C:\Documents and Settings\Gast\Application Data\AVG7 2008-03-29 21:31 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Apple Computer 2008-03-28 21:48 --------- d-----w C:\Documents and Settings\NJK\Application Data\Apple Computer 2008-03-03 06:54 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-27 06:50 --------- d-----w C:\Program Files\LimeWire 2008-02-27 06:46 --------- d-----w C:\Program Files\LimeWire Plus 2008-02-24 20:32 --------- d-----w C:\Documents and Settings\test\Application Data\Apple Computer 2008-01-20 22:44 7,203 --sha-w C:\WINDOWS\system32\nqstv.ini2 . [code:1:92f3fb84e7]<pre> ----a-w 39,792 2008-01-19 21:37:55 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 200,704 2008-01-18 11:36:35 C:\Program Files\PowerISO\PWRISOVM .EXE ----a-w 528,384 2008-01-19 21:38:06 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe ----a-w 378,784 2008-01-19 21:37:57 C:\Program Files\TomTom HOME 2\HOMERunner .exe ----a-w 219,952 2008-01-20 20:56:26 C:\Program Files\uTorrent\uTorrent .exe ----a-w 866,584 2008-01-20 20:56:29 C:\Program Files\Windows Defender\MSASCui .exe ----a-w 15,360 2008-01-20 11:38:07 C:\WINDOWS\system32\ctfmon .exe </pre>[/code:1:92f3fb84e7] ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] 2008-04-22 07:55 1470488 --a------ C:\Program Files\LimewirePlus\tbLim1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A043BF-A08F-4979-9080-E3B3DEF462D0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-04-22 07:55 1470488] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-04-22 07:55 1470488] [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ParentalControl"="C:\Program Files\Parental Control\ParentalControl.exe" [2008-04-01 00:02 6096384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-02-20 21:26:15 262144] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:56 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) "NoDispCPL"= 0 (0x0) "DisableTaskMgr"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoMultiIE"= 0 (0x0) "LWA"= 0 (0x0) "LWB"= 0 (0x0) "LWC"= 0 (0x0) "LWD"= 0 (0x0) "LWE"= 0 (0x0) "LWF"= 0 (0x0) "LWG"= 0 (0x0) "LWH"= 0 (0x0) "LWI"= 0 (0x0) "LWJ"= 0 (0x0) "LWK"= 0 (0x0) "LWL"= 0 (0x0) "LWM"= 0 (0x0) "LWN"= 0 (0x0) "LWO"= 0 (0x0) "LWP"= 0 (0x0) "LWQ"= 0 (0x0) "LWR"= 0 (0x0) "LWS"= 0 (0x0) "LWT"= 0 (0x0) "LWU"= 0 (0x0) "LWV"= 0 (0x0) "LWW"= 0 (0x0) "LWX"= 0 (0x0) "LWY"= 0 (0x0) "LWZ"= 0 (0x0) "NoRun"= 0 (0x0) "NoFind"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecda] iifecda.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Parental Control\\ParentalControl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57148:TCP"= 57148:TCP:*:Disabled:Utorrent R1 cp_drv;Crawler Parental Control Driver;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_drv.sys [2008-04-20 12:07] R1 cp_tdifw_drv;cp_tdifw_drv;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_tdifw_drv.sys [2008-04-20 12:07] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27] S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [] S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 23:48] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d9b6e-c116-11db-92db-00047627c0d4}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2008-04-11 06:22:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-23 06:02:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 20:24:58 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2008-04-23 20:31:00 - machine was rebooted [NJK] ComboFix-quarantined-files.txt 2008-04-23 18:30:51 Pre-Run: 10,948,124,672 bytes beschikbaar Post-Run: 11,167,629,312 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 239 --- E O F --- 2008-04-20 09:53:57 **** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:18, on 23-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Parental Control\ParentalControl.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file) O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: iifecda - iifecda.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) -- End of file - 5819 bytes *** de nieuwe logjes... een echte verbetering is tot op heden niet merkbaar... Heb je overigens ook nog een mening/advies over m'n vraag betreffend een goede set-up?
  • Wat betreft een goede setup/jouw voorstel: NOD32 is een goede keuze voor aintivirus, hoor ik vele positieve verhalen over. Aangezien de windows Firewall alleen verkeer van buitenaf monitort en geen bescherming biedt tegen verkeer van binnenuit, kan je misschien beter kiezen voor een aparte firewall. Gratis opties zijn o.a. Zonealarm, Comodo en Sunbelt (voorheen Kerio). Een aparte firewall vereist wel wat moeite omdat je programma's eenmalig toestemming moet geven om internet op te mogen. Firefox is mooi, maar nog mooier met een paar addons. Noscript maakt het geheel nog veiliger en Adblock Plus helpt mooi tegen teveel reclame. Ik zou als ik jouw was er nog een spywareprog bijzetten (Spybot S&D is gratis en goed) en daar regelmatig een scan mee doen. Vergeet verder niet dat een veilig systeem ook een uptodate systeem is en dat je dus regelmatig nieuwe virusupdates en de kritische updates voor XP moet downloaden (kan je automatisch instellen).
  • da's goede info voor in de toekomst! daar kan ik wat mee! zie jij in de logjes nog redenen waarom e.e.a. zo slecht blijft werken? Het lijkt wel alsof ik bijv. 2 firewalls heb lopen... in de veilige modes met netwerk gaat ie als een trein maar dan leest alles zo lastig :wink:
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:bd823423ea] File:: C:\WINDOWS\system32\nqstv.ini2 RenV:: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe C:\Program Files\PowerISO\PWRISOVM .EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe C:\Program Files\TomTom HOME 2\HOMERunner .exe C:\Program Files\uTorrent\uTorrent .exe C:\Program Files\Windows Defender\MSASCui .exe C:\WINDOWS\system32\ctfmon .exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A043BF-A08F-4979-9080-E3B3DEF462D0}] [-HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecda] [/b:bd823423ea] Sla dit op op je Bureaublad als [b:bd823423ea]CFScript.txt[/b:bd823423ea] Sleep [b:bd823423ea]CFScript.txt[/b:bd823423ea] in [b:bd823423ea]ComboFix.exe[/b:bd823423ea] zoals getoond in onderstaand voorbeeld : [img:bd823423ea]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:bd823423ea] Dit zal [b:bd823423ea]ComboFix[/b:bd823423ea] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:bd823423ea]Combofix.txt[/b:bd823423ea] in je volgende antwoord samen met een nieuw HijackThislogje. Nog problemen?
  • we gaan tussen de middag weer eens kijken! alvast bedankt! Ik hoor over panda ook erg goede dingen maar heb alleen het idee dat panda mijn systeem meer verzwaard dan NOD32... klop die gedachte een beetje?
  • Klopt, weet uit eigen ervaring (pc ouders) dat Panda redelijk wat resources wegslurpt.
  • is het een idee om Comodo Firewall Pro PLUS te nemen? en zo ja, kan ik dan iets anders weg laten?
  • Plus-versie is volgens mij antivirus en firewall in een. Ik ben niet bekend met dit product en weet dus niet of het een antivirus van het niveau NOD32 is. Misschien dus beter om je geld uit te geven NOD32 als bewezen goede aankoop voor antivirus en de gratis comodo pro als firewall ernaast te zetten.
  • klinkt als een goed advies! bedankt! :P
  • **
  • [b:73033d6089]opdacht voltooid! zie hier de bijbehorende logjes...[/b:73033d6089] ComboFix 08-04-22.5 - NJK 2008-04-24 12:39:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.68 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe Command switches used :: E:\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: C:\WINDOWS\system32\nqstv.ini2 . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nqstv.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))) . 2008-04-24 07:32 . 2008-04-24 12:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-24 07:32 . 2008-04-24 07:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-23 20:17 . 2008-04-23 20:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\Malwarebytes 2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-22 12:45 . 2008-04-22 12:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-21 17:19 . 2008-04-22 07:39 165 --a------ C:\WINDOWS\startUp manager.INI 2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\Systweak 2008-04-21 12:52 . 2008-04-23 21:30 605 --a------ C:\WINDOWS\Uninstall Manager.INI 2008-04-21 12:43 . 2008-04-21 12:43 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\Systweak 2008-04-21 12:41 . 2008-04-21 12:42 <DIR> d-------- C:\Program Files\Advanced System Optimizer 2008-04-20 20:17 . 2008-04-20 20:17 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie 2008-04-20 12:04 . 2008-04-20 12:35 <DIR> d-------- C:\Program Files\Parental Control 2008-04-20 12:04 . 2008-04-24 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParentalControl 2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\ParentalControl 2008-04-19 16:57 . 2008-04-19 16:57 <DIR> d-------- C:\Documents and Settings\test\Application Data\ParentalControl 2008-04-19 16:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-19 16:28 . 2008-04-19 16:28 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-19 15:39 . 2008-04-19 15:39 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-04-19 15:06 . 2008-04-19 15:06 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\ParentalControl 2008-04-19 14:58 . 2008-04-19 14:58 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\ParentalControl 2008-04-19 10:47 . 2008-04-19 14:48 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-04-19 09:55 . 2008-04-24 12:39 <DIR> d-------- C:\Program Files\uTorrent 2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\uTorrent 2008-04-18 18:08 . 2008-04-18 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-04-18 12:50 . 2008-04-18 18:05 <DIR> d-------- C:\Program Files\Panda Security 2008-04-18 12:44 . 2008-04-19 15:47 2,688 --a------ C:\WINDOWS\mozver.dat 2008-04-17 17:20 . 2008-04-19 16:56 <DIR> d-------- C:\Program Files\Mozilla Firefox(2) 2008-04-17 17:20 . 2008-04-17 17:20 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d-------- C:\Documents and Settings\test\Application Data\ESET 2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d-------- C:\Documents and Settings\NJK\Application Data\ESET 2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-16 22:16 . 2008-04-19 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-16 17:18 . 2008-04-20 21:49 <DIR> d-------- C:\Program Files\Google 2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d-------- C:\Program Files\Webteh 2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d-------- C:\Program Files\ESET 2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-04-14 00:13 . 2008-04-14 00:13 <DIR> d-------- C:\N360_BACKUP 2008-04-13 17:15 . 2008-04-15 15:44 <DIR> d-------- C:\Program Files\Norton 360 2008-04-13 17:11 . 2008-04-22 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-13 17:09 . 2008-04-22 12:40 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-13 17:07 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-04-13 17:07 . 2008-04-13 17:07 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2008-04-13 17:07 . 2008-04-13 17:07 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-04-13 17:07 . 2008-04-13 17:07 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\vlc 2008-04-12 21:54 . 2008-04-13 16:50 <DIR> d-------- C:\Program Files\WinISO 2008-04-12 21:32 . 2008-04-12 21:32 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\vlc 2008-04-12 21:20 . 2008-04-15 17:52 <DIR> d-------- C:\Program Files\VideoLAN 2008-04-12 11:39 . 2008-04-12 11:39 <DIR> d-------- C:\fsaua.data 2008-04-06 18:36 . 2008-04-17 18:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-06 18:36 . 2008-04-17 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-06 14:52 . 2008-04-06 15:15 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-06 13:21 . 2008-02-27 16:52 49,152 --a------ C:\WINDOWS\system32\ArmAccess.dll 2008-04-06 13:19 . 2008-04-06 15:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-06 12:07 . 2008-04-06 12:07 51,355 --a------ C:\WINDOWS\system32\muzika.xm 2008-03-29 11:20 . 2008-03-29 11:20 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\Apple Computer . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 10:39 --------- d-----w C:\Program Files\Windows Defender 2008-04-24 10:39 --------- d-----w C:\Program Files\TomTom HOME 2 2008-04-24 10:39 --------- d-----w C:\Program Files\PowerISO 2008-04-19 14:29 --------- d-----w C:\Program Files\Java 2008-04-19 13:19 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-19 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-04-18 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 10:37 --------- d-----w C:\Documents and Settings\NJK\Application Data\AVG7 2008-04-16 17:21 --------- d-----w C:\Documents and Settings\Sandra\Application Data\AVG7 2008-04-13 20:37 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-13 20:35 --------- d-----w C:\Program Files\Windows Live 2008-04-10 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-09 17:43 --------- d-----w C:\Documents and Settings\NJK\Application Data\LimeWire 2008-04-06 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-05 09:56 --------- d-----w C:\Documents and Settings\Gast\Application Data\AVG7 2008-03-29 21:31 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Apple Computer 2008-03-28 21:48 --------- d-----w C:\Documents and Settings\NJK\Application Data\Apple Computer 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-03 06:54 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-27 06:50 --------- d-----w C:\Program Files\LimeWire 2008-02-27 06:46 --------- d-----w C:\Program Files\LimeWire Plus 2008-02-24 20:32 --------- d-----w C:\Documents and Settings\test\Application Data\Apple Computer 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-23_20.30.29.04 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-23 18:24:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-24 10:36:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2004-08-04 08:03:27 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe + 2008-01-20 11:38:07 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe - 2004-08-04 08:03:27 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe + 2008-01-20 11:38:07 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360] "Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-19 23:37 39792] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ParentalControl"="C:\Program Files\Parental Control\ParentalControl.exe" [2008-04-01 00:02 6096384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-02-20 21:26:15 262144] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:56 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Parental Control\\ParentalControl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57148:TCP"= 57148:TCP:*:Disabled:Utorrent R1 cp_drv;Crawler Parental Control Driver;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_drv.sys [2008-04-20 12:07] R1 cp_tdifw_drv;cp_tdifw_drv;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_tdifw_drv.sys [2008-04-20 12:07] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27] S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [] S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 23:48] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d9b6e-c116-11db-92db-00047627c0d4}] \Shell\AutoRun\command - E:\LaunchU3.exe -a *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2008-04-11 06:22:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-23 06:02:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 12:42:49 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-24 12:45:46 ComboFix-quarantined-files.txt 2008-04-24 10:45:29 ComboFix2.txt 2008-04-23 18:31:02 Pre-Run: 11,461,812,224 bytes beschikbaar Post-Run: 11,448,365,056 bytes beschikbaar 195 --- E O F --- 2008-04-20 09:53:57 [b:73033d6089]en een hijackthis log...[/b:73033d6089] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:46, on 24-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Parental Control\ParentalControl.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) -- End of file - 5607 bytes [b:73033d6089]heb de wijzigingen nog niet kunnen testen... maar het surfen ging (nog) steeds niet heel erg snel... en de doorverwijzing naar safe-site doet het ook nog...[/b:73033d6089] [i:73033d6089]nou snap ik de logjes niet maar ik lees elke keer nog iets over [panda]. Ik heb dat programma enige tijd geleden verwijderd... moet daar nog iets mee gebeuren?[/i:73033d6089]
  • help ik heb iets van een virus... :cry: Het gebeurt regelmatig dat ik automatisch wordt doorverwezen naar een andere site dan dat ik wil. Als ik dan heel goed op let dan zie ik heel even de link [www.safesite.com] voorbij komen en daarna ga ik naar een willekeurige andere site toe... Ik heb ondertussen al diverse scanners geprobeerd maar niets lijkt te helpen... Wie weet hoe ik dit probleem op kan lossen PS ik ben geen computer expert...[i:f564ef562e] :wink: [/i:f564ef562e] windows XP

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.