tja oompje peter, wil je een HJT logje plaatsen aub.
Het is een trojan horse.

http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358 lees hier hoe dat moet.


en hier wat het is.
http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Lootseek.AV&threatid=48049

Juisterr

Bij deze de log


Logfile of HijackThis v1.99.1
Scan saved at 14:03:28, on 25-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\security suite\ewido anti-malware\ewidoctrl.exe
D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Photoshop Elements\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8b04476b421c4957aea53262890d8777
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8b04476b421c4957aea53262890d8777
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB094F4B-1150-4210-AE5F-767EE605CDFC}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\security suite\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hmmm.


Download
[b:0fe59551cf]Combofix[/b:0fe59551cf] naar je Bureaublad.[list:0fe59551cf]
Dubbelklik [b:0fe59551cf]Combofix.exe[/b:0fe59551cf]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:0fe59551cf]NIET[/b:0fe59551cf] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0fe59551cf]
Wanneer de fix voltooid is en na herstart, zal de log [b:0fe59551cf]combofix.txt[/b:0fe59551cf] openen.
[i:0fe59551cf]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:0fe59551cf]

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Dit Peter - 06-09-25 21:02:16.26 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Peter\Bureaublad"

((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-24 10:49 178,408 –a—— C:\WINDOWS\system32\muweb.dll
2006-09-24 10:49 128,232 –a—— C:\WINDOWS\system32\mucltui.dll
2006-09-04 17:43 48,816 –a—— C:\WINDOWS\system32\S32EVNT1.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 21:02 ——– d——– C:\Documents and Settings\Peter\Application Data\Skype
2006-09-25 15:28 ——– d——– C:\Documents and Settings\Peter\Application Data\stickies
2006-09-25 14:28 ——– d——– C:\Program Files\stickies
2006-09-24 15:00 ——– d—s—- C:\Documents and Settings\Peter\Application Data\Microsoft
2006-09-23 16:12 ——– d——– C:\Program Files\MSN Messenger
2006-09-23 16:12 ——– d——– C:\Program Files\Messenger Plus! Live
2006-09-23 16:07 ——– d——– C:\Program Files\Windows Live Toolbar
2006-09-23 16:07 ——– d——– C:\Program Files\Common Files\Symantec Shared
2006-09-23 16:06 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-09-20 09:32 ——– d——– C:\Documents and Settings\Peter\Application Data\Google
2006-09-19 16:24 ——– d——– C:\Program Files\Google
2006-09-18 13:14 ——– d——– C:\Program Files\Spyware Doctor
2006-09-17 14:19 ——– d——– C:\Program Files\Symantec
2006-09-15 22:04 109744 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-07 13:17 ——– d——– C:\Program Files\Cordless USB Phone
2006-09-04 20:21 ——– d——– C:\Program Files\Common Files
2006-09-04 17:43 10344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-03 13:10 ——– d——– C:\Program Files\Internet Explorer
2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-07 16:02 534208 –a—— C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31936 –a—— C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28352 –a—— C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24768 –a—— C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195776 –a—— C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161472 –a—— C:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110784 –a—— C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12992 –a—— C:\WINDOWS\system32\drivers\symdns.sys
2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
2006-06-06 15:30 5506 –a—— C:\Documents and Settings\Peter\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"E:\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""
"SpeedTouch USB Diagnostics"=""
"Adobe Photo Downloader"="\"D:\\Photoshop Elements\\apdproxy.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Peter.job

Completion time: Mon 25-09-2006 21:03:01.03
ComboFix.txt
ComboFix2.txt
is een:

En twee:

Logfile of HijackThis v1.99.1
Scan saved at 21:06:05, on 25-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\security suite\ewido anti-malware\ewidoctrl.exe
D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Photoshop Elements\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\stickies\stickies.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8b04476b421c4957aea53262890d8777
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8b04476b421c4957aea53262890d8777
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB094F4B-1150-4210-AE5F-767EE605CDFC}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\security suite\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Sinds enige tijd vindt Norton het virus trojan.lootseek.av in twee mappen.
Het programma zegt dan dat de files niet verwijderd kunnen worden en enkele seconden later meldt het dat de problemen zijn opgelost. Om vervolgens een uur later wwer de vondst van dit virus te melden. Met googlen kom ik alleen maar bij Symantec terecht. Ik heb alles gedaan wat er beschreven staat, behalve de register vermeldingen niet verwijderd, want die komen bij niet voor.

Wat te doen??

Download en installeer .[list:0e4036c57a]
Na de installatie, open Ewido Anti-Spyware 4.0:
* onder "[b:0e4036c57a]Status[/b:0e4036c57a]", klik op [b:0e4036c57a]Change state[/b:0e4036c57a] naast "Resident shield". (wijzig van active naar [b:0e4036c57a]inactive[/b:0e4036c57a]!)
* onder "[b:0e4036c57a]Update[/b:0e4036c57a]", klik op de [b:0e4036c57a]Start update[/b:0e4036c57a] knop.
* onder "[b:0e4036c57a]Scanner[/b:0e4036c57a]", tab "Settings":[list:0e4036c57a]- onder "How to act?", klik op "[u:0e4036c57a]Recommended actions[/u:0e4036c57a]" en selecteer [b:0e4036c57a]Quarantine[/b:0e4036c57a]. ([b:0e4036c57a]ZEER BELANGRIJK![/b:0e4036c57a])
* onder "Reports", selecteer [b:0e4036c57a]Automatically generate report after every scan[/b:0e4036c57a] en [u:0e4036c57a]verwijder[/u:0e4036c57a] het vinkje bij [b:0e4036c57a]Only if threats were found[/b:0e4036c57a][/list:u:0e4036c57a]
Sluit Ewido. Laat het [b:0e4036c57a]nog niet[/b:0e4036c57a] scannen.[/list:u:0e4036c57a]

Start op in veilige modus

Start

ewido anti-spyware - Scan Report
———————————————————

+ Created at: 21:23:00 26-9-2006

+ Scan result:



C:\Documents and Settings\Peter\Cookies\peter@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Peter\Cookies\peter@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.


::Report end

Hoe is het met de problemen???

Ik durf nog niets te zeggen.
Hele dag weg geweest en nu Arsenal Porto

[quote:59656a19e1="OmePeter"]Ik durf nog niets te zeggen.
Hele dag weg geweest en nu Arsenal Porto[/quote:59656a19e1]

Lekker belangrijk :-? 8)

Vanavond Barcelona. Nog belangrijker!!!!

Maar….

Tot nu toe geen trojans meer.

Helaas, twintig minuten geleden weer de zelfde melding van Norton.

En nu!!!!

start op in veilige modus en doe een scan met je NORTON, verwijder alles wat het vind, ook uit de quarantine box.

plaats een nieuw HJT logje aub.

Kan het aan de toolbar van Google liggen…..



Logfile of HijackThis v1.99.1
Scan saved at 23:10:50, on 27-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Ewido\guard.exe
D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Photoshop Elements\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Ewido\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "D:\Ewido\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8b04476b421c4957aea53262890d8777
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8b04476b421c4957aea53262890d8777
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB094F4B-1150-4210-AE5F-767EE605CDFC}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Ewido\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

google toolbar = safe die houd juist een hoop rommel tegen.