Vraag & Antwoord

Beveiliging & privacy

trojan.lootseek.AV

Anoniem
None
16 antwoorden
  • Sinds enige tijd vindt Norton het virus trojan.lootseek.av in twee mappen.
    Het programma zegt dan dat de files niet verwijderd kunnen worden en enkele seconden later meldt het dat de problemen zijn opgelost. Om vervolgens een uur later wwer de vondst van dit virus te melden. Met googlen kom ik alleen maar bij Symantec terecht. Ik heb alles gedaan wat er beschreven staat, behalve de register vermeldingen niet verwijderd, want die komen bij niet voor.

    Wat te doen??
  • tja oompje peter, wil je een HJT logje plaatsen aub.
    Het is een trojan horse.

    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358 lees hier hoe dat moet.


    en hier wat het is.
    http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Lootseek.AV&threatid=48049

    Juisterr
  • Bij deze de log


    Logfile of HijackThis v1.99.1
    Scan saved at 14:03:28, on 25-9-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\security suite\ewido anti-malware\ewidoctrl.exe
    D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
    D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Photoshop Elements\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8b04476b421c4957aea53262890d8777
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8b04476b421c4957aea53262890d8777
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB094F4B-1150-4210-AE5F-767EE605CDFC}: NameServer = 80.58.61.250 80.58.61.254
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - D:\security suite\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Hmmm.


    Download
    [b:0fe59551cf]Combofix[/b:0fe59551cf] naar je Bureaublad.[list:0fe59551cf]
    Dubbelklik [b:0fe59551cf]Combofix.exe[/b:0fe59551cf]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:0fe59551cf]NIET[/b:0fe59551cf] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0fe59551cf]
    Wanneer de fix voltooid is en na herstart, zal de log [b:0fe59551cf]combofix.txt[/b:0fe59551cf] openen.
    [i:0fe59551cf]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:0fe59551cf]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Dit Peter - 06-09-25 21:02:16.26 Service Pack 2
    ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Peter\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


    2006-09-24 10:49 178,408 –a—— C:\WINDOWS\system32\muweb.dll
    2006-09-24 10:49 128,232 –a—— C:\WINDOWS\system32\mucltui.dll
    2006-09-04 17:43 48,816 –a—— C:\WINDOWS\system32\S32EVNT1.DLL


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-25 21:02 ——– d——– C:\Documents and Settings\Peter\Application Data\Skype
    2006-09-25 15:28 ——– d——– C:\Documents and Settings\Peter\Application Data\stickies
    2006-09-25 14:28 ——– d——– C:\Program Files\stickies
    2006-09-24 15:00 ——– d—s—- C:\Documents and Settings\Peter\Application Data\Microsoft
    2006-09-23 16:12 ——– d——– C:\Program Files\MSN Messenger
    2006-09-23 16:12 ——– d——– C:\Program Files\Messenger Plus! Live
    2006-09-23 16:07 ——– d——– C:\Program Files\Windows Live Toolbar
    2006-09-23 16:07 ——– d——– C:\Program Files\Common Files\Symantec Shared
    2006-09-23 16:06 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-09-20 09:32 ——– d——– C:\Documents and Settings\Peter\Application Data\Google
    2006-09-19 16:24 ——– d——– C:\Program Files\Google
    2006-09-18 13:14 ——– d——– C:\Program Files\Spyware Doctor
    2006-09-17 14:19 ——– d——– C:\Program Files\Symantec
    2006-09-15 22:04 109744 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2006-09-07 13:17 ——– d——– C:\Program Files\Cordless USB Phone
    2006-09-04 20:21 ——– d——– C:\Program Files\Common Files
    2006-09-04 17:43 10344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
    2006-09-03 13:10 ——– d——– C:\Program Files\Internet Explorer
    2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-07 16:02 534208 –a—— C:\WINDOWS\system32\SymNeti.dll
    2006-08-07 16:02 31936 –a—— C:\WINDOWS\system32\drivers\symids.sys
    2006-08-07 16:02 28352 –a—— C:\WINDOWS\system32\drivers\symndis.sys
    2006-08-07 16:02 24768 –a—— C:\WINDOWS\system32\drivers\symredrv.sys
    2006-08-07 16:02 195776 –a—— C:\WINDOWS\system32\drivers\symtdi.sys
    2006-08-07 16:02 161472 –a—— C:\WINDOWS\system32\SymRedir.dll
    2006-08-07 16:02 110784 –a—— C:\WINDOWS\system32\drivers\symfw.sys
    2006-08-07 16:01 12992 –a—— C:\WINDOWS\system32\drivers\symdns.sys
    2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
    2006-06-06 15:30 5506 –a—— C:\Documents and Settings\Peter\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Skype"="\"E:\\Phone\\Skype.exe\" /nosplash /minimized"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    @=""
    "SpeedTouch USB Diagnostics"=""
    "Adobe Photo Downloader"="\"D:\\Photoshop Elements\\apdproxy.exe\""
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Peter.job

    Completion time: Mon 25-09-2006 21:03:01.03
    ComboFix.txt
    ComboFix2.txt
    is een:
  • En twee:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:06:05, on 25-9-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\security suite\ewido anti-malware\ewidoctrl.exe
    D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
    D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Photoshop Elements\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    C:\Program Files\stickies\stickies.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
    O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8b04476b421c4957aea53262890d8777
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8b04476b421c4957aea53262890d8777
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB094F4B-1150-4210-AE5F-767EE605CDFC}: NameServer = 80.58.61.250 80.58.61.254
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - D:\security suite\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Download en installeer .[list:0e4036c57a]
    Na de installatie, open Ewido Anti-Spyware 4.0:
    * onder "[b:0e4036c57a]Status[/b:0e4036c57a]", klik op [b:0e4036c57a]Change state[/b:0e4036c57a] naast "Resident shield". (wijzig van active naar [b:0e4036c57a]inactive[/b:0e4036c57a]!)
    * onder "[b:0e4036c57a]Update[/b:0e4036c57a]", klik op de [b:0e4036c57a]Start update[/b:0e4036c57a] knop.
    * onder "[b:0e4036c57a]Scanner[/b:0e4036c57a]", tab "Settings":[list:0e4036c57a]- onder "How to act?", klik op "[u:0e4036c57a]Recommended actions[/u:0e4036c57a]" en selecteer [b:0e4036c57a]Quarantine[/b:0e4036c57a]. ([b:0e4036c57a]ZEER BELANGRIJK![/b:0e4036c57a])
    * onder "Reports", selecteer [b:0e4036c57a]Automatically generate report after every scan[/b:0e4036c57a] en [u:0e4036c57a]verwijder[/u:0e4036c57a] het vinkje bij [b:0e4036c57a]Only if threats were found[/b:0e4036c57a][/list:u:0e4036c57a]
    Sluit Ewido. Laat het [b:0e4036c57a]nog niet[/b:0e4036c57a] scannen.[/list:u:0e4036c57a]

    Start op in veilige modus

    Start
  • ewido anti-spyware - Scan Report
    ———————————————————

    + Created at: 21:23:00 26-9-2006

    + Scan result:



    C:\Documents and Settings\Peter\Cookies\peter@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Peter\Cookies\peter@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.


    ::Report end
  • Hoe is het met de problemen???
  • Ik durf nog niets te zeggen.
    Hele dag weg geweest en nu Arsenal Porto
  • [quote:59656a19e1="OmePeter"]Ik durf nog niets te zeggen.
    Hele dag weg geweest en nu Arsenal Porto[/quote:59656a19e1]

    Lekker belangrijk :-? 8)
  • Vanavond Barcelona. Nog belangrijker!!!!

    Maar….

    Tot nu toe geen trojans meer.
  • Helaas, twintig minuten geleden weer de zelfde melding van Norton.

    En nu!!!!
  • start op in veilige modus en doe een scan met je NORTON, verwijder alles wat het vind, ook uit de quarantine box.

    plaats een nieuw HJT logje aub.
  • Kan het aan de toolbar van Google liggen…..



    Logfile of HijackThis v1.99.1
    Scan saved at 23:10:50, on 27-9-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\Ewido\guard.exe
    D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
    D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Photoshop Elements\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    D:\Ewido\ewido.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Phone\Skype.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton Systemwork\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Photoshop Elements\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!ewido] "D:\Ewido\ewido.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8b04476b421c4957aea53262890d8777
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8b04476b421c4957aea53262890d8777
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/nl/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB094F4B-1150-4210-AE5F-767EE605CDFC}: NameServer = 80.58.61.250 80.58.61.254
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Ewido\guard.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton Systemwork\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • google toolbar = safe die houd juist een hoop rommel tegen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.