Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

gehijackt?

juisterr
14 antwoorden
  • Regelmatig krijg ik een 'message from system to alert", met een "registry cleaner recommended".

    Ik denk dat ik gehijackt ben.

    Het HijackThis logfile is:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 1:47:52 PM, on 5/27/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Eicon\Diva\DiTask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Eicon\Diva\Divamon.exe
    C:\Program Files\Eicon\Diva\diinfo.exe
    C:\Program Files\Eicon\Diva\watch.exe
    C:\Program Files\Eicon\Diva\cgserver.exe
    E:\WINSHUT\WINSHUT.EXE
    E:\beveiliging\HiJackThis v2\HiJackThis_v2.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Gyula's Navigator\WinNav.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
    O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
    O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
    O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: WINSHUT.lnk = E:\WINSHUT\WINSHUT.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)


    End of file - 4072 bytes

    Jammergenoeg weet ik niet wat er gefixt moet worden.

    Graag kommentaar.
    Bij voorbaat mijn dank.

    Hein
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:e54a9077bd]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    [/b:e54a9077bd]
    Klik op 'Fix checked' om de items te verwijderen.

    [b:e54a9077bd]
  • Hijack uitgevoerd.

    Sun op dit moment niet bereikbaar.

    Mijn dank voor advies.
  • Inmiddels ook Java 6.0_0.1 geinstalleerd (a propos, hoe krijg ik de puntjes op de deze i?).
    Echter bericht komt weer terug.
    Ook de HKCU sleutel is er weer.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:23:57 AM, on 5/28/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Eicon\Diva\DiTask.exe
    C:\Program Files\Eicon\Diva\Divamon.exe
    C:\Program Files\Eicon\Diva\watch.exe
    C:\Program Files\Eicon\Diva\cgserver.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Eicon\Diva\diinfo.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    E:\WINSHUT\WINSHUT.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Gyula's Navigator\WinNav.exe
    E:\beveiliging\HiJackThis v2\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
    O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
    O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
    O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: WINSHUT.lnk = E:\WINSHUT\WINSHUT.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E07B0E9-DC1B-4F24-B361-4C45519E15BE}: NameServer = 194.109.6.66 194.109.104.104
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)

    Enige suggestie wat nu te doen?

    En, oh ja, ik heb ook de indruk dat het opstarten (zo niet alles) in een lagere versnelling is geraakt.
  • Nog langzamer?


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:57b3b97c02]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    [/b:57b3b97c02]
    Klik op 'Fix checked' om de items te verwijderen.

    ï

    Download [b:57b3b97c02]Combofix[/b:57b3b97c02] naar je Bureaublad.
    Dubbelklik [b:57b3b97c02]Combofix.exe[/b:57b3b97c02]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:57b3b97c02]NIET[/b:57b3b97c02] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:57b3b97c02]combofix.txt[/b:57b3b97c02] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • "vanVliet" - 2007-05-28 12:06:48 Service Pack 1
    ComboFix 07-05.27.V - Running from: "E:\beveiliging\combifix\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


    2007-05-27 14:11 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-05-26 15:01 4,608 –a—— C:\WINDOWS\system32\W95Inf32.DLL
    2007-05-26 15:01 2,272 –a—— C:\WINDOWS\system32\W95Inf16.DLL
    2007-05-26 15:01 <DIR> d——– C:\Program Files\RegVac
    2007-05-26 07:59 <DIR> d——– C:\Program Files\System Cleaner 2001
    2007-05-24 23:25 <DIR> d——– C:\Program Files\Common Files\DAO
    2007-05-24 23:22 <DIR> d——– C:\Program Files\Eicon
    2007-05-21 10:39 <DIR> d——– C:\unisecur
    2007-05-17 16:26 <DIR> d——– C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Help
    2007-05-07 18:28 0 –a—— C:\WINDOWS
    sreg.dat


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 08:06]
    "DiTask.exe"="C:\Program Files\Eicon\Diva\DiTask.exe" [2004-02-10 16:27]
    "Divamon.exe"="C:\Program Files\Eicon\Diva\Divamon.exe" [2004-02-05 16:12]
    "Eicon TechnologyLAN_DAEMON"="C:\Program Files\Eicon\Diva\watch.exe" [2004-02-05 16:09]
    "CGServer"="C:\Program Files\Eicon\Diva\cgserver.exe" [2004-02-05 16:07]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]


    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-28 12:10:18
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    ********************************************************************

    Completion time: 2007-05-28 12:11:44 - machine was rebooted
    C:\ComboFix3.txt … 2007-05-27 14:13
    C:\ComboFix-quarantined-files.txt … 2007-05-28 12:11
    C:\ComboFix2.txt … 2007-05-27 17:18

    — E O F —



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:14:23 PM, on 5/28/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Eicon\Diva\DiTask.exe
    C:\Program Files\Eicon\Diva\Divamon.exe
    C:\Program Files\Eicon\Diva\watch.exe
    C:\Program Files\Eicon\Diva\diinfo.exe
    C:\Program Files\Eicon\Diva\cgserver.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\WINSHUT\WINSHUT.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    E:\beveiliging\HiJackThis v2\HiJackThis_v2.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
    O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
    O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
    O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: WINSHUT.lnk = E:\WINSHUT\WINSHUT.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)


    End of file - 3961 bytes


    Zou
    O23 - Service Sygate ….
    en/of
    O16 DPF …..
    de boosdoener kunnen zijn?

    Beide programmas draaien niet meer.


  • Kun je eens C:\\[b:f3befd93dc] Divamon.exe [/b:f3befd93dc] uploaden naar :
    [b:f3befd93dc]
    http://www.bleepingcomputer.com/submit-malware.php?channel=9[/b:f3befd93dc]

    Hoe ? : [list:f3befd93dc]1. In het eerste venstertje (Link to topic where this file was requested:) kopieer en plak je deze link :
    [list:f3befd93dc][b:f3befd93dc] http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=175162 [/b:f3befd93dc][/list:u:f3befd93dc]
    2. In het tweede venstertje (Browse to the file you want to submit: ) kopieer en plak je dit :[list:f3befd93dc]C:\ pad naar het bestand[b:f3befd93dc][/b:f3befd93dc][/list:u:f3befd93dc]
    3. Klik op de [b:f3befd93dc]Send file[/b:f3befd93dc] knop[/list:u:f3befd93dc]
  • Uitgevoerd
  • Nieuw logje en vertel even hoe het nu gaat.
  • Log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:23:14 PM, on 5/28/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Eicon\Diva\Divamon.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    E:\WINSHUT\WINSHUT.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Eicon\Diva\DITASK.EXE
    C:\PROGRA~1\Eicon\Diva\watch.exe
    C:\PROGRA~1\Eicon\Diva\CGServer.exe
    C:\PROGRA~1\Eicon\Diva\diinfo.exe
    E:\beveiliging\HiJackThis v2\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
    O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
    O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
    O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: WINSHUT.lnk = E:\WINSHUT\WINSHUT.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E07B0E9-DC1B-4F24-B361-4C45519E15BE}: NameServer = 194.109.6.66 194.109.104.104
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)


    End of file - 4157 bytes


    De ongewenste berichten verschijnen nog.

    Enige verdere suggestie?
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:1268e60d8d]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    [/b:1268e60d8d]
    Klik op 'Fix checked' om de items te verwijderen.

    Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log
  • uitgevoerd.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:51:42 PM, on 5/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Eicon\Diva\DiTask.exe
    C:\Program Files\Eicon\Diva\Divamon.exe
    C:\Program Files\Eicon\Diva\watch.exe
    C:\Program Files\Eicon\Diva\cgserver.exe
    C:\Program Files\Eicon\Diva\diinfo.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\WINSHUT\WINSHUT.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Gyula's Navigator\WinNav.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\beveiliging\HiJackThis v2\HiJackThis_v2.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
    O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
    O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
    O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: WINSHUT.lnk = E:\WINSHUT\WINSHUT.EXE
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E07B0E9-DC1B-4F24-B361-4C45519E15BE}: NameServer = 194.109.6.66 194.109.104.104
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)


    End of file - 4169 bytes


    SDFix: Version 1.85

    Run by vanVliet - Tue 05/29/2007 - 18:11:22.94

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDfix

    Safe Mode:
    Checking Services:






    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting…


    Normal Mode:
    Checking Files:

    No Trojan Files Found




    Removing Temp Files…

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.



    Final Check:

    Remaining Services:
    ——————



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Eicon\\Diva\\WATCH.EXE"="C:\\Program Files\\Eicon\\Diva\\WATCH.EXE:*:Disabled:Syslog Daemon"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    Remaining Files:
    —————


    Checking For Files with Hidden Attributes:

    C:\COMMAND.COM
    C:\Program Files\Picasa2\setup.exe
    C:\WINDOWS\system32\config\SECURITY.tmp.LOG
    C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
    C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
    C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
    C:\WINDOWS\system32\config\SAM.tmp.LOG
    C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
    C:\Documents and Settings\LocalService\NTUSER.tmp.LOG
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
    C:\Documents and Settings\vanvliet\NTUSER.tmp.LOG
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT29.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT2B.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT2D.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT2F.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT31.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT33.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT35.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT37.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~notebooks_en_laptops~c339.xml\BIT39.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT2A.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT2C.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT2E.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT30.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT32.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT34.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT36.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT38.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT3A.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT3B.tmp
    C:\Documents and Settings\vanvliet\Local Settings\Application Data\Google\Google Desktop\6563542bd575\Slideshow\kopen.marktplaats.nl~computer_hardware~hardeschijven~c333.xml\BIT3C.tmp
    C:\Program Files\Google\Google Desktop Search\BIT6.tmp

    Finished


    PS:
    wat moet ik met O23: Sygate SMC service? Ik gebruik dat programma niet meer.
  • Open een kladblok bestand en kopieer onderstaande vetgedrukte tekst in dat kladblokbestand:
    [b:f2694e2d52]cd..
    cd..
    sc delete SmcService
    [/b:f2694e2d52]

    Sla het op op je bureaublad als sc.bat met als type "alle bestanden"
    Dubbelklik sc.bat.

    Herstart je pc.

    Hoe is het met de problemen.
  • [quote:1862c04f6e="juisterr"]Open een kladblok bestand en kopieer onderstaande vetgedrukte tekst in dat kladblokbestand:
    [b:1862c04f6e]cd..
    cd..
    sc delete SmcService
    [/b:1862c04f6e]

    Sla het op op je bureaublad als sc.bat met als type "alle bestanden"
    Dubbelklik sc.bat. [/quote:1862c04f6e]


    Ik geloof dat er een misverstand is:

    O23 is
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
    Wellicht had ik dit duidelijker moeten aangeven. sc.bat lijkt hier geen invloed op te hebben.

    Ook met Fix checked van HijackThis is deze O23 niet te verwijderen.


    Tot op heden verder geen ongevraagde berichten meer gehad; dus/wellicht alles is nu OK/under control.

    Blijft voor mij als geinteresseerde leek de vraag wat er aan de hand was. Kan ik hier iets uit leren ter preventie?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.