Vraag & Antwoord
safe-site.com + set-upadvies gevraagd
68 antwoorden
- help ik heb iets van een virus… :cry:
Het gebeurt regelmatig dat ik automatisch wordt doorverwezen naar een andere site dan dat ik wil.
Als ik dan heel goed op let dan zie ik heel even de link [www.safesite.com] voorbij komen en daarna ga ik naar een willekeurige andere site toe…
Ik heb ondertussen al diverse scanners geprobeerd maar niets lijkt te helpen…
Wie weet hoe ik dit probleem op kan lossen
PS ik ben geen computer expert…[i:f564ef562e] :wink: [/i:f564ef562e]
windows XP - :o het log-je staat er ff na 13.00 uur op!
- Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:31, on 22-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Parental Control\ParentalControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file)
O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file)
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: iifecda - iifecda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
–
End of file - 5714 bytes - ff een up-date…
internetoptie zijn wel aanwezig onder het account van de administrator in de veilige modus?! - Download MBAM (Malwarebytes' Anti-Malware) via [b:2f842ca916] of [b:2f842ca916].
[list:2f842ca916]Dubbelklik op [b:2f842ca916]mbam-setup.exe[/b:2f842ca916] om het programma te installeren.[list:2f842ca916]
[*:2f842ca916]Zorg ervoor dat er een vinkje geplaatst is voor [b:2f842ca916]Update Malwarebytes' Anti-Malware[/b:2f842ca916] en [b:2f842ca916]Start Malwarebytes' Anti-Malware[/b:2f842ca916], Klik daarna op "Voltooien".
[*:2f842ca916]Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
[*:2f842ca916]Wanneer het programma volledig up to date is, selecteer dan in het tabblad [b:2f842ca916]Scanner[/b:2f842ca916] : "[b:2f842ca916]Snelle Scan[/b:2f842ca916]", daarna klik op [b:2f842ca916]Scan[/b:2f842ca916].
[*:2f842ca916]Het scannen kan een tijdje duren, dus wees geduldig.
[*:2f842ca916]Wanneer de scan voltooid is, klik op [b:2f842ca916]OK[/b:2f842ca916], daarna "Bekijk Resultaten" om de resultaten te zien.
[*:2f842ca916]Zorg ervoor dat daar [b:2f842ca916]alles aangevinkt is[/b:2f842ca916], daarna klik op: [b:2f842ca916]Verwijder geselecteerde[/b:2f842ca916].
[*:2f842ca916]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
[*:2f842ca916]De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
[*:2f842ca916]Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
[/list:u:2f842ca916]
[b:2f842ca916]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:2f842ca916][/list:u:2f842ca916] - Beste Pim,
de scanner loopt… zal tussen de middag eens zien wat ie heeft gevonden, had er al 2 gevonden voordat ik de deur uit ging.
een ander probleem is overigens dat er niet te surfen is op internet… laat (langzaam) de eerst pagina's zien maar dan houdt het toch op. in de veilige modus werk e.e.a. wel snel en goed, kan dat hier ook aan liggen of moet ik daar nog verder voor gaan zoeken?
In heb ik de tussentijd nog een andere vraag…. wat is een goede setup
om al dit soort problemen in de toekomst te voorkomen.
[b:f810ebaec1]Algemeen:[/b:f810ebaec1]
gebruikers: 2 volwassenen en 2 tieners
wens: een vlot en betrouwbaar systeem met een gebruikers account per persoon
[b:f810ebaec1]Voorstel:[/b:f810ebaec1]
beveiliging: NOD32 + firewall van Windows
brouwser: firefox
overig: crawler parental control, Systweak Memory Optimizer
[b:f810ebaec1]Systeem info:[/b:f810ebaec1]
System Information by Systweak
**************************************************
[b:f810ebaec1]*** General Information ***[/b:f810ebaec1]
Computer Type: Intel Corporation Pentium 4 1860 MHz.
BIOS: AT/AT COMPATIBLE Date: 09/14/01
Memory: Total physical: 255 MB. Used: 87%
Monitor: Plug en Play-monitor
Adapter: NVIDIA RIVA TNT2 Model 64/Model 64 Pro (Microsoft …
Mouse: PS/2-compatibele muis
Keyboard: Standaardtoetsenbord (101/102 toetsen) of Microsof…
Drives: 10 GB total free 37 GB total size in 1 drive
Windows name and version: Uniprocessor Free (5.1.2600)
**
**
IE version: 6.0.2900.2180
DirectX Version: Unknow or Newer then DirectX 9.0c (4.09.00.0904)
[b:f810ebaec1]*** Windows Information ***[/b:f810ebaec1]
Windows Name and Version: Uniprocessor Free (5.1.2600)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Default Email: C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE"
Product ID: **
Software Count: 147 installed software.
Language (ID): Original/English: Nederlands (Nederland) / Dutch (…
Country (ID): Nederland NLD (31)
TimeZone: West-Europa (standaardtijd)
DVD-Zone: Not specified
[b:f810ebaec1]*** Display Information ***[/b:f810ebaec1]
Display: Plug en Play-monitor
Max Resolution: 1024 x 768 - 32 bit
Current Resolution: 1024 x 768 - 32 bit
Adapter: NVIDIA RIVA TNT2 Model 64/Model 64 Pro (Microsoft …
Driver Version: 64.0
Technology: Raster Display
Color Bits: 32
Fonts Resolution: 96 dpi
Pixel width/height/diagonal: 36/36/51
[b:f810ebaec1]*** System Devices ***[/b:f810ebaec1]
Manufactured: Intel Corporation
Name: Pentium 4
CodeName: Willamette (0.18 µm)
Frequency: 1860 MHz
L1 cache: 20 KB
L2 cache: 256 KB
Socket: Socket 478
BIOS Manufactured: Award Software International, Inc.
BIOS Date: 09/14/2001
BIOS Version: 6.00 PG
BIOS Size: 256 KB
[b:f810ebaec1]*** MultiMedia Devices ***[/b:f810ebaec1]
Wave In: Intel(r) Integrated Audio v5.5
Wave Out: Intel(r) Integrated Audio v5.5
Midi In: MPU-401 v5.5
Midi Out: Microsoft GS Wavetable-software v5.5
Midi Out: MPU-401 v5.5
Mixer: Intel(r) Integrated Audio v5.5
[b:f810ebaec1]*** Printers ***[/b:f810ebaec1]
Name: HP LaserJet 4L Port: LPT1:
[b:f810ebaec1]*** Ports ***[/b:f810ebaec1]
Name: Communicatiepoort (COM1) Class: Poorten (COM & LPT)
Name: Printerpoort (LPT1) Class: Poorten (COM & LPT)
Name: Communicatiepoort (COM2) Class: Poorten (COM & LPT)
USB: {36FC9E60-C465-11CF-8056-444553540000}\0000 Class: USB Port
USB: {36FC9E60-C465-11CF-8056-444553540000}\0001 Class: USB Port
[b:f810ebaec1]*** Memory Information ***[/b:f810ebaec1]
Total Physical Memory: 255 MB
Total Windows Memory: 875 MB
Free Memory: 433 MB
Used Memory: 442 MB
AllocGranularity: 65536 bytes
MinAppAddress: 00010000
MaxAppAddress: 7FFEFFFF
Page Size: 4096 bytes
Total threads: 443
Total processes: 33
PageFile Total Size: 634064 KB (100%)
PageFile Used: 222300 KB (35%)
PageFile Free: 411764 KB (65%)
[b:f810ebaec1]*** Communication ***[/b:f810ebaec1]
Adapter: D-Link AirPlus DWL-520+ Wireless PCI Adapter - Pakketplanner-minipoort
Address: 00:40:05:55A
5
IP format: 0.0.0.0
Computer: **
Gateaway:
Mask: 0.0.0.0
Winsock Description: WinSock 2.0
Winsock Version: 2.2
[b:f810ebaec1]*** DirectX Information ***[/b:f810ebaec1]
Direct3D: Microsoft Direct3D Hardware-acceleratie via Direct3D-HAL
Direct3D: Microsoft Direct3D Mono(Ramp) Software-emulatie
Direct3D: Microsoft Direct3D RGB Software -emulatie
DirectPlay: WinSock TCP-verbinding voor DirectPlay
DirectPlay: WinSock IPX-verbinding voor DirectPlay
DirectPlay: Modemverbinding voor DirectPlay
DirectMusic: Microsoft Software Synthesizer
[b:f810ebaec1]**************************************************[/b:f810ebaec1]
[i:f810ebaec1]Systweak System Information Created: 23-4-2008 Please, visit our site http://www.systweak.com
** is verwijderde prive info[/i:f810ebaec1]
Ik hoor graag jullie mening en voorstellen - Helaas is de eerste ronde van het scannen vastgelopen…:?
Heb toen in de veilige modus een quick-scan gedaan en daarmee 3 problemen verwijdert.
In de eerste scan had het programma 4 problemen gevonden dus nu loopt er een voledige scan in de veiligemodus (met netwerk):o
De diverse logjes volgen later op de dag…. - Malwarebytes' Anti-Malware 1.11
Database versie: 672
Scan type: Snelle Scan
Objecten gescand: 46956
Verstreken tijd: 12 minute(s), 22 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
*****
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:14, on 23-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
[b:124b6b8b1a]Boot mode: Safe mode with network support[/b:124b6b8b1a]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file)
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: iifecda - iifecda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
–
End of file - 4941 bytes
****
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:28, on 23-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
[b:124b6b8b1a]Boot mode: Normal[/b:124b6b8b1a]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Parental Control\ParentalControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file)
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: iifecda - iifecda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
–
End of file - 5574 bytes
helaas krijg ik nog steeds dezelfde doorverwijzing en gaat surfen nog steeds erg moeizaam…. - Volg
- ComboFix 08-04-22.5 - NJK 2008-04-23 20:18:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.75 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\NJK\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))
.
2008-04-23 20:17 . 2008-04-23 20:17 1,024 –ah—– C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Malwarebytes
2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 12:45 . 2008-04-22 12:45 <DIR> d——– C:\Program Files\Trend Micro
2008-04-21 17:19 . 2008-04-22 07:39 165 –a—— C:\WINDOWS\startUp manager.INI
2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Systweak
2008-04-21 12:52 . 2008-04-22 07:52 606 –a—— C:\WINDOWS\Uninstall Manager.INI
2008-04-21 12:43 . 2008-04-21 12:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Systweak
2008-04-21 12:41 . 2008-04-21 12:42 <DIR> d——– C:\Program Files\Advanced System Optimizer
2008-04-20 20:17 . 2008-04-20 20:17 42 –a—— C:\WINDOWS\system32\AK083E209605E394C.lie
2008-04-20 12:04 . 2008-04-20 12:35 <DIR> d——– C:\Program Files\Parental Control
2008-04-20 12:04 . 2008-04-23 20:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ParentalControl
2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\ParentalControl
2008-04-19 16:57 . 2008-04-19 16:57 <DIR> d——– C:\Documents and Settings\test\Application Data\ParentalControl
2008-04-19 16:29 . 2008-02-22 02:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
2008-04-19 16:28 . 2008-04-19 16:28 <DIR> d——– C:\Program Files\Common Files\Java
2008-04-19 15:39 . 2008-04-19 15:39 230 –a—— C:\WINDOWS\system32\spupdsvc.inf
2008-04-19 15:06 . 2008-04-19 15:06 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\ParentalControl
2008-04-19 14:58 . 2008-04-19 14:58 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ParentalControl
2008-04-19 10:47 . 2008-04-19 14:48 <DIR> d——– C:\Program Files\Common Files\Panda Software
2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d——– C:\Program Files\uTorrent
2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d——– C:\Documents and Settings\NJK\Application Data\uTorrent
2008-04-18 18:08 . 2008-04-18 18:08 <DIR> d——– C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-18 12:50 . 2008-04-18 18:05 <DIR> d——– C:\Program Files\Panda Security
2008-04-18 12:44 . 2008-04-19 15:47 2,688 –a—— C:\WINDOWS\mozver.dat
2008-04-17 17:20 . 2008-04-19 16:56 <DIR> d——– C:\Program Files\Mozilla Firefox(2)
2008-04-17 17:20 . 2008-04-17 17:20 0 –a—— C:\WINDOWS\nsreg.dat
2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\test\Application Data\ESET
2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ESET
2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d——– C:\Program Files\Lavasoft
2008-04-16 22:16 . 2008-04-19 15:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-16 17:18 . 2008-04-20 21:49 <DIR> d——– C:\Program Files\Google
2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d——– C:\Program Files\Webteh
2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Program Files\ESET
2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
2008-04-14 00:13 . 2008-04-14 00:13 <DIR> d——– C:\N360_BACKUP
2008-04-13 17:15 . 2008-04-15 15:44 <DIR> d——– C:\Program Files\Norton 360
2008-04-13 17:11 . 2008-04-22 12:40 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-13 17:09 . 2008-04-22 12:40 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
2008-04-13 17:07 . 2007-03-21 20:39 1,060,864 –a—— C:\WINDOWS\system32\MFC71.DLL
2008-04-13 17:07 . 2008-04-13 17:07 1,047,552 –a—— C:\WINDOWS\system32\mfc71u.dll
2008-04-13 17:07 . 2008-04-13 17:07 608,448 –a—— C:\WINDOWS\system32\comctl32.ocx
2008-04-13 17:07 . 2008-04-13 17:07 89,088 –a—— C:\WINDOWS\system32\atl71.dll
2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\vlc
2008-04-12 21:54 . 2008-04-13 16:50 <DIR> d——– C:\Program Files\WinISO
2008-04-12 21:32 . 2008-04-12 21:32 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\vlc
2008-04-12 21:20 . 2008-04-15 17:52 <DIR> d——– C:\Program Files\VideoLAN
2008-04-12 11:39 . 2008-04-12 11:39 <DIR> d——– C:\fsaua.data
2008-04-06 18:36 . 2008-04-17 18:53 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
2008-04-06 18:36 . 2008-04-17 19:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 14:52 . 2008-04-06 15:15 <DIR> d——– C:\Program Files\Spyware Doctor
2008-04-06 13:21 . 2008-02-27 16:52 49,152 –a—— C:\WINDOWS\system32\ArmAccess.dll
2008-04-06 13:19 . 2008-04-06 15:15 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 12:07 . 2008-04-06 12:07 51,355 –a—— C:\WINDOWS\system32\muzika.xm
2008-03-29 11:20 . 2008-03-29 11:20 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Apple Computer
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 14:29 ——— d—–w C:\Program Files\Java
2008-04-19 08:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 16:03 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-04-18 10:37 ——— d—–w C:\Documents and Settings\NJK\Application Data\AVG7
2008-04-16 17:21 ——— d—–w C:\Documents and Settings\Sandra\Application Data\AVG7
2008-04-13 20:37 ——— d—–w C:\Program Files\Windows Live Safety Center
2008-04-13 20:35 ——— d—–w C:\Program Files\Windows Live
2008-04-11 15:36 ——— d—–w C:\Program Files\TomTom HOME 2
2008-04-10 15:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-09 17:43 ——— d—–w C:\Documents and Settings\NJK\Application Data\LimeWire
2008-04-06 10:23 ——— d—–w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 09:56 ——— d—–w C:\Documents and Settings\Gast\Application Data\AVG7
2008-03-29 21:31 ——— d—–w C:\Documents and Settings\Natalie\Application Data\Apple Computer
2008-03-28 21:48 ——— d—–w C:\Documents and Settings\NJK\Application Data\Apple Computer
2008-03-03 06:54 ——— d—–w C:\Program Files\Common Files\Adobe
2008-02-27 06:50 ——— d—–w C:\Program Files\LimeWire
2008-02-27 06:46 ——— d—–w C:\Program Files\LimeWire Plus
2008-02-24 20:32 ——— d—–w C:\Documents and Settings\test\Application Data\Apple Computer
2008-01-20 22:44 7,203 –sha-w C:\WINDOWS\system32\nqstv.ini2
.
[code:1:92f3fb84e7]<pre>
—-a-w 39,792 2008-01-19 21:37:55 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
—-a-w 200,704 2008-01-18 11:36:35 C:\Program Files\PowerISO\PWRISOVM .EXE
—-a-w 528,384 2008-01-19 21:38:06 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
—-a-w 378,784 2008-01-19 21:37:57 C:\Program Files\TomTom HOME 2\HOMERunner .exe
—-a-w 219,952 2008-01-20 20:56:26 C:\Program Files\uTorrent\uTorrent .exe
—-a-w 866,584 2008-01-20 20:56:29 C:\Program Files\Windows Defender\MSASCui .exe
—-a-w 15,360 2008-01-20 11:38:07 C:\WINDOWS\system32\ctfmon .exe
</pre>[/code:1:92f3fb84e7]
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
2008-04-22 07:55 1470488 –a—— C:\Program Files\LimewirePlus\tbLim1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A043BF-A08F-4979-9080-E3B3DEF462D0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-04-22 07:55 1470488]
[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-04-22 07:55 1470488]
[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
"Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ParentalControl"="C:\Program Files\Parental Control\ParentalControl.exe" [2008-04-01 00:02 6096384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-02-20 21:26:15 262144]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:56 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
"NoDispCPL"= 0 (0x0)
"DisableTaskMgr"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoFind"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecda]
iifecda.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Parental Control\\ParentalControl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57148:TCP"= 57148:TCP:*isabled:Utorrent
R1 cp_drv;Crawler Parental Control Driver;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_drv.sys [2008-04-20 12:07]
R1 cp_tdifw_drv;cp_tdifw_drv;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_tdifw_drv.sys [2008-04-20 12:07]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 23:48]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d9b6e-c116-11db-92db-00047627c0d4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-11 06:22:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 06:02:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 20:24:58
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
———————— Other Running Processes ————————
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-23 20:31:00 - machine was rebooted [NJK]
ComboFix-quarantined-files.txt 2008-04-23 18:30:51
Pre-Run: 10,948,124,672 bytes beschikbaar
Post-Run: 11,167,629,312 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
239 — E O F — 2008-04-20 09:53:57
****
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:18, on 23-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Parental Control\ParentalControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6A043BF-A08F-4979-9080-E3B3DEF462D0} - (no file)
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: iifecda - iifecda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
–
End of file - 5819 bytes
***
de nieuwe logjes… een echte verbetering is tot op heden niet merkbaar…
Heb je overigens ook nog een mening/advies over m'n vraag betreffend een goede set-up? - Wat betreft een goede setup/jouw voorstel:
NOD32 is een goede keuze voor aintivirus, hoor ik vele positieve verhalen over.
Aangezien de windows Firewall alleen verkeer van buitenaf monitort en geen bescherming biedt tegen verkeer van binnenuit, kan je misschien beter kiezen voor een aparte firewall. Gratis opties zijn o.a. Zonealarm, Comodo en Sunbelt (voorheen Kerio). Een aparte firewall vereist wel wat moeite omdat je programma's eenmalig toestemming moet geven om internet op te mogen.
Firefox is mooi, maar nog mooier met een paar addons. Noscript maakt het geheel nog veiliger en Adblock Plus helpt mooi tegen teveel reclame.
Ik zou als ik jouw was er nog een spywareprog bijzetten (Spybot S&D is gratis en goed) en daar regelmatig een scan mee doen.
Vergeet verder niet dat een veilig systeem ook een uptodate systeem is en dat je dus regelmatig nieuwe virusupdates en de kritische updates voor XP moet downloaden (kan je automatisch instellen). - da's goede info voor in de toekomst! daar kan ik wat mee!
zie jij in de logjes nog redenen waarom e.e.a. zo slecht blijft werken?
Het lijkt wel alsof ik bijv. 2 firewalls heb lopen… in de veilige modes met netwerk gaat ie als een trein maar dan leest alles zo lastig :wink: - Kan je eens een screenshot plaatsen van de melding die je krijgt?
Start Hijackthis, kies voor [i:edabef4a69]'Do a system scan only'[/i:edabef4a69] en vink onderstaande regels aan:
[b:edabef4a69]O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[/b:edabef4a69]
Sluit nu [u:edabef4a69]alle[/u:edabef4a69] openstaande vensters, behalve Hijackthis en klik op [b:edabef4a69]Fix Checked[/b:edabef4a69].
Herstart je PC en post een Hijackthis log ter controle. - ik weet niet precies waar je een afbeelding van wil dus dat hoor ik nog graag
maar dit zijn de problemen:
* rare vast loper
[size=24:9394ea5871] [i:9394ea5871]De verbinding werd geherinitialiseerd[/size:9394ea5871][/i:9394ea5871]
[i:9394ea5871]De verbinding met de server werd geherinitialiseerd tijdens het laden van de pagina.
* Misschien is de website tijdelijk niet beschikbaar of overbelast. Probeer over
enkele ogenblikken opnieuw.
* Controleer uw netwerkverbinding indien u geen enkele pagina kunt laden.
* Verzeker u ervan dat Firefox toegang heeft tot het web als uw
computer of netwerk beveiligd is door een firewall of proxyserver.[/i:9394ea5871]
* explore doet het nauwelijks meer, zeker niet in de normale modus
door dat probleem kan ik een aantal online scans al niet meer doen. dit zijn scan die onder Explore moeten starten. ook wou er 1 niet lopen omdat ik het maar niet voor elkaar kreeg om de update kompleet geladen te krijgen ? ook zo iets raars ik meen dat het hier gaat om housecall
* ik wordt ook regelmatig door verwezen via safe-site.com? en kom dan dus heel ergens anders uit dan dat ik wil. Je moet hier denken aan een een soort van filter want het reageert echt op bepaalde sites wel en bepaalde sites reageert het niet… ga zelf maar eens naar www.safe-site.com je wordt dan ook (denk ik) direct doorgelinkt naar iets anders bijv. http://www.clubtuki.com/tukimoola/clubTUKI.asp. Helaas kan ik met google hier (nog) niets over vinden.
* firefox geeft iets minder problemen maar komt in een normale modus ook niet verder dan een paar pagina's, het lijkt wel alsof ik 2 firewall heb lopen…
* en zo zijn er vast nog wel wat problemen te bedenken…
Bitdefender online deed het wel onder firefox, hier her rapport:
BitDefender Online Scanner
Scan report generated at: Fri, Apr 25, 2008 - 12:14:51
Scan path: A:\;C:\;D:\;
Statistics
Time
01:01:09
Files
146428
Folders
6072
Boot Sectors
2
Archives
1477
Packed Files
8597
Results
Identified Viruses
6
Infected Files
11
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
11
Engines Info
Virus Definitions
1180235
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
42
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Detected with: Spyware.Tool.Nircmd.B
C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Deleted
C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\NJK\Mijn documenten\LimeWire\Saved\empathy shelter mantra.mp3
Infected with: Trojan.Downloader.WMA.Wimad.N
C:\Documents and Settings\NJK\Mijn documenten\LimeWire\Saved\empathy shelter mantra.mp3
Deleted
C:\Documents and Settings\NJK\Mijn documenten\software downloads\***crack\run.exe
Infected with: Trojan.Zlob.CJI
C:\Documents and Settings\NJK\Mijn documenten\software downloads\***crack\run.exe
Deleted
C:\Documents and Settings\NJK\Mijn documenten\software downloads\***\keygen\keygen.exe
Infected with: Packer.Krunchy.A
C:\Documents and Settings\NJK\Mijn documenten\software downloads\***\keygen\keygen.exe
Disinfection failed
C:\Documents and Settings\NJK\Mijn documenten\software downloads\***\keygen\keygen.exe
Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\nqstv.ini2.vir
Infected with: Trojan.Vundo.DVS
C:\QooBox\Quarantine\C\WINDOWS\system32\nqstv.ini2.vir
Disinfection failed
C:\QooBox\Quarantine\C\WINDOWS\system32\nqstv.ini2.vir
Deleted
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP285\A0061638.exe
Detected with: Application.Psexec.S
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP285\A0061638.exe
Disinfection failed
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP285\A0061638.exe
Deleted
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP288\A0066423.exe
Detected with: Application.Psexec.S
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP288\A0066423.exe
Disinfection failed
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP288\A0066423.exe
Deleted
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP321\A0073770.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Detected with: Spyware.Tool.Nircmd.B
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP321\A0073770.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Deleted
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP321\A0073770.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP322\A0073818.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Detected with: Spyware.Tool.Nircmd.B
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP322\A0073818.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Deleted
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP322\A0073818.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP322\A0073819.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Detected with: Spyware.Tool.Nircmd.B
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP322\A0073819.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe
Deleted
C:\System Volume Information\_restore{D24E6A7B-C15B-4770-BDAC-4C714D2614B0}\RP322\A0073819.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\nqstv.ini
Infected with: Trojan.Vundo.DVS
C:\WINDOWS\system32\nqstv.ini
Disinfection failed
C:\WINDOWS\system32\nqstv.ini
Deleted
en hier het nieuwe HijackThis logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:11, on 26-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Parental Control\ParentalControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
–
End of file - 5611 bytes
ik hoop je zo weer wat meer info te hebben gegeven en dat je een idee hebt waar ik het zoeken moet… - Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:bd823423ea]
File::
C:\WINDOWS\system32\nqstv.ini2
RenV::
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\PowerISO\PWRISOVM .EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
C:\Program Files\TomTom HOME 2\HOMERunner .exe
C:\Program Files\uTorrent\uTorrent .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\WINDOWS\system32\ctfmon .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A043BF-A08F-4979-9080-E3B3DEF462D0}]
[-HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecda]
[/b:bd823423ea]
Sla dit op op je Bureaublad als [b:bd823423ea]CFScript.txt[/b:bd823423ea]
Sleep [b:bd823423ea]CFScript.txt[/b:bd823423ea] in [b:bd823423ea]ComboFix.exe[/b:bd823423ea] zoals getoond in onderstaand voorbeeld :
[img:bd823423ea]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:bd823423ea]
Dit zal [b:bd823423ea]ComboFix[/b:bd823423ea] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:bd823423ea]Combofix.txt[/b:bd823423ea] in je volgende antwoord samen met een nieuw HijackThislogje.
Nog problemen? - we gaan tussen de middag weer eens kijken!
alvast bedankt!
Ik hoor over panda ook erg goede dingen maar heb alleen het idee dat panda mijn systeem meer verzwaard dan NOD32… klop die gedachte een beetje? - Klopt, weet uit eigen ervaring (pc ouders) dat Panda redelijk wat resources wegslurpt.
- is het een idee om Comodo Firewall Pro PLUS te nemen?
en zo ja, kan ik dan iets anders weg laten? - Plus-versie is volgens mij antivirus en firewall in een. Ik ben niet bekend met dit product en weet dus niet of het een antivirus van het niveau NOD32 is.
Misschien dus beter om je geld uit te geven NOD32 als bewezen goede aankoop voor antivirus en de gratis comodo pro als firewall ernaast te zetten.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.