Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Dag Kape,

-Ik heb zonet nog een virusscan gedaan met Panda Antivirus. Combofix wordt blijkbaar als virus/trojan horse herkend. Op aanraden van Panda website, heb ik nadien systeemherstel uitgeschakeld, computer weer opgestart en nadien systeemherstel weer ingeschakeld

-ivm mijn screenshots: wanneer ik hier op deze site op screenshot click, dan opent dat eerst in deze site (met zwarte achtergrond er om heen), wanneer ik dan nog eens klik, dan opent het in op een nieuwe pagina, en wanneer ik er dan nog eens op klik (muis is dan vergrootglas bij IE 7), dan kan ik alles perfect lezen.

-ben ondertussen bezig met nog eens Spybot te laten runnen, en ik zie nu al dat Virtumonde ER NOG STEEDS INZIT (......) straks screenshot

-ik volg nadien uw bovenstaande instructies op.

  • Reacties 23
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Geplaatste afbeeldingen

Geplaatst:

-Screenshot Spybot nadat Combofix Virtumonde "zogezegd" verwijderd had.

Andere problemen werden met Spybot verwijderd.

Ik voer nu uw bovenstaande instructies uit.

-Iets wat ik ook bemerkt heb (weet niet of het er iets mee te maken heeft). Wanneer ik naar de log-in pagina van Yahoo Mail ga, dan verschijnt er voor de http:// normaal een rode 'Y' (teken van Yahoo), wanneer ik dat nu doe, dan zie ik daar het teken van Blogger (oranje vierkantje met witte B in) verschijnen. De pagina lijkt echter orgineel, want wordt niet als phising ge-alarmeerd en bovendien is het sign-in seal correct (er wordt weergegeven wat ik er destijds had ingezet).

post-3159-1417703737,1269_thumb.jpg

Geplaatst:

-alle cookies verwijderd (vond echter niet de knop om bestanden te verwijderen)

-cleanmgr uitgevoerd

-Combofix + CFScript.txt uitgevoerd, LOG

-HijackThis, LOG

-dat Yahoo tekentje is nu teruggekeerd (zie vorige post)

ComboFix 08-03-26.3 - Bartus De Ridder 2008-03-28 15:32:34.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.414 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Bartus De Ridder\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bartus De Ridder\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat

C:\WINDOWS\msn.com

C:\WINDOWS\system32\kisowfjv.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat

C:\Temp\QRemove

C:\Temp\QRemove\MSvCR71.DLL

C:\Temp\QRemove\PFILE32.dll

C:\Temp\QRemove\PPROCS32.dll

C:\Temp\QRemove\PQDLL.dll

C:\Temp\QRemove\PQREMOVE_PSSCAN.EXE

C:\Temp\QRemove\PSKALLOC.DLL

C:\Temp\QRemove\PSKCMP.DLL

C:\Temp\QRemove\PS***IL.DLL

C:\Temp\QRemove\PSKVFILE.DLL

C:\Temp\QRemove\PSSCAN.DLL

C:\Temp\QRemove\PUTIL32.dll

C:\Temp\QRemove\PVER32.dll

C:\VundoFix Backups

C:\VundoFix Backups\addmorefiles.txt

C:\VundoFix Backups\tuvTMgFW.dll.bad

C:\WINDOWS\msn.com

C:\WINDOWS\system32\kisowfjv.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))

.

2008-03-27 21:07 . 2008-03-28 13:47 <DIR> d-------- C:\ComboFix[1]

2008-03-27 20:16 . 2008-03-27 20:16 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-27 19:52 . 2008-03-28 15:27 <DIR> dr-h----- C:\Documents and Settings\Bartus De Ridder\Onlangs geopend

2008-03-27 14:50 . 2008-03-27 14:50 95 --a------ C:\WINDOWS\wininit.ini

2008-03-27 13:33 . 2008-03-28 15:32 <DIR> d-------- C:\Temp

2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Systweak

2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Systweak

2008-03-27 11:47 . 2008-03-27 11:48 <DIR> d-------- C:\Program Files\Panda Security

2008-03-25 17:31 . 2008-03-25 17:31 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Flickr

2008-03-25 17:30 . 2008-03-27 21:33 <DIR> d-------- C:\Program Files\Flickr Uploadr

2008-03-25 15:22 . 2008-03-25 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia

2008-03-21 14:28 . 2008-03-27 18:50 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\skypePM

2008-03-21 14:28 . 2008-03-21 14:28 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-03-21 14:27 . 2008-03-21 14:27 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-03-19 20:12 . 2008-03-19 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-03-19 20:08 . 2007-03-15 17:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-03-19 20:08 . 2008-03-19 20:08 248 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-03-19 20:05 . 2008-03-19 20:05 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2008-03-19 20:05 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-03-19 20:05 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-03-19 09:38 . 2008-03-19 09:38 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-03-19 08:41 . 2008-03-19 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-03-18 23:46 . 2008-03-18 23:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-03-18 20:51 . 2008-03-18 23:43 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Download Manager

2008-03-18 10:29 . 2008-03-18 10:28 691,545 --a------ C:\WINDOWS\unins000.exe

2008-03-18 10:29 . 2008-03-18 10:29 2,555 --a------ C:\WINDOWS\unins000.dat

2008-03-17 17:08 . 2008-03-27 11:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-17 17:08 . 2008-03-17 17:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-17 13:58 . 2008-03-17 14:00 <DIR> d-------- C:\Program Files\Windows Live

2008-03-17 13:58 . 2008-03-17 13:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-17 13:58 . 2008-03-17 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 12:08 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Skype

2008-03-28 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-27 20:33 --------- d-----w C:\Program Files\DivX

2008-03-27 20:17 --------- d-----w C:\Program Files\Yahoo!

2008-03-27 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-27 13:05 --------- d-----w C:\Program Files\Windows Desktop Search

2008-03-27 13:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-27 12:47 --------- d-----w C:\Program Files\a-squared Free

2008-03-25 15:19 --------- d-----w C:\Program Files\Nokia

2008-03-25 15:19 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-25 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations

2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-21 10:55 --------- d-----w C:\Program Files\Google

2008-03-19 13:49 --------- d-----w C:\Program Files\Apoint2K

2008-03-19 13:48 --------- d-----w C:\Program Files\PC Connectivity Solution

2008-03-19 08:51 --------- d-----w C:\Program Files\Java

2008-03-18 22:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-15 17:54 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Creative

2008-02-11 20:07 --------- d-----w C:\Program Files\AC3Filter

2008-02-11 18:25 --------- d-----w C:\Program Files\LimeWire

2008-02-06 18:06 --------- d-----w C:\Program Files\XviD

2008-02-06 18:04 --------- d-----w C:\Program Files\AVIcodec

2008-02-06 18:02 --------- d-----w C:\Program Files\GSpot

2008-01-30 19:02 --------- d-----w C:\Program Files\QuickTime

2007-08-18 16:49 44,056 ----a-w C:\Documents and Settings\Bartus De Ridder\Application Data\GDIPFONTCACHEV1.DAT

2007-04-05 21:54 725,384 ----a-w C:\Program Files\WindowsXP-KB935448-x86-NLD.exe

2007-03-31 11:47 3,375,112 ----a-w C:\Program Files\lusetup.exe

2007-03-31 09:54 3,281,408 ----a-w C:\Program Files\SymADataWeb.msi

2007-03-30 19:25 19,755,560 ----a-w C:\Program Files\avg75free_446a965.exe

2007-03-30 19:22 13,829,120 ----a-w C:\Program Files\a2FreeSetup.exe

2007-03-30 18:15 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe

2007-03-30 16:18 20,933,888 ----a-w C:\Program Files\SkypeSetup.exe

2007-03-30 15:40 466,600 ----a-w C:\Program Files\msgr8uk.exe

2007-03-30 15:07 21,282 ----a-w C:\Program Files\Uninst.isu

2007-03-30 15:06 359 ----a-w C:\Program Files\cdsearch.cfg

2007-03-30 15:05 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe

2007-03-30 15:02 86,016 ----a-w C:\Program Files\setupenne.dll

2007-03-30 13:30 810,384 ----a-w C:\Program Files\Google_Updater.exe

2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

2004-03-18 12:55 14,953 ----a-w C:\Program Files\VDEN.RES

2004-03-18 12:55 14,881 ----a-w C:\Program Files\VDNE.RES

2004-03-17 16:02 2,364 ----a-w C:\Program Files\leesmij.txt

2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDNE.exe

2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDEN.exe

2004-03-17 12:28 280,784 ----a-w C:\Program Files\VDwin_g.res

2002-07-02 10:49 94,208 ----a-w C:\Program Files\cdutil32.dll

2002-07-01 17:55 81,920 ----a-w C:\Program Files\thsqry32.dll

2002-07-01 16:20 462,848 ----a-w C:\Program Files\cdclnt32.dll

2002-07-01 15:23 177,235 ----a-w C:\Program Files\hbserv32.dll

2002-06-25 14:32 339,968 ----a-w C:\Program Files\cdserv32.dll

2002-02-01 15:54 320,512 ----a-w C:\Program Files\gb.dll

1998-12-23 07:10 291,840 ----a-w C:\Program Files\LTKRN10N.DLL

1998-12-23 07:10 226,304 ----a-w C:\Program Files\Ltdis10n.dll

1998-12-23 07:10 102,912 ----a-w C:\Program Files\LTFIL10N.DLL

1997-11-08 15:44 233,472 ----a-w C:\Program Files\ILDA32.DLL

1997-05-15 17:07 4,590 ----a-w C:\Program Files\DOSWIN32.DAF

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:47 65536]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 14:30 68856]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 10:17 1077328]

"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]

"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248]

"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]

"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]

"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]

"TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 15:11 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]

"TPSMain"="TPSMain.exe" [2005-08-11 15:14 266240 C:\WINDOWS\system32\TPSMain.exe]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 12:28 118784]

"TFncKy"="TFncKy.exe" []

"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]

"NDSTray.exe"="NDSTray.exe" []

"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:33 262144]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Bartus De Ridder\Menu Start\Programma's\Opstarten\

Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14 59080]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-30 15:51:19 113664]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-30 14:30:41 124912]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-30 16:58:19 450560]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08 257752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

"{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\tuvTMgFW.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 15:40]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49]

R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 20:15]

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-22 14:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 15:33:50

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-28 15:34:12

ComboFix-quarantined-files.txt 2008-03-28 14:34:09

ComboFix2.txt 2008-03-28 12:30:41

Pre-Run: 17,107,357,696 bytes beschikbaar

Post-Run: 17,093,083,136 bytes beschikbaar

.

2008-03-19 08:38:45 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:04, on 28/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Vind snel wat je zoekt met MSN Search Toolbar

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - (no file)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 14700 bytes

Ben eens benieuwd ;-)

Geplaatst:

Dat ziet er geslaagd uit.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder nu alle items (ook die Virtumonde) in Spybot. En laat deze eens opnieuw scannen. Net als een nieuwe scan met Panda Active Scan.

En dan ben ook ik benieuwd wat die te vertellen hebben ?

Geplaatst:

ok,

-O2 - BHO verwijderd

-maar het wanneer ik combofix /u doe, dan vraagt mijn computer of ik die software wil uitvoeren, ik klik op "ja", maar dan opent enkel het blauwe venster van Combofix, met daarin een blinke cursor, maar verder geen activiteit...kan ik Combofix ook op een andere manier verwijderen en een systeemherstelpunt aanmaken (via systeemherste)?

btw, een eerste Spybot scan (voor plaatsen van dit bericht) toonde geen Virtumonde meer, ik hoop dat het straks ook nog zo is ;-)

Geplaatst:
kan ik Combofix ook op een andere manier verwijderen en een systeemherstelpunt aanmaken (via systeemherste)?
Programma Combofix verwijderen van je bureaublad, de map C:/QooBOX deleten en inderdaad via Systeemherstel een nieuw herstelpunt aanmaken.
een eerste Spybot scan (voor plaatsen van dit bericht) toonde geen Virtumonde meer, ik hoop dat het straks ook nog zo is
Het is gewaagd om een dergelijke uitspraak te doen : maar ik ben er vrij zeker van dat het ook bij een tweede beurt nog zo zal zijn :) Hou me op de hoogte.
Geplaatst:

in C:\ vind ik ook een map ComboFix en ComboFix[1] terug met daarin heel wat bestanden.

Moet/mag ik die ook verwijderen?

Ben nu aan het scannen zowel met Spybot als met Panda Antivirus.

Ik hou u op de hoogte.

Geplaatst:

-1e scan (dus vóór verwijderen van ComboFix en maken herstelpunt): geen bedreigingen gevonden

-2e scan (na maken herstelpunt, gebruik van internet): 3 tracking cookies, verwijderd met Spybot.

-Panda is nog aan het scannen, toont 1 virus (gedesinfecteerd - ik veronderstel dat dat ComboFix is dat nog in de prullenmand zit). Eindresultaat volgt straks!

post-3159-1417703737,3088_thumb.jpg

post-3159-1417703737,3409_thumb.jpg

Geplaatst:
in C:\ vind ik ook een map ComboFix en ComboFix[1] terug met daarin heel wat bestanden
Alles wat je daarvan terugvindt mag weg.
Geplaatst:

Ziezo, Panda scan is afgelopen; zoals gedacht werd alles wat met ComboFix te maken heeft, beschouwd als virus en gedesinfecteerd of hernoemd (ComboFix in Prullenmand, en dat andere in C:\ComboFix).

Ik maak nu nog de prullenmand leeg, en dan denk ik dat het probleem opgelost is.....of heb ik nog iets over het hoofd gezien?

ALVAST SUPER BEDANKT VOOR DE VLOTTE EN ZEER SNELLE HULP!!!!!!!!!

Bart uit Gent

PS: MSN/Windows Live Messenger komt er bij mij NIET meer in !!!!

post-3159-1417703737,3821_thumb.jpg

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.