Ga naar inhoud

Aanbevolen berichten

Geplaatst:

voila ik heb alles gedaan wat je gevraagd hebt en de scan van norton heeft momenteel geen virussen of trojans gevonden...

maar ik ben er nog niet van overtuigd dat mijn pc weer proper is want ie loopt weer trager dan anders...

ik heb wel terug gevonden waar norton die laatste trojan vundo heeft gevonden en het zijn nogal wat bestanden 128 register items ,1 bestand ,8 processen ,1 service ,1 browsercache...

ik hoop dat ik die hier niet allemaal moet typen want ik vind niet zo direkt een manier om alles in 1 keer naar hier te kopieren...

maar ik heb ondertussen gehoord dat het heel moeilijk is om een trojan vundo van uw pc te verwijderen... om hem zogezegd meteen bij de "wortel" te kunnen pakken.

dus heb ik het gevoel dat ik morgen gewoon weer bericht zal krijgen van norton dat ik weer trojan vundo heb...

desnoods doe ik gewoon ne grote format van heel min pc

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:
desnoods doe ik gewoon ne grote format van heel min pc
Als er nu iets is waar ik een onvoorstelbare hekel aan heb, dan is het wel aan het woord "formateren". In principe - zonder al te veel extra problemen - moet een Vundo kunnen verwijderd worden. En eigenlijk verlies ik niet zo graag tegen een PC en zijn kuren :)
voila ik heb alles gedaan wat je gevraagd hebt en de scan van norton heeft momenteel geen virussen of trojans gevonden...
Dat is al iets, maar natuurlijk nog geen volledige garantie dat alles ook OK is.

We geven niet op. Maak eens een log van HJT en eentje van Combofix op de account van je echtgenote (de gast, dus). En daarna eentje van elk op jouw naam (de gebruikersaccount, dus). Dan dat hele boeltje maar weer in een volgend bericht ... tenzij jij het natuurlijk wil opgeven. Dan zeg je het maar.

Geplaatst:

:) nee we geven niet op... ik moet ondertussen alweer melden dat ik gisteren weer melding heb gekregen van een trojan vundo deze keer weer door dat hulpprogramma van windows

ok hier is het log van HJT van min vrouw

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:39:27, on 13/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Packard Bell\FIJI\ABoard.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Packard Bell\FIJI\AOSD.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\mobsync.exe

C:\Users\Sinita\Desktop\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bMbb25215b] Rundll32.exe "C:\Users\Sinita\AppData\Local\Temp\dcrukwry.dll",s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bMbb25215b] Rundll32.exe "C:\Users\Sinita\AppData\Local\Temp\dcrukwry.dll",s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--

End of file - 10064 bytes

dan nu de log van combofix van min vrouw

ComboFix 08-04-12.5 - Sinita 2008-04-13 10:42:06.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1254 [GMT 2:00]

Gestart vanuit: C:\Users\Sinita\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\BMbb25215b.xml

C:\Windows\pskt.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ccEvtMgr

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 08:24 --------- d-----w C:\ProgramData\Symantec

2008-04-12 09:23 --------- d-----w C:\Users\Sinita\AppData\Roaming\Apple Computer

2008-04-12 09:16 --------- d-----w C:\Users\Sinita\AppData\Roaming\Ahead

2008-04-12 08:28 --------- d-----w C:\Users\Sinita\AppData\Roaming\LimeWirePlus

2008-04-10 19:41 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys

2008-04-10 18:48 262,144 ----a-w C:\ntuser.dat

2008-04-10 07:27 --------- d-----w C:\Program Files\Windows Mail

2008-04-09 21:35 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-09 21:29 --------- d---a-w C:\ProgramData\TEMP

2008-04-09 21:12 --------- d-----w C:\Users\Tommy\AppData\Roaming\uTorrent

2008-04-09 18:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\dvdcss

2008-04-07 17:29 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-04-07 17:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-06 18:04 164 ----a-w C:\install.dat

2008-04-06 09:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-04-04 18:48 --------- d-----w C:\Users\Tommy\AppData\Roaming\LimeWirePlus

2008-04-04 18:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Vso

2008-04-04 17:42 --------- d-----w C:\Users\Tommy\AppData\Roaming\Apple Computer

2008-04-04 15:59 --------- d-----w C:\Program Files\iTunes

2008-04-04 15:59 --------- d-----w C:\Program Files\iPod

2008-04-04 15:58 --------- d-----w C:\Program Files\QuickTime

2008-04-03 13:06 86 ----a-w C:\Users\Sinita\AppData\Roaming\wklnhst.dat

2008-04-02 20:00 --------- d-----w C:\Program Files\Subdownloader

2008-04-02 19:39 86 ----a-w C:\Users\Tommy\AppData\Roaming\wklnhst.dat

2008-04-02 19:36 --------- d-----w C:\Users\Tommy\AppData\Roaming\Template

2008-04-02 11:45 --------- d-----w C:\Users\Tommy\AppData\Roaming\Malwarebytes

2008-04-02 11:45 --------- d-----w C:\ProgramData\Malwarebytes

2008-03-30 03:50 97,728 ----a-w C:\Windows\system32\drivers\AnyDVD.sys

2008-03-23 11:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-03-23 11:30 --------- d-----w C:\Program Files\VistaCodecPack

2008-03-23 11:21 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS

2008-03-23 08:17 174 --sha-w C:\Program Files\desktop.ini

2008-03-22 19:23 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe

2008-03-22 19:20 --------- d-----w C:\Users\Tommy\AppData\Roaming\TuneUp Software

2008-03-22 19:20 --------- d-----w C:\ProgramData\TuneUp Software

2008-03-22 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-22 17:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-22 17:37 --------- d-----w C:\Program Files\CyberLink

2008-03-22 17:32 --------- d-----w C:\Program Files\Google

2008-03-22 17:14 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-22 16:40 --------- d-----w C:\Program Files\Java

2008-03-16 21:51 --------- d-----w C:\Program Files\EA Sports

2008-03-15 17:07 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-03-15 14:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-03-15 08:58 --------- d-----w C:\Program Files\Microsoft Works

2008-03-15 08:57 --------- d-----w C:\Program Files\MSBuild

2008-03-15 08:55 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll

2008-03-12 20:25 --------- d-----w C:\Program Files\FileZilla

2008-03-06 22:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll

2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll

2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll

2008-03-03 19:56 --------- d-----w C:\Users\Tommy\AppData\Roaming\Ahead

2008-03-03 19:21 --------- d-----w C:\ProgramData\Ahead

2008-03-03 19:20 --------- d-----w C:\Program Files\Common Files\Ahead

2008-03-03 19:16 --------- d-----w C:\ProgramData\Nero

2008-03-03 18:49 --------- d-----w C:\Program Files\Nero

2008-03-02 18:54 --------- d-----w C:\Program Files\Common Files\Nero

2008-03-01 14:38 --------- d-----w C:\Users\Sinita\AppData\Roaming\vlc

2008-03-01 12:55 87,608 ----a-w C:\Users\Tommy\AppData\Roaming\inst.exe

2008-03-01 12:55 47,360 ----a-w C:\Users\Tommy\AppData\Roaming\pcouffin.sys

2008-03-01 12:54 --------- d-----w C:\Program Files\VSO

2008-02-29 20:25 --------- d-----w C:\Users\Tommy\AppData\Roaming\vlc

2008-02-29 20:24 --------- d-----w C:\Program Files\VideoLAN

2008-02-29 19:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\ISP Monitor

2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll

2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll

2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys

2008-02-25 23:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Symantec

2008-02-25 22:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-25 21:35 737,280 ----a-w C:\Windows\iun6002.exe

2008-02-25 21:35 --------- d-----w C:\Program Files\ISP Monitor

2008-02-25 20:29 --------- d-----w C:\Program Files\DivX

2008-02-25 20:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-02-23 17:37 --------- d-----w C:\ProgramData\Elaborate Bytes

2008-02-23 17:35 --------- d-----w C:\Program Files\Elaborate Bytes

2008-02-21 07:46 --------- d-----w C:\Program Files\Real Alternative

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-20 20:51 --------- d-----w C:\ProgramData\vsosdk

2008-02-20 20:00 --------- d-----w C:\Users\Tommy\AppData\Roaming\DivX

2008-02-19 18:27 --------- d-----w C:\Users\Tommy\AppData\Roaming\Samsung

2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-04 22:45 1232896]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-12-13 20:10 103720]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-04 23:00 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]

"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NvSvc"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe]

"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]

"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 14:31 1629480]

"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7A5ED0CC-15A0-4DBC-A86F-AE2DB4DD5809}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{79EFB325-1004-4A8C-A0F8-29E9B6B6063A}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{A75D6A30-E063-4FE2-8999-0E55ED3C3CE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{A4422592-B616-44AB-96D7-C3A36C2C141E}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{C50245BE-3136-483D-BB4B-3A134A78F2FC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{57059CA5-7FBF-4039-B4A1-82B4590C2343}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{2FFD3834-A37B-4A67-8124-5376A2A28D08}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire

"{6D2F4E8A-9604-4B83-B145-94C7C01ECB29}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire

"{AF5ECC6E-9BB1-45AD-BEF6-649CA072ECE5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{BDDE8685-797E-463A-86F0-2A926C2891ED}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F6D066CD-392D-4E9E-83BE-88303681B7DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{09A9DA9E-FE8F-4B2D-8AF2-CB6657F757B9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18]

R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-01-11 01:01]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 01:26]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 23:40]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 11:45]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-22 21:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - COMHOST

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-13 08:50:57 C:\Windows\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-04-11 18:59:41 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Tommy.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-13 10:51:16

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\conime.exe

C:\Program Files\Packard Bell\FIJI\AOSD.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-13 10:53:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-13 08:53:08

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-09 21:35:30 --- E O F ---

dan nu de log van combofix van mezelf

ComboFix 08-04-12.5 - Tommy 2008-04-13 11:00:42.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1242 [GMT 2:00]

Gestart vanuit: C:\Users\Sinita\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Tommy\AppData\Roaming\inst.exe

C:\Windows\system32\dbdafbef_d.dll

C:\Windows\system32\fbceeab_z.dll

C:\Windows\system32\sys_dll.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 08:24 --------- d-----w C:\ProgramData\Symantec

2008-04-12 09:23 --------- d-----w C:\Users\Sinita\AppData\Roaming\Apple Computer

2008-04-12 09:16 --------- d-----w C:\Users\Sinita\AppData\Roaming\Ahead

2008-04-12 08:28 --------- d-----w C:\Users\Sinita\AppData\Roaming\LimeWirePlus

2008-04-10 19:41 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys

2008-04-10 18:48 262,144 ----a-w C:\ntuser.dat

2008-04-10 07:27 --------- d-----w C:\Program Files\Windows Mail

2008-04-09 21:35 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-09 21:29 --------- d---a-w C:\ProgramData\TEMP

2008-04-09 21:12 --------- d-----w C:\Users\Tommy\AppData\Roaming\uTorrent

2008-04-09 18:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\dvdcss

2008-04-07 17:29 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-04-07 17:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-06 18:04 164 ----a-w C:\install.dat

2008-04-06 09:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-04-04 18:48 --------- d-----w C:\Users\Tommy\AppData\Roaming\LimeWirePlus

2008-04-04 18:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Vso

2008-04-04 17:42 --------- d-----w C:\Users\Tommy\AppData\Roaming\Apple Computer

2008-04-04 15:59 --------- d-----w C:\Program Files\iTunes

2008-04-04 15:59 --------- d-----w C:\Program Files\iPod

2008-04-04 15:58 --------- d-----w C:\Program Files\QuickTime

2008-04-03 13:06 86 ----a-w C:\Users\Sinita\AppData\Roaming\wklnhst.dat

2008-04-02 20:00 --------- d-----w C:\Program Files\Subdownloader

2008-04-02 19:39 86 ----a-w C:\Users\Tommy\AppData\Roaming\wklnhst.dat

2008-04-02 19:36 --------- d-----w C:\Users\Tommy\AppData\Roaming\Template

2008-04-02 11:45 --------- d-----w C:\Users\Tommy\AppData\Roaming\Malwarebytes

2008-04-02 11:45 --------- d-----w C:\ProgramData\Malwarebytes

2008-03-30 03:50 97,728 ----a-w C:\Windows\system32\drivers\AnyDVD.sys

2008-03-23 11:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-03-23 11:30 --------- d-----w C:\Program Files\VistaCodecPack

2008-03-23 11:21 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS

2008-03-23 08:17 174 --sha-w C:\Program Files\desktop.ini

2008-03-22 19:23 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe

2008-03-22 19:20 --------- d-----w C:\Users\Tommy\AppData\Roaming\TuneUp Software

2008-03-22 19:20 --------- d-----w C:\ProgramData\TuneUp Software

2008-03-22 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-22 17:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-22 17:37 --------- d-----w C:\Program Files\CyberLink

2008-03-22 17:32 --------- d-----w C:\Program Files\Google

2008-03-22 17:14 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-22 16:40 --------- d-----w C:\Program Files\Java

2008-03-16 21:51 --------- d-----w C:\Program Files\EA Sports

2008-03-15 17:07 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-03-15 14:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-03-15 08:58 --------- d-----w C:\Program Files\Microsoft Works

2008-03-15 08:57 --------- d-----w C:\Program Files\MSBuild

2008-03-15 08:55 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll

2008-03-12 20:25 --------- d-----w C:\Program Files\FileZilla

2008-03-06 22:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll

2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll

2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll

2008-03-03 19:56 --------- d-----w C:\Users\Tommy\AppData\Roaming\Ahead

2008-03-03 19:21 --------- d-----w C:\ProgramData\Ahead

2008-03-03 19:20 --------- d-----w C:\Program Files\Common Files\Ahead

2008-03-03 19:16 --------- d-----w C:\ProgramData\Nero

2008-03-03 18:49 --------- d-----w C:\Program Files\Nero

2008-03-02 18:54 --------- d-----w C:\Program Files\Common Files\Nero

2008-03-01 14:38 --------- d-----w C:\Users\Sinita\AppData\Roaming\vlc

2008-03-01 12:55 47,360 ----a-w C:\Users\Tommy\AppData\Roaming\pcouffin.sys

2008-03-01 12:54 --------- d-----w C:\Program Files\VSO

2008-02-29 20:25 --------- d-----w C:\Users\Tommy\AppData\Roaming\vlc

2008-02-29 20:24 --------- d-----w C:\Program Files\VideoLAN

2008-02-29 19:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\ISP Monitor

2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll

2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll

2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys

2008-02-25 23:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Symantec

2008-02-25 22:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-25 21:35 737,280 ----a-w C:\Windows\iun6002.exe

2008-02-25 21:35 --------- d-----w C:\Program Files\ISP Monitor

2008-02-25 20:29 --------- d-----w C:\Program Files\DivX

2008-02-25 20:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-02-23 17:37 --------- d-----w C:\ProgramData\Elaborate Bytes

2008-02-23 17:35 --------- d-----w C:\Program Files\Elaborate Bytes

2008-02-21 07:46 --------- d-----w C:\Program Files\Real Alternative

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-20 20:51 --------- d-----w C:\ProgramData\vsosdk

2008-02-20 20:00 --------- d-----w C:\Users\Tommy\AppData\Roaming\DivX

2008-02-19 18:27 --------- d-----w C:\Users\Tommy\AppData\Roaming\Samsung

2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll

2008-02-16 15:31 --------- d-----w C:\Program Files\Samsung

.

((((((((((((((((((((((((((((( snapshot@2008-04-13_10.52.25.70 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-12 08:15:39 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-13 08:57:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-12 08:15:39 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-13 08:57:09 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-12 08:15:39 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-13 08:57:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-13 08:51:04 155,648 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-13 08:51:42 155,648 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-04-13 08:27:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-13 08:52:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-13 08:27:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-13 08:52:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-13 08:27:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-13 08:52:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-13 08:45:20 108,260 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-13 08:54:11 108,260 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-13 08:45:20 128,256 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-13 08:54:11 128,256 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-13 08:45:20 621,176 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-13 08:54:11 621,176 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-13 08:45:20 701,994 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-13 08:54:11 701,994 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-13 08:39:47 6,924 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2712686814-4207243440-308723581-1003_UserData.bin

+ 2008-04-13 08:52:53 7,312 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2712686814-4207243440-308723581-1003_UserData.bin

- 2008-04-13 08:39:46 72,692 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-13 08:52:51 72,762 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-04 22:45 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-02-23 00:53 442704]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-04 23:00 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]

"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NvSvc"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe]

"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]

"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 14:31 1629480]

"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7A5ED0CC-15A0-4DBC-A86F-AE2DB4DD5809}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{79EFB325-1004-4A8C-A0F8-29E9B6B6063A}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{A75D6A30-E063-4FE2-8999-0E55ED3C3CE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{A4422592-B616-44AB-96D7-C3A36C2C141E}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{C50245BE-3136-483D-BB4B-3A134A78F2FC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{57059CA5-7FBF-4039-B4A1-82B4590C2343}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{2FFD3834-A37B-4A67-8124-5376A2A28D08}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire

"{6D2F4E8A-9604-4B83-B145-94C7C01ECB29}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire

"{AF5ECC6E-9BB1-45AD-BEF6-649CA072ECE5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{BDDE8685-797E-463A-86F0-2A926C2891ED}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F6D066CD-392D-4E9E-83BE-88303681B7DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{09A9DA9E-FE8F-4B2D-8AF2-CB6657F757B9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18]

R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-01-11 01:01]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 01:26]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 23:40]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 11:45]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-22 21:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\shell\AutoRun\command - H:\Autorun.exe

*Newly Created Service* - COMHOST

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-13 09:00:00 C:\Windows\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-04-11 18:59:41 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Tommy.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-13 11:03:34

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-13 11:04:50

ComboFix-quarantined-files.txt 2008-04-13 09:04:41

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-09 21:35:30 --- E O F ---

en als laatste HJT van mezelf

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:08:36, on 13/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Packard Bell\FIJI\ABoard.exe

C:\Program Files\Packard Bell\FIJI\AOSD.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ISP Monitor\isp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Tommy\Desktop\anti-crap\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2712686814-4207243440-308723581-1003\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Sinita')

O4 - HKUS\S-1-5-21-2712686814-4207243440-308723581-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Sinita')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--

End of file - 9657 bytes

voila da is het :)

tot de volgende

Geplaatst:

oei oei big problems norton draait niet meer...

welk antivirus is eigenlijk het beste norton was toch een trial is nu misschien de moment om een andere

is nu misschien de moment om een andere antivirus te installeren...

heb al van alles geprobeerd en zelfs bij symantec weten ze niet wat de foutmelding betekent... er word me telkens gevraagd de pc opnieuw op te starten maar da helpt niet...

alsof die trojans nog niet genoeg problemen zijn moet da nu ook nog eens bijkomen :(

Geplaatst:

Op de account van je vrouw zit nog een boosdoener.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Run: [bMbb25215b] Rundll32.exe "C:\Users\Sinita\AppData\Local\Temp\dcrukwry.dll", s

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKCU\..\Run: [bMbb25215b] Rundll32.exe "C:\Users\Sinita\AppData\Local\Temp\dcrukwry.dll", s

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map via Windows Verkenner.

C:\Program Files\Windows Sidebar

En dan wordt het weer even afwachten of er iets nieuws gebeurd (na deze fix).

Geplaatst:

Liefst pas binnen enkele dagen ... of liever helemaal niet meer :) Hoewel we - zelfs als alles positief verloopt - nog wat "grote schoonmaak" moeten houden.

Geplaatst:

hallo dit maal heb ik eens goed nieuws :)

ik heb al 2 dagen alle mogelijke scans gedaan en er worden geen virussen of trojans gevonden dus dat ziet er goed uit...

de pc draait weer gelijk nieuw! :party:

bedankt!

:top:

Geplaatst:
hallo dit maal heb ik eens goed nieuws - de pc draait weer gelijk nieuw!
Fantastisch. Wil je dan nu nog even opnieuw de volledige schoonmaak herhalen die we al eerder voor jouw account hebben aanbevolen. En daarna kunnen hier de boeken toe :laugh:
Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.