stinkfinger

ok bedankt!

ok bedankt... ziet er momenteel goed uit lijkt wel goed te draaien weer nu. en wat moet ik nu doen met die tea timer van spybot

ok bedankt maar niet alles is gelukt... reset teatimer lukte niet ik kreeg de melding " unsuported system". en met hijackthis kon ik de items wextract cleanup niet verwijderen want dat stond er niet meer op... het logje van hijackthis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:34:51, on 1/08/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) Boot mode: Normal Running processes: C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Packard Bell\FIJI\ABoard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Packard Bell\FIJI\AOSD.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Tommy\Desktop\anti-crap\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 8495 bytes het logje van mbam Malwarebytes' Anti-Malware 1.24 Database versie: 1014 Windows 6.0.6001 Service Pack 1 20:11:57 1/08/2008 mbam-log-8-1-2008 (20-11-57).txt Scan type: Volledige Scan (C:\|) Objecten gescand: 174542 Verstreken tijd: 1 hour(s), 32 minute(s), 54 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden)

hallo ik weet niet wat er juist aan de hand is maar mijn pc heeft rare manieren... vooral tijdens het gamen. iki heb enkele dagen geleden een game van het internet gehaald maar instaleren lukte me niet in de plaats kreeg ik telkens meldingen over veranderingen in het opstarten wextract cleanup ofzo... en nu elke keer ik mijn pc opstart krijg ik die meldingen een keer of 5. ik heb al met vanalles gescant en heb een trojan uitgehaalt en ook een malware... maar ik denk dat er nog iets gaande is want als ik nu zit te gamen valt de boel plots uit en gaat ie gewoon weer naar windows... ik heb ook nog maar sinds vorige week een andere grafische kaart zitten maar ik zie daar niet meteen het probleem in want die werkte eerst uitstekend. ik voeg er een logje hijackthis bij en hoop dat jullie mij kunnen helpen... Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 0:11:06, on 1/08/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Packard Bell\FIJI\ABoard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Packard Bell\FIJI\AOSD.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Tommy\Desktop\anti-crap\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\RunOnce: [wextract_cleanup4] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tommy\AppData\Local\Temp\IXP004.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup5] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tommy\AppData\Local\Temp\IXP005.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup6] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tommy\AppData\Local\Temp\IXP006.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup7] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tommy\AppData\Local\Temp\IXP007.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup8] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tommy\AppData\Local\Temp\IXP008.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup9] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tommy\AppData\Local\Temp\IXP009.TMP\" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 9311 bytes

ok nog s bedankt

hallo dit maal heb ik eens goed nieuws ik heb al 2 dagen alle mogelijke scans gedaan en er worden geen virussen of trojans gevonden dus dat ziet er goed uit... de pc draait weer gelijk nieuw! bedankt!

ok bedankt je hoort me weer binnen enkele dagen... of wat vroeger als het weer tegenzit

oei oei big problems norton draait niet meer... welk antivirus is eigenlijk het beste norton was toch een trial is nu misschien de moment om een andere is nu misschien de moment om een andere antivirus te installeren... heb al van alles geprobeerd en zelfs bij symantec weten ze niet wat de foutmelding betekent... er word me telkens gevraagd de pc opnieuw op te starten maar da helpt niet... alsof die trojans nog niet genoeg problemen zijn moet da nu ook nog eens bijkomen

nee we geven niet op... ik moet ondertussen alweer melden dat ik gisteren weer melding heb gekregen van een trojan vundo deze keer weer door dat hulpprogramma van windows ok hier is het log van HJT van min vrouw Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:27, on 13/04/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Packard Bell\FIJI\ABoard.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Packard Bell\FIJI\AOSD.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Users\Sinita\Desktop\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [bMbb25215b] Rundll32.exe "C:\Users\Sinita\AppData\Local\Temp\dcrukwry.dll",s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [bMbb25215b] Rundll32.exe "C:\Users\Sinita\AppData\Local\Temp\dcrukwry.dll",s O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 10064 bytes dan nu de log van combofix van min vrouw ComboFix 08-04-12.5 - Sinita 2008-04-13 10:42:06.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1254 [GMT 2:00] Gestart vanuit: C:\Users\Sinita\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\BMbb25215b.xml C:\Windows\pskt.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ccEvtMgr (((((((((((((((((((( Bestanden Gemaakt van 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 08:24 --------- d-----w C:\ProgramData\Symantec 2008-04-12 09:23 --------- d-----w C:\Users\Sinita\AppData\Roaming\Apple Computer 2008-04-12 09:16 --------- d-----w C:\Users\Sinita\AppData\Roaming\Ahead 2008-04-12 08:28 --------- d-----w C:\Users\Sinita\AppData\Roaming\LimeWirePlus 2008-04-10 19:41 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys 2008-04-10 18:48 262,144 ----a-w C:\ntuser.dat 2008-04-10 07:27 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 21:35 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 21:29 --------- d---a-w C:\ProgramData\TEMP 2008-04-09 21:12 --------- d-----w C:\Users\Tommy\AppData\Roaming\uTorrent 2008-04-09 18:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\dvdcss 2008-04-07 17:29 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-07 17:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-06 18:04 164 ----a-w C:\install.dat 2008-04-06 09:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-04-04 18:48 --------- d-----w C:\Users\Tommy\AppData\Roaming\LimeWirePlus 2008-04-04 18:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Vso 2008-04-04 17:42 --------- d-----w C:\Users\Tommy\AppData\Roaming\Apple Computer 2008-04-04 15:59 --------- d-----w C:\Program Files\iTunes 2008-04-04 15:59 --------- d-----w C:\Program Files\iPod 2008-04-04 15:58 --------- d-----w C:\Program Files\QuickTime 2008-04-03 13:06 86 ----a-w C:\Users\Sinita\AppData\Roaming\wklnhst.dat 2008-04-02 20:00 --------- d-----w C:\Program Files\Subdownloader 2008-04-02 19:39 86 ----a-w C:\Users\Tommy\AppData\Roaming\wklnhst.dat 2008-04-02 19:36 --------- d-----w C:\Users\Tommy\AppData\Roaming\Template 2008-04-02 11:45 --------- d-----w C:\Users\Tommy\AppData\Roaming\Malwarebytes 2008-04-02 11:45 --------- d-----w C:\ProgramData\Malwarebytes 2008-03-30 03:50 97,728 ----a-w C:\Windows\system32\drivers\AnyDVD.sys 2008-03-23 11:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-03-23 11:30 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-23 11:21 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS 2008-03-23 08:17 174 --sha-w C:\Program Files\desktop.ini 2008-03-22 19:23 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-03-22 19:20 --------- d-----w C:\Users\Tommy\AppData\Roaming\TuneUp Software 2008-03-22 19:20 --------- d-----w C:\ProgramData\TuneUp Software 2008-03-22 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-22 17:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-22 17:37 --------- d-----w C:\Program Files\CyberLink 2008-03-22 17:32 --------- d-----w C:\Program Files\Google 2008-03-22 17:14 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-22 16:40 --------- d-----w C:\Program Files\Java 2008-03-16 21:51 --------- d-----w C:\Program Files\EA Sports 2008-03-15 17:07 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-15 14:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-15 08:58 --------- d-----w C:\Program Files\Microsoft Works 2008-03-15 08:57 --------- d-----w C:\Program Files\MSBuild 2008-03-15 08:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll 2008-03-12 20:25 --------- d-----w C:\Program Files\FileZilla 2008-03-06 22:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll 2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll 2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll 2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll 2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll 2008-03-03 19:56 --------- d-----w C:\Users\Tommy\AppData\Roaming\Ahead 2008-03-03 19:21 --------- d-----w C:\ProgramData\Ahead 2008-03-03 19:20 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-03 19:16 --------- d-----w C:\ProgramData\Nero 2008-03-03 18:49 --------- d-----w C:\Program Files\Nero 2008-03-02 18:54 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-01 14:38 --------- d-----w C:\Users\Sinita\AppData\Roaming\vlc 2008-03-01 12:55 87,608 ----a-w C:\Users\Tommy\AppData\Roaming\inst.exe 2008-03-01 12:55 47,360 ----a-w C:\Users\Tommy\AppData\Roaming\pcouffin.sys 2008-03-01 12:54 --------- d-----w C:\Program Files\VSO 2008-02-29 20:25 --------- d-----w C:\Users\Tommy\AppData\Roaming\vlc 2008-02-29 20:24 --------- d-----w C:\Program Files\VideoLAN 2008-02-29 19:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\ISP Monitor 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll 2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll 2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys 2008-02-25 23:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Symantec 2008-02-25 22:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-25 21:35 737,280 ----a-w C:\Windows\iun6002.exe 2008-02-25 21:35 --------- d-----w C:\Program Files\ISP Monitor 2008-02-25 20:29 --------- d-----w C:\Program Files\DivX 2008-02-25 20:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-02-23 17:37 --------- d-----w C:\ProgramData\Elaborate Bytes 2008-02-23 17:35 --------- d-----w C:\Program Files\Elaborate Bytes 2008-02-21 07:46 --------- d-----w C:\Program Files\Real Alternative 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-20 20:51 --------- d-----w C:\ProgramData\vsosdk 2008-02-20 20:00 --------- d-----w C:\Users\Tommy\AppData\Roaming\DivX 2008-02-19 18:27 --------- d-----w C:\Users\Tommy\AppData\Roaming\Samsung 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-04 22:45 1232896] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-12-13 20:10 103720] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-04 23:00 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696] "ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvSvc"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 14:31 1629480] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7A5ED0CC-15A0-4DBC-A86F-AE2DB4DD5809}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{79EFB325-1004-4A8C-A0F8-29E9B6B6063A}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A75D6A30-E063-4FE2-8999-0E55ED3C3CE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A4422592-B616-44AB-96D7-C3A36C2C141E}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{C50245BE-3136-483D-BB4B-3A134A78F2FC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{57059CA5-7FBF-4039-B4A1-82B4590C2343}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2FFD3834-A37B-4A67-8124-5376A2A28D08}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire "{6D2F4E8A-9604-4B83-B145-94C7C01ECB29}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire "{AF5ECC6E-9BB1-45AD-BEF6-649CA072ECE5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{BDDE8685-797E-463A-86F0-2A926C2891ED}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F6D066CD-392D-4E9E-83BE-88303681B7DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{09A9DA9E-FE8F-4B2D-8AF2-CB6657F757B9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18] R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-01-11 01:01] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 01:26] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 23:40] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-22 21:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-04-13 08:50:57 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-11 18:59:41 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Tommy.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 10:51:16 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\System32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\conime.exe C:\Program Files\Packard Bell\FIJI\AOSD.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\wbem\WMIADAP.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe . ************************************************************************** . Voltooingstijd: 2008-04-13 10:53:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-13 08:53:08 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. . 2008-04-09 21:35:30 --- E O F --- dan nu de log van combofix van mezelf ComboFix 08-04-12.5 - Tommy 2008-04-13 11:00:42.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1242 [GMT 2:00] Gestart vanuit: C:\Users\Sinita\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Tommy\AppData\Roaming\inst.exe C:\Windows\system32\dbdafbef_d.dll C:\Windows\system32\fbceeab_z.dll C:\Windows\system32\sys_dll.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 08:24 --------- d-----w C:\ProgramData\Symantec 2008-04-12 09:23 --------- d-----w C:\Users\Sinita\AppData\Roaming\Apple Computer 2008-04-12 09:16 --------- d-----w C:\Users\Sinita\AppData\Roaming\Ahead 2008-04-12 08:28 --------- d-----w C:\Users\Sinita\AppData\Roaming\LimeWirePlus 2008-04-10 19:41 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys 2008-04-10 18:48 262,144 ----a-w C:\ntuser.dat 2008-04-10 07:27 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 21:35 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 21:29 --------- d---a-w C:\ProgramData\TEMP 2008-04-09 21:12 --------- d-----w C:\Users\Tommy\AppData\Roaming\uTorrent 2008-04-09 18:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\dvdcss 2008-04-07 17:29 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-07 17:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-06 18:04 164 ----a-w C:\install.dat 2008-04-06 09:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-04-04 18:48 --------- d-----w C:\Users\Tommy\AppData\Roaming\LimeWirePlus 2008-04-04 18:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Vso 2008-04-04 17:42 --------- d-----w C:\Users\Tommy\AppData\Roaming\Apple Computer 2008-04-04 15:59 --------- d-----w C:\Program Files\iTunes 2008-04-04 15:59 --------- d-----w C:\Program Files\iPod 2008-04-04 15:58 --------- d-----w C:\Program Files\QuickTime 2008-04-03 13:06 86 ----a-w C:\Users\Sinita\AppData\Roaming\wklnhst.dat 2008-04-02 20:00 --------- d-----w C:\Program Files\Subdownloader 2008-04-02 19:39 86 ----a-w C:\Users\Tommy\AppData\Roaming\wklnhst.dat 2008-04-02 19:36 --------- d-----w C:\Users\Tommy\AppData\Roaming\Template 2008-04-02 11:45 --------- d-----w C:\Users\Tommy\AppData\Roaming\Malwarebytes 2008-04-02 11:45 --------- d-----w C:\ProgramData\Malwarebytes 2008-03-30 03:50 97,728 ----a-w C:\Windows\system32\drivers\AnyDVD.sys 2008-03-23 11:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-03-23 11:30 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-23 11:21 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS 2008-03-23 08:17 174 --sha-w C:\Program Files\desktop.ini 2008-03-22 19:23 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-03-22 19:20 --------- d-----w C:\Users\Tommy\AppData\Roaming\TuneUp Software 2008-03-22 19:20 --------- d-----w C:\ProgramData\TuneUp Software 2008-03-22 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-22 17:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-22 17:37 --------- d-----w C:\Program Files\CyberLink 2008-03-22 17:32 --------- d-----w C:\Program Files\Google 2008-03-22 17:14 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-22 16:40 --------- d-----w C:\Program Files\Java 2008-03-16 21:51 --------- d-----w C:\Program Files\EA Sports 2008-03-15 17:07 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-15 14:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-15 08:58 --------- d-----w C:\Program Files\Microsoft Works 2008-03-15 08:57 --------- d-----w C:\Program Files\MSBuild 2008-03-15 08:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll 2008-03-12 20:25 --------- d-----w C:\Program Files\FileZilla 2008-03-06 22:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll 2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll 2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll 2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll 2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll 2008-03-03 19:56 --------- d-----w C:\Users\Tommy\AppData\Roaming\Ahead 2008-03-03 19:21 --------- d-----w C:\ProgramData\Ahead 2008-03-03 19:20 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-03 19:16 --------- d-----w C:\ProgramData\Nero 2008-03-03 18:49 --------- d-----w C:\Program Files\Nero 2008-03-02 18:54 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-01 14:38 --------- d-----w C:\Users\Sinita\AppData\Roaming\vlc 2008-03-01 12:55 47,360 ----a-w C:\Users\Tommy\AppData\Roaming\pcouffin.sys 2008-03-01 12:54 --------- d-----w C:\Program Files\VSO 2008-02-29 20:25 --------- d-----w C:\Users\Tommy\AppData\Roaming\vlc 2008-02-29 20:24 --------- d-----w C:\Program Files\VideoLAN 2008-02-29 19:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\ISP Monitor 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll 2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll 2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys 2008-02-25 23:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Symantec 2008-02-25 22:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-25 21:35 737,280 ----a-w C:\Windows\iun6002.exe 2008-02-25 21:35 --------- d-----w C:\Program Files\ISP Monitor 2008-02-25 20:29 --------- d-----w C:\Program Files\DivX 2008-02-25 20:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-02-23 17:37 --------- d-----w C:\ProgramData\Elaborate Bytes 2008-02-23 17:35 --------- d-----w C:\Program Files\Elaborate Bytes 2008-02-21 07:46 --------- d-----w C:\Program Files\Real Alternative 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-20 20:51 --------- d-----w C:\ProgramData\vsosdk 2008-02-20 20:00 --------- d-----w C:\Users\Tommy\AppData\Roaming\DivX 2008-02-19 18:27 --------- d-----w C:\Users\Tommy\AppData\Roaming\Samsung 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-16 15:31 --------- d-----w C:\Program Files\Samsung . ((((((((((((((((((((((((((((( snapshot@2008-04-13_10.52.25.70 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-12 08:15:39 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-13 08:57:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-12 08:15:39 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-13 08:57:09 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-12 08:15:39 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-13 08:57:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-13 08:51:04 155,648 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-13 08:51:42 155,648 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-04-13 08:27:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-13 08:52:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-13 08:27:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-13 08:52:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-13 08:27:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-13 08:52:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-13 08:45:20 108,260 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-13 08:54:11 108,260 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-13 08:45:20 128,256 ----a-w C:\Windows\System32\perfc013.dat + 2008-04-13 08:54:11 128,256 ----a-w C:\Windows\System32\perfc013.dat - 2008-04-13 08:45:20 621,176 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-13 08:54:11 621,176 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-13 08:45:20 701,994 ----a-w C:\Windows\System32\perfh013.dat + 2008-04-13 08:54:11 701,994 ----a-w C:\Windows\System32\perfh013.dat - 2008-04-13 08:39:47 6,924 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2712686814-4207243440-308723581-1003_UserData.bin + 2008-04-13 08:52:53 7,312 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2712686814-4207243440-308723581-1003_UserData.bin - 2008-04-13 08:39:46 72,692 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-13 08:52:51 72,762 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-04 22:45 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-02-23 00:53 442704] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-04 23:00 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696] "ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvSvc"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 14:31 1629480] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=C:\Windows\ehome\ehTray.exe "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7A5ED0CC-15A0-4DBC-A86F-AE2DB4DD5809}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{79EFB325-1004-4A8C-A0F8-29E9B6B6063A}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A75D6A30-E063-4FE2-8999-0E55ED3C3CE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A4422592-B616-44AB-96D7-C3A36C2C141E}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{C50245BE-3136-483D-BB4B-3A134A78F2FC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{57059CA5-7FBF-4039-B4A1-82B4590C2343}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2FFD3834-A37B-4A67-8124-5376A2A28D08}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire "{6D2F4E8A-9604-4B83-B145-94C7C01ECB29}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire "{AF5ECC6E-9BB1-45AD-BEF6-649CA072ECE5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{BDDE8685-797E-463A-86F0-2A926C2891ED}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F6D066CD-392D-4E9E-83BE-88303681B7DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{09A9DA9E-FE8F-4B2D-8AF2-CB6657F757B9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18] R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-01-11 01:01] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 01:26] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 23:40] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-22 21:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\Autorun.exe *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-04-13 09:00:00 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-11 18:59:41 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Tommy.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 11:03:34 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-13 11:04:50 ComboFix-quarantined-files.txt 2008-04-13 09:04:41 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. . 2008-04-09 21:35:30 --- E O F --- en als laatste HJT van mezelf Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:08:36, on 13/04/2008 Platform: Windows Vista (WinNT 6.00.1904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Packard Bell\FIJI\ABoard.exe C:\Program Files\Packard Bell\FIJI\AOSD.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Tommy\Desktop\anti-crap\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2712686814-4207243440-308723581-1003\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Sinita') O4 - HKUS\S-1-5-21-2712686814-4207243440-308723581-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Sinita') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 9657 bytes voila da is het tot de volgende

voila ik heb alles gedaan wat je gevraagd hebt en de scan van norton heeft momenteel geen virussen of trojans gevonden... maar ik ben er nog niet van overtuigd dat mijn pc weer proper is want ie loopt weer trager dan anders... ik heb wel terug gevonden waar norton die laatste trojan vundo heeft gevonden en het zijn nogal wat bestanden 128 register items ,1 bestand ,8 processen ,1 service ,1 browsercache... ik hoop dat ik die hier niet allemaal moet typen want ik vind niet zo direkt een manier om alles in 1 keer naar hier te kopieren... maar ik heb ondertussen gehoord dat het heel moeilijk is om een trojan vundo van uw pc te verwijderen... om hem zogezegd meteen bij de "wortel" te kunnen pakken. dus heb ik het gevoel dat ik morgen gewoon weer bericht zal krijgen van norton dat ik weer trojan vundo heb... desnoods doe ik gewoon ne grote format van heel min pc

hallo hier ben ik nog eens norton zopas gedaan met wekelijkse scan... 2 problemen gevonden trojan vundo en trojan kill av hij heeft ze weer volledig verwijdert maar ik zou niet weten waar die nu weer vandaan kunnen komen is toch niet normaal dat norton telkens die trojans vind...

ik ben hier al eens terug mijn pc loopt nog altijd heel prima... maar heb toch 1 klein probleempje waarvan ik niet meteen de oplossing vind op mijn pc hebben we 2 accounts ik heb de hoofdaccount en mijn vrouw de gast zogezegd. maar op de account van mijn vrouw duurt het nu plots overdreven lang voordat windows hotmail opengaat terwijl dat bij mij het geval niet is. en het rare is dat het surfen wel normaal verloopt alleen de hotmail toont problemen... zou dat niet kunnen dat er per ongeluk een instelling is verwijdert of zo? ik weet er in ieder geval geen raad mee :s

ok bedankt tot binnen een dag of 2

eerst en vooral bedankt voor de hulp ik moet eerlijk zeggen dat ik niet terug vind waar norton die trojan vind. er staat alleen bij dat hij ze telkens heeft verwijdert... maar toen ik vandaag de pc opstarte kreeg ik de melding van één of ander hulpprogramma van windows dat het schadelijke software heeft gevonden en dat was weer trojan vundo... en nu heb ik de indruk dat mijn pc weer veel beter loopt alé voorlopig toch ik heb al uw instructies met succes opgevolgd en zie hier het log van combofix: ComboFix 08-04-09.9 - Tommy 2008-04-10 21:18:22.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1067 [GMT 2:00] Gestart vanuit: C:\Users\Tommy\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\BMbb25215b.xml C:\Windows\pskt.ini C:\Windows\system32\fccccYpn.dll C:\Windows\system32\khfEWOIa.dll C:\Windows\system32\mcrh.tmp C:\Windows\system32\pmnljKcd.dll C:\Windows\system32\xxyyvUkJ.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 18:48 262,144 ----a-w C:\ntuser.dat 2008-04-10 08:57 --------- d-----w C:\ProgramData\Symantec 2008-04-10 07:27 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 21:35 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 21:29 --------- d---a-w C:\ProgramData\TEMP 2008-04-09 21:20 --------- d-----w C:\Users\Tommy\AppData\Roaming\Simply Super Software 2008-04-09 21:20 --------- d-----w C:\ProgramData\Simply Super Software 2008-04-09 21:20 --------- d-----w C:\Program Files\Trojan Remover 2008-04-09 21:12 --------- d-----w C:\Users\Tommy\AppData\Roaming\uTorrent 2008-04-09 18:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\dvdcss 2008-04-07 17:29 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-07 17:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-06 18:04 164 ----a-w C:\install.dat 2008-04-06 09:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-04-04 18:48 --------- d-----w C:\Users\Tommy\AppData\Roaming\LimeWirePlus 2008-04-04 18:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Vso 2008-04-04 17:42 --------- d-----w C:\Users\Tommy\AppData\Roaming\Apple Computer 2008-04-04 15:59 --------- d-----w C:\Program Files\iTunes 2008-04-04 15:59 --------- d-----w C:\Program Files\iPod 2008-04-04 15:58 --------- d-----w C:\Program Files\QuickTime 2008-04-03 13:06 86 ----a-w C:\Users\Sinita\AppData\Roaming\wklnhst.dat 2008-04-02 20:00 --------- d-----w C:\Program Files\Subdownloader 2008-04-02 19:39 86 ----a-w C:\Users\Tommy\AppData\Roaming\wklnhst.dat 2008-04-02 19:36 --------- d-----w C:\Users\Tommy\AppData\Roaming\Template 2008-04-02 11:45 --------- d-----w C:\Users\Tommy\AppData\Roaming\Malwarebytes 2008-04-02 11:45 --------- d-----w C:\ProgramData\Malwarebytes 2008-03-30 03:50 97,728 ----a-w C:\Windows\system32\drivers\AnyDVD.sys 2008-03-23 11:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-03-23 11:30 --------- d-----w C:\Program Files\VistaCodecPack 2008-03-23 11:21 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS 2008-03-23 08:17 174 --sha-w C:\Program Files\desktop.ini 2008-03-22 19:23 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-03-22 19:20 --------- d-----w C:\Users\Tommy\AppData\Roaming\TuneUp Software 2008-03-22 19:20 --------- d-----w C:\ProgramData\TuneUp Software 2008-03-22 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-22 17:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-22 17:37 --------- d-----w C:\Program Files\CyberLink 2008-03-22 17:32 --------- d-----w C:\Program Files\Google 2008-03-22 17:14 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-22 16:40 --------- d-----w C:\Program Files\Java 2008-03-16 21:51 --------- d-----w C:\Program Files\EA Sports 2008-03-15 17:07 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-15 14:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-15 08:58 --------- d-----w C:\Program Files\Microsoft Works 2008-03-15 08:57 --------- d-----w C:\Program Files\MSBuild 2008-03-15 08:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll 2008-03-12 20:25 --------- d-----w C:\Program Files\FileZilla 2008-03-06 22:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll 2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll 2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll 2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll 2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll 2008-03-03 19:56 --------- d-----w C:\Users\Tommy\AppData\Roaming\Ahead 2008-03-03 19:21 --------- d-----w C:\ProgramData\Ahead 2008-03-03 19:20 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-03 19:16 --------- d-----w C:\ProgramData\Nero 2008-03-03 18:49 --------- d-----w C:\Program Files\Nero 2008-03-02 18:54 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-01 14:38 --------- d-----w C:\Users\Sinita\AppData\Roaming\vlc 2008-03-01 14:06 --------- d-----w C:\Users\Sinita\AppData\Roaming\LimeWirePlus 2008-03-01 12:55 87,608 ----a-w C:\Users\Tommy\AppData\Roaming\inst.exe 2008-03-01 12:55 47,360 ----a-w C:\Users\Tommy\AppData\Roaming\pcouffin.sys 2008-03-01 12:54 --------- d-----w C:\Program Files\VSO 2008-02-29 20:25 --------- d-----w C:\Users\Tommy\AppData\Roaming\vlc 2008-02-29 20:24 --------- d-----w C:\Program Files\VideoLAN 2008-02-29 19:29 --------- d-----w C:\Users\Tommy\AppData\Roaming\ISP Monitor 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll 2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll 2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys 2008-02-25 23:05 --------- d-----w C:\Users\Tommy\AppData\Roaming\Symantec 2008-02-25 22:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-25 21:35 737,280 ----a-w C:\Windows\iun6002.exe 2008-02-25 21:35 --------- d-----w C:\Program Files\ISP Monitor 2008-02-25 20:29 --------- d-----w C:\Program Files\DivX 2008-02-25 20:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-02-23 17:37 --------- d-----w C:\ProgramData\Elaborate Bytes 2008-02-23 17:35 --------- d-----w C:\Program Files\Elaborate Bytes 2008-02-21 07:46 --------- d-----w C:\Program Files\Real Alternative 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-20 20:51 --------- d-----w C:\ProgramData\vsosdk 2008-02-20 20:00 --------- d-----w C:\Users\Tommy\AppData\Roaming\DivX 2008-02-19 18:27 --------- d-----w C:\Users\Tommy\AppData\Roaming\Samsung 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-04 22:45 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-02-23 00:53 442704] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-04 23:00 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696] "ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvSvc"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920] "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 14:31 1629480] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-03 19:19 873552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=C:\Windows\ehome\ehTray.exe "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7A5ED0CC-15A0-4DBC-A86F-AE2DB4DD5809}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{79EFB325-1004-4A8C-A0F8-29E9B6B6063A}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A75D6A30-E063-4FE2-8999-0E55ED3C3CE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A4422592-B616-44AB-96D7-C3A36C2C141E}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{C50245BE-3136-483D-BB4B-3A134A78F2FC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{57059CA5-7FBF-4039-B4A1-82B4590C2343}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2FFD3834-A37B-4A67-8124-5376A2A28D08}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire "{6D2F4E8A-9604-4B83-B145-94C7C01ECB29}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire "{AF5ECC6E-9BB1-45AD-BEF6-649CA072ECE5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{BDDE8685-797E-463A-86F0-2A926C2891ED}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F6D066CD-392D-4E9E-83BE-88303681B7DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{09A9DA9E-FE8F-4B2D-8AF2-CB6657F757B9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18] R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-01-11 01:01] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 01:26] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 23:40] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-22 21:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\Autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-04-10 19:00:00 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-04 18:47:56 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Tommy.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 21:21:41 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-10 21:22:56 ComboFix-quarantined-files.txt 2008-04-10 19:22:46 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. . 2008-04-09 21:35:30 --- E O F ---

hallo, ik zit met eenprobleem en hoop dat iemand mij kan helpen sinds vorige week al heb ik constant problemen met een of ander virus telkens norton een scan uitvoert vind hij een trojan vundo maar blijkbaar word dat niet goed verwijdertwant het komt telkens terug en mijn pc begint ondertussen al rare dingen te doen. er werd mij gezegd een scan van hijackthis bij te voegen dus hier komt ie: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:22:55, on 9/04/2008 Platform: Windows Vista (WinNT 6.00.1904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Packard Bell\FIJI\ABoard.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Packard Bell\FIJI\AOSD.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Tommy\Desktop\anti-crap\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ACTIVBOARD] "C:\Program Files\Packard Bell\FIJI\aboard.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [securDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203884251316 O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 10641 bytes hopelijk weet iemand hier raad mee alvast bedankt