Weergegeven resultaten: 1 t/m 10 van 10
  1. 27 December 2007, 01:17 #1
    200016v
    200016v is offline
    Up-to-date  
    Geregistreerd
    7 October 2006
    Berichten
    25
    Bedankjes
    2
    Bedankt
    0 keer in 0 posts

    HELP! Trojan op men PC.

    Hello,

    Kan iemand me helpen?
    Sinds deze morgend is men PC supertraag.
    Effe gescand, en nu blijkt er een trojan aanwezig.

    Hier een log van hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:11:43, on 27/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\RTHDCPL.EXE
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\WINDOWS\system32\rundll32.exe
    H:\WINDOWS\system32\regsvr32.exe
    H:\VIRUSfighter\bin\ZLH.EXE
    H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    H:\Program Files\Belkin\Nostromo\nost_LM.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    H:\Program Files\Microsoft Windows OneCare Live\winss.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    H:\WINDOWS\System32\alg.exe
    H:\VIRUSfighter\Npm\Bin\Zanda.exe
    H:\WINDOWS\System32\svchost.exe
    H:\VIRUSfighter\Nvc\BIN\NIP.EXE
    H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
    H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
    H:\VIRUSfighter\Nvc\bin\nvcoas.exe
    H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\VIRUSfighter\Nvc\bin\cclaw.exe
    H:\Program Files\Windows Live\Messenger\usnsvc.exe
    H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    H:\VIRUSfighter\Nvc\Bin\Nvcut.exe
    H:\Program Files\Internet Explorer\iexplore.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - H:\WINDOWS\system32\awttrom.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zqbyxmbk] rundll32.exe "H:\Program Files\zqbyxmbk\lubyjwfy.dll",Init
    O4 - HKLM\..\Run: [gtwbgzuh] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\gtwbgzuh.dll"
    O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [xinkfuvo] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\xinkfuvo.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
    O4 - HKLM\..\Policies\Explorer\Run: [to8Hkto8Hk] rundll32.exe "H:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServe r
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195401160109
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
    O20 - Winlogon Notify: awttrom - H:\WINDOWS\SYSTEM32\awttrom.dll
    O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - H:\VIRUSfighter\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\VIRUSfighter\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    --
    End of file - 10257 bytes

    Kan deze er nog afgehaald worden?

    Alvast bedankt.
  2. 27 December 2007, 01:22 #2
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    * Download en bewaar SDFix
    op je bureaublad.

    Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad. Herstart dan je pc in Veilige modus

    • In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
    • Typ Y om het clean proces te starten.
    • het verwijderd alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
    • Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
    • Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.
    • Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw hijackthis logje.

    Member of ASAP
  3. 27 December 2007, 01:49 #3
    200016v
    200016v is offline
    Up-to-date  
    Geregistreerd
    7 October 2006
    Berichten
    25
    Bedankjes
    2
    Bedankt
    0 keer in 0 posts
    Thx voor de snelle reaktie.

    Hier log van SDfix

    SDFix: Version 1.119
    Run by Joeri on do 27/12/2007 at 00:35
    Microsoft Windows XP [versie 5.1.2600]
    Running From: H:\DOCUME~1\Joeri\BUREAU~1\SDFix
    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Rebooting...

    Normal Mode:
    Checking Files:
    Trojan Files Found:
    H:\Program Files\Helper\Helper9.dll - Deleted
    H:\DOCUME~1\Joeri\LOCALS~1\Temp\removalfile.bat - Deleted
    H:\WINDOWS\system32\winsys.exe - Deleted

    Folder H:\Program Files\Helper - Removed
    Removing Temp Files...
    ADS Check:
    H:\WINDOWS
    No streams found.
    H:\WINDOWS\system32
    No streams found.
    H:\WINDOWS\system32\svchost.exe
    No streams found.

    H:\WINDOWS\system32\ntoskrnl.exe
    No streams found.


    Final Check:
    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-27 00:41:20
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    scanning hidden registry entries ...
    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    Remaining Services:
    ------------------

    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "H:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"="H:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
    "H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
    "H:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="H:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
    "H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="H:\\Prog ram Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled: Crysis_32"
    "H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"="H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe:*:Enabled:CrysisDedicatedServer_32"
    "H:\\WINDOWS\\system32\\PnkBstrA.exe"="H:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "H:\\WINDOWS\\system32\\PnkBstrB.exe"="H:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "H:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="H:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
    "H:\\DOCUME~1\\Joeri\\LOCALS~1\\Temp\\win149.exe"= "H:\\DOCUME~1\\Joeri\\LOCALS~1\\Temp\\win149.exe:* :Enabled:win149"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    Remaining Files:
    ---------------
    File Backups: - H:\DOCUME~1\Joeri\BUREAU~1\SDFix\backups\backups.z ip
    Files with Hidden Attributes:
    Sun 18 Nov 2007 0 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP
    Wed 12 Dec 2007 0 A..H. --- H:\WINDOWS\SOFTWA~1\DOWNLOAD\B04031~1\BIT2.TMP
    Mon 24 Dec 2007 2,834 ...HR --- H:\DOCUME~1\JOERI\APPLIC~1\SECUROM\USERDATA\SECURO ~1.BAK
    Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH1\LOCK.TMP
    Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH2\LOCK.TMP
    Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH3\LOCK.TMP
    Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH4\LOCK.TMP
    Finished!


    En van hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:46:25, on 27/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    H:\WINDOWS\System32\svchost.exe
    H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
    H:\VIRUSfighter\Npm\Bin\Zanda.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    H:\Program Files\Microsoft Windows OneCare Live\winss.exe
    H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
    H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
    H:\VIRUSfighter\Nvc\bin\nvcoas.exe
    H:\WINDOWS\System32\alg.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\WINDOWS\system32\notepad.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\VIRUSfighter\Npm\bin\ZLH.EXE
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    H:\Program Files\Belkin\Nostromo\nost_LM.exe
    H:\VIRUSfighter\Nvc\BIN\NIP.EXE
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    H:\VIRUSfighter\Nvc\bin\cclaw.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - H:\WINDOWS\system32\awttrom.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zqbyxmbk] rundll32.exe "H:\Program Files\zqbyxmbk\lubyjwfy.dll",Init
    O4 - HKLM\..\Run: [gtwbgzuh] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\gtwbgzuh.dll"
    O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [xinkfuvo] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\xinkfuvo.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195401160109
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
    O20 - Winlogon Notify: awttrom - H:\WINDOWS\SYSTEM32\awttrom.dll
    O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - H:\VIRUSfighter\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\VIRUSfighter\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    --
    End of file - 9962 bytes


    Men pc is in ieder geval al terug op snelheid.
  4. 27 December 2007, 01:52 #4
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Member of ASAP
  5. 27 December 2007, 02:09 #5
    200016v
    200016v is offline
    Up-to-date  
    Geregistreerd
    7 October 2006
    Berichten
    25
    Bedankjes
    2
    Bedankt
    0 keer in 0 posts
    Log van combofix

    ComboFix 07-12-21.4 - Joeri 2007-12-27 0:56:06.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2587 [GMT 1:00]
    Gestart vanuit: H:\Documents and Settings\Joeri\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    H:\WINDOWS\PerfInfo
    H:\WINDOWS\system32\awttrom.dll
    H:\WINDOWS\system32\drvdadr.dll
    H:\WINDOWS\system32\wvurppm.dll
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
    .
    2007-12-27 00:34 . 2007-12-27 00:34 <DIR> d-------- H:\WINDOWS\ERUNT
    2007-12-27 00:33 . 2007-11-18 03:51 <DIR> d--h----- H:\Documents and Settings\Administrator\Sjablonen
    2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d--h----- H:\Documents and Settings\Administrator\Onlangs geopend
    2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d--h----- H:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d-------- H:\Documents and Settings\Administrator\Mijn documenten
    2007-12-27 00:33 . 2007-11-18 04:46 <DIR> dr------- H:\Documents and Settings\Administrator\Menu Start
    2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d-------- H:\Documents and Settings\Administrator\Favorieten
    2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d-------- H:\Documents and Settings\Administrator\Bureaublad
    2007-12-27 00:10 . 2007-12-27 00:10 <DIR> d-------- H:\Program Files\Trend Micro
    2007-12-26 23:48 . 2007-12-26 23:48 <DIR> d-------- H:\Documents and Settings\LocalService\Menu Start
    2007-12-26 23:47 . 2007-12-26 23:52 <DIR> d-------- H:\Program Files\Ojpgypau
    2007-12-26 23:42 . 2007-09-21 10:35 116,416 --a------ H:\WINDOWS\system32\drivers\msfwhlpr.sys
    2007-12-26 23:42 . 2007-09-21 10:35 91,328 --a------ H:\WINDOWS\system32\drivers\msfwdrv.sys
    2007-12-26 23:42 . 2007-07-06 16:09 70,928 --a------ H:\WINDOWS\system32\drivers\MpFilter.sys
    2007-12-26 23:41 . 2007-12-26 23:41 <DIR> d-------- H:\WINDOWS\system32\bits
    2007-12-26 23:41 . 2007-03-29 14:01 7,168 -----c--- H:\WINDOWS\system32\dllcache\bitsprx4.dll
    2007-12-26 23:41 . 2007-03-29 14:01 7,168 --------- H:\WINDOWS\system32\bitsprx4.dll
    2007-12-26 23:38 . 2007-12-26 23:54 <DIR> d-------- H:\Program Files\Microsoft Windows OneCare Live
    2007-12-26 22:28 . 2007-07-09 10:50 19,000 --a------ H:\WINDOWS\system32\drivers\nvcw32mf.sys
    2007-12-26 22:27 . 2007-12-27 01:02 <DIR> d-------- H:\VIRUSfighter
    2007-12-26 22:11 . 2007-12-26 22:11 31,232 --a------ H:\Program Files\1010.exe
    2007-12-26 22:09 . 2007-12-26 22:09 <DIR> d-------- H:\WINDOWS\ppqvmpqr
    2007-12-26 22:09 . 2007-12-27 00:32 <DIR> d-------- H:\Program Files\zqbyxmbk
    2007-12-26 22:09 . 2007-12-27 00:32 <DIR> d-------- H:\Program Files\Qfcwrntl
    2007-12-10 14:35 . 2007-12-10 14:35 <DIR> d-------- H:\Program Files\Free Audio Pack
    2007-12-10 13:35 . 2007-12-10 13:35 <DIR> d-------- H:\Program Files\GameSpy
    2007-12-10 13:35 . 2007-12-10 13:35 22,328 --a------ H:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-10 13:35 . 2007-12-10 13:35 22,328 --a------ H:\Documents and Settings\Joeri\Application Data\PnkBstrK.sys
    2007-12-10 13:34 . 2007-12-10 13:34 669,184 --a------ H:\WINDOWS\system32\pbsvc.exe
    2007-12-10 13:34 . 2007-12-10 13:34 103,736 --a------ H:\WINDOWS\system32\PnkBstrB.exe
    2007-12-10 13:34 . 2007-12-10 13:34 66,872 --a------ H:\WINDOWS\system32\PnkBstrA.exe~
    2007-12-10 11:54 . 2007-12-10 11:54 <DIR> d-------- H:\WINDOWS\nview
    2007-12-10 11:54 . 2007-10-04 17:14 356,352 --a------ H:\WINDOWS\system32\nvudisp.exe
    2007-12-10 11:54 . 2007-12-10 11:55 140,158 --a------ H:\WINDOWS\system32\nvapps.xml
    2007-12-10 11:27 . 2007-12-10 11:29 <DIR> d-------- H:\WINDOWS\NV37642120.TMP
    2007-12-07 22:21 . 2007-12-07 22:21 <DIR> d-------- H:\Documents and Settings\Joeri\Application Data\Hewlett-Packard
    2007-12-07 22:20 . 2004-08-03 22:58 15,104 --a------ H:\WINDOWS\system32\drivers\usbscan.sys
    2007-12-07 22:20 . 2004-08-03 22:58 15,104 --a--c--- H:\WINDOWS\system32\dllcache\usbscan.sys
    2007-12-07 22:19 . 2007-12-07 22:19 <DIR> d-------- H:\Program Files\Common Files\Hewlett-Packard
    2007-12-07 22:18 . 2007-12-07 22:18 <DIR> d-------- H:\temp\HP All-in-One Series Web Release
    2007-12-07 22:18 . 2007-12-07 22:18 <DIR> d-------- H:\temp
    2007-12-07 22:18 . 2007-12-07 22:18 <DIR> d-------- H:\Program Files\Hewlett-Packard
    2007-12-07 22:18 . 2007-12-07 22:19 19,558 --a------ H:\WINDOWS\hpoins01.dat
    2007-12-07 22:18 . 2003-04-22 23:51 16,606 --------- H:\WINDOWS\hpomdl01.dat
    2007-12-07 22:17 . 2004-08-03 23:01 25,856 --a------ H:\WINDOWS\system32\drivers\usbprint.sys
    2007-12-07 22:17 . 2004-08-03 23:01 25,856 --a--c--- H:\WINDOWS\system32\dllcache\usbprint.sys
    2007-12-07 10:02 . 2007-12-27 00:07 69 --a------ H:\WINDOWS\NeroDigital.ini
    2007-12-04 20:43 . 2004-07-26 17:16 1,568,768 --------- H:\WINDOWS\system32\ImagX7.dll
    2007-12-04 20:43 . 2004-07-26 17:16 476,320 --------- H:\WINDOWS\system32\ImagXpr7.dll
    2007-12-04 20:43 . 2004-07-26 17:16 471,040 --------- H:\WINDOWS\system32\ImagXRA7.dll
    2007-12-04 20:43 . 2004-07-26 17:16 262,144 --------- H:\WINDOWS\system32\ImagXR7.dll
    2007-12-04 20:43 . 2004-03-02 17:37 125,184 --------- H:\WINDOWS\system32\drivers\imagesrv.sys
    2007-12-04 20:43 . 2000-06-26 11:45 106,496 --a------ H:\WINDOWS\system32\TwnLib20.dll
    2007-12-04 20:43 . 2004-03-02 17:37 5,504 --------- H:\WINDOWS\system32\drivers\imagedrv.sys
    2007-12-04 20:37 . 2007-12-04 20:37 <DIR> d-------- H:\Documents and Settings\Joeri\Application Data\Ahead
    2007-12-04 20:36 . 2007-12-04 20:36 <DIR> d-------- H:\Documents and Settings\Joeri\Application Data\NeroVision
    2007-12-04 20:36 . 2003-07-31 16:47 1,269,760 --------- H:\WINDOWS\UNNMP.exe
    2007-12-04 20:36 . 2003-08-08 14:34 46,434 --------- H:\WINDOWS\UNNMP.cfg
    2007-12-04 20:35 . 2003-08-05 16:53 1,273,856 --------- H:\WINDOWS\UNNeroVision.exe
    2007-12-04 20:35 . 2003-08-08 14:34 75,345 --------- H:\WINDOWS\UNNeroVision.cfg
    2007-12-04 20:34 . 2007-12-04 20:34 <DIR> d-------- H:\Program Files\Common Files\Ahead
    2007-12-04 20:34 . 2007-12-04 20:43 <DIR> d-------- H:\Program Files\Ahead
    2007-12-04 20:34 . 2001-07-06 13:41 569,344 -ra------ H:\WINDOWS\system32\imagr5.dll
    2007-12-04 20:34 . 2001-07-06 11:44 544,768 -ra------ H:\WINDOWS\system32\imagx5.dll
    2007-12-04 20:34 . 2001-07-06 17:24 283,920 -ra------ H:\WINDOWS\system32\ImagXpr5.dll
    2007-12-04 20:34 . 2001-07-09 11:50 155,648 --a------ H:\WINDOWS\system32\NeroCheck.exe
    2007-12-04 20:34 . 2001-06-26 07:15 38,912 -ra------ H:\WINDOWS\system32\picn20.dll
    2007-12-01 19:49 . 2007-12-01 19:49 625 --a------ H:\WINDOWS\eReg.dat
    2007-12-01 19:33 . 2007-12-01 19:33 <DIR> d-------- H:\Program Files\EA GAMES
    2007-11-30 22:49 . 2007-11-30 22:49 <DIR> d-------- H:\Program Files\MSECache
    2007-11-29 00:45 . 2007-11-29 00:45 324 --a------ H:\WINDOWS\game.ini
    2007-11-28 21:16 . 2007-12-10 13:20 <DIR> d-------- H:\Program Files\Electronic Arts
    2007-11-27 14:47 . 2007-12-26 23:38 <DIR> d-------- H:\Program Files\Windows Live Safety Center
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-12-26 21:27 --------- d--h--w H:\Program Files\InstallShield Installation Information
    2007-12-13 17:07 --------- d-----w H:\Documents and Settings\Joeri\Application Data\AdobeUM
    2007-11-27 19:54 --------- d-----w H:\Documents and Settings\Joeri\Application Data\Bioshock
    2007-11-27 19:25 --------- d-----w H:\Program Files\SystemRequirementsLab
    2007-11-25 11:17 --------- d-----w H:\Program Files\QuickTime
    2007-11-25 11:10 --------- d-----w H:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-11-25 11:09 --------- d-----w H:\Program Files\Common Files\Adobe
    2007-11-25 11:09 --------- d-----w H:\Program Files\Bonjour
    2007-11-24 17:44 0 ---ha-w H:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
    2007-11-24 17:44 0 ---ha-w H:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_0 1005.Wdf
    2007-11-21 14:15 --------- d-----w H:\Program Files\Common Files\Macrovision Shared
    2007-11-20 17:17 --------- d-----w H:\Program Files\Common Files\Adobe Systems Shared
    2007-11-19 01:13 --------- d-----w H:\Program Files\MSXML 6.0
    2007-11-19 01:07 --------- d-----w H:\Program Files\Lavasoft
    2007-11-19 01:07 --------- d-----w H:\Documents and Settings\Joeri\Application Data\Lavasoft
    2007-11-19 00:51 --------- d-----w H:\Documents and Settings\Joeri\Application Data\Media Player Classic
    2007-11-19 00:49 --------- d-----w H:\Program Files\K-Lite Codec Pack
    2007-11-18 19:19 --------- d-----w H:\Program Files\MSBuild
    2007-11-18 19:16 --------- d-----w H:\Program Files\Reference Assemblies
    2007-11-18 19:14 --------- d-----w H:\Program Files\Windows Media Connect 2
    2007-11-18 18:26 --------- d-----w H:\Program Files\World of Warcraft
    2007-11-18 15:10 20,747 ----a-w H:\WINDOWS\system32\drivers\AegisP.sys
    2007-11-18 15:10 --------- d-----w H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    2007-11-18 12:08 --------- d-----w H:\Program Files\Windows Live Toolbar
    2007-11-18 09:43 --------- d-----w H:\Program Files\Common Files\Blizzard Entertainment
    2007-11-18 02:53 --------- d-----w H:\Program Files\microsoft frontpage
    2007-11-18 01:18 --------- d-----w H:\Program Files\Windows Live
    2007-11-18 01:16 --------- d-----w H:\Program Files\Lavalys
    2007-11-18 01:15 --------- dcsh--w H:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-18 01:15 --------- d-----w H:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-18 01:12 --------- d-----w H:\Program Files\Common Files\InstallShield
    2007-11-18 01:12 --------- d-----w H:\Program Files\Belkin
    2007-11-17 22:43 --------- d-----w H:\Program Files\THQ
    2007-11-17 22:16 --------- d--h--r H:\Documents and Settings\Joeri\Application Data\SecuROM
    2007-11-17 22:13 108,144 ----a-w H:\WINDOWS\system32\CmdLineExt.dll
    2007-11-17 22:07 --------- d-----w H:\Program Files\2K Games
    2007-11-17 22:07 --------- d-----w H:\Documents and Settings\Joeri\Application Data\InstallShield
    2007-11-17 21:33 --------- d-----w H:\Program Files\ASUS
    2007-11-17 21:27 --------- d-----w H:\Program Files\Realtek
    2007-11-17 21:21 --------- d-----w H:\Program Files\Attansic
    2007-11-17 21:17 315,392 ----a-w H:\WINDOWS\HideWin.exe
    2007-11-17 21:03 --------- d-----w H:\Program Files\Intel
    2007-11-13 10:25 20,480 ----a-w H:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:45 1,291,776 ----a-w H:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w H:\WINDOWS\system32\wmasf.dll
    2007-10-24 00:47 96,760 ----a-w H:\WINDOWS\system32\dfshim.dll
    2007-10-24 00:47 84,480 ----a-w H:\WINDOWS\system32\mscories.dll
    2007-10-24 00:47 282,112 ----a-w H:\WINDOWS\system32\mscoree.dll
    2007-10-24 00:47 158,720 ----a-w H:\WINDOWS\system32\mscorier.dll
    2007-10-22 02:39 267,272 ----a-w H:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 ----a-w H:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-18 10:31 51,224 ----a-w H:\WINDOWS\system32\sirenacm.dll
    2007-10-12 14:14 3,734,536 ----a-w H:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 ----a-w H:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-11 08:55 88,576 ----a-w H:\WINDOWS\system32\infocardapi.dll
    2007-10-11 08:55 579,584 ----a-w H:\WINDOWS\system32\icardagt.exe
    2007-10-11 08:55 11,776 ----a-w H:\WINDOWS\system32\icardres.dll
    2007-10-09 12:03 779,800 ----a-w H:\WINDOWS\system32\PresentationNative_v0300.dll
    2007-10-09 12:03 73,752 ----a-w H:\WINDOWS\system32\dxva2.dll
    2007-10-09 12:03 493,080 ----a-w H:\WINDOWS\system32\evr.dll
    2007-10-09 12:03 350,744 ----a-w H:\WINDOWS\system32\PresentationHost.exe
    2007-10-09 12:03 33,304 ----a-w H:\WINDOWS\system32\PresentationHostProxy.dll
    2007-10-09 12:03 161,304 ----a-w H:\WINDOWS\system32\UIAutomationCore.dll
    2007-10-09 12:03 106,520 ----a-w H:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
    2007-10-09 12:03 1,986,072 ----a-w H:\WINDOWS\system32\milcore.dll
    2007-10-09 11:58 16,896 ----a-w H:\WINDOWS\system32\tswpfwrp.exe
    2007-10-04 16:14 81,920 ----a-w H:\WINDOWS\system32\nvwddi.dll
    2007-10-04 16:14 81,920 ----a-w H:\WINDOWS\system32\nvmctray.dll
    2007-10-04 16:14 8,491,008 ----a-w H:\WINDOWS\system32\nvcpl.dll
    2007-10-04 16:14 753,664 ----a-w H:\WINDOWS\system32\nvcplui.exe
    2007-10-04 16:14 6,750,208 ----a-w H:\WINDOWS\system32\nvoglnt.dll
    2007-10-04 16:14 6,344,704 ----a-w H:\WINDOWS\system32\nvdisps.dll
    2007-10-04 16:14 5,783,424 ----a-w H:\WINDOWS\system32\nv4_disp.dll
    2007-10-04 16:14 5,509,120 ----a-w H:\WINDOWS\system32\nvdispsr.dll
    2007-10-04 16:14 466,944 ----a-w H:\WINDOWS\system32\nvshell.dll
    2007-10-04 16:14 458,752 ----a-w H:\WINDOWS\system32\nvmccssr.dll
    2007-10-04 16:14 45,056 ----a-w H:\WINDOWS\system32\nvmccsrs.dll
    2007-10-04 16:14 442,368 ----a-w H:\WINDOWS\system32\nvappbar.exe
    2007-10-04 16:14 425,984 ----a-w H:\WINDOWS\system32\keystone.exe
    2007-10-04 16:14 364,544 ----a-w H:\WINDOWS\system32\nvapi.dll
    2007-10-04 16:14 36,864 ----a-w H:\WINDOWS\system32\nvcodins.dll
    2007-10-04 16:14 36,864 ----a-w H:\WINDOWS\system32\nvcod.dll
    2007-10-04 16:14 335,872 ----a-w H:\WINDOWS\system32\nvwrses.dll
    2007-10-04 16:14 335,872 ----a-w H:\WINDOWS\system32\nvwrsel.dll
    2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvwrsfr.dll
    2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvwrsesm.dll
    2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvrshe.dll
    2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvrsar.dll
    2007-10-04 16:14 323,584 ----a-w H:\WINDOWS\system32\nvwrspt.dll
    2007-10-04 16:14 323,584 ----a-w H:\WINDOWS\system32\nvwrsit.dll
    2007-10-04 16:14 319,488 ----a-w H:\WINDOWS\system32\nvwrsptb.dll
    2007-10-04 16:14 319,488 ----a-w H:\WINDOWS\system32\nvwrsnl.dll
    2007-10-04 16:14 315,392 ----a-w H:\WINDOWS\system32\nvwrsru.dll
    2007-10-04 16:14 315,392 ----a-w H:\WINDOWS\system32\nvwrshu.dll
    2007-10-04 16:14 311,296 ----a-w H:\WINDOWS\system32\nvwrsde.dll
    2007-10-04 16:14 307,200 ----a-w H:\WINDOWS\system32\nvexpbar.dll
    2007-10-04 16:14 303,104 ----a-w H:\WINDOWS\system32\nvwrstr.dll
    2007-10-04 16:14 303,104 ----a-w H:\WINDOWS\system32\nvwrssl.dll
    2007-10-04 16:14 303,104 ----a-w H:\WINDOWS\system32\nvwrsfi.dll
    2007-10-04 16:14 3,629,056 ----a-w H:\WINDOWS\system32\nvvitvsr.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
    H:\Program Files\Ojpgypau\vxhthekv.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MsnMsgr"="H:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "updateMgr"="H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "JMB36X IDE Setup"="H:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
    "36X Raid Configurer"="H:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 H:\WINDOWS\RTHDCPL.exe]
    "Ai Nap"="H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" []
    "WinSys2"="H:\WINDOWS\system32\winsys2.exe" [2006-04-29 04:36]
    "Acrobat Assistant 7.0"="H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
    "NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 H:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 H:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 H:\WINDOWS\system32\rundll32.exe]
    "Norman ZANDA"="H:\VIRUSfighter\Npm\bin\ZLH.exe" [2007-08-09 14:40]
    "OneCareUI"="H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
    H:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Acrobat Snelle start.lnk - H:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2007-11-20 18:19:30]
    Adobe Gamma.lnk - H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
    hp psc 1000 series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38]
    hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]
    Loadout Manager.lnk - H:\Program Files\Belkin\Nostromo\nost_LM.exe [2002-06-14 12:50:42]
    Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\OneCareMP]
    @="Service"
    R1 MSFWHLPR;MSFWHLPR;H:\WINDOWS\system32\DRIVERS\msfw hlpr.sys [2007-09-21 10:35]
    R2 MSFWDrv;MSFWDrv;H:\WINDOWS\system32\DRIVERS\msfwdr v.sys [2007-09-21 10:35]
    R2 msfwsvc;OneCare Firewall;"H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" [2007-09-21 10:35]
    R2 Ndiskio;Ndiskio;H:\VIRUSfighter\Nse\bin\NDISKIO.SY S [2007-01-02 10:55]
    R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" [2007-07-13 17:58]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;H:\WINDOWS\system32\DRIVERS\atl01_xp.sy s [2007-03-15 15:12]
    R3 bcgame;Nostromo HID Device Minidriver;H:\WINDOWS\system32\DRIVERS\BCGAME.SYS [2002-04-12 14:44]
    R3 bcgbus;Nostromo USB Device Driver;H:\WINDOWS\system32\DRIVERS\BCGBUS.SYS [2002-04-12 14:44]
    R3 HabuFltr;Habu Mouse;H:\WINDOWS\system32\drivers\habu.sys [2006-10-23 12:09]
    R3 MpFilter;Microsoft Malware Protection Driver;H:\WINDOWS\system32\DRIVERS\MpFilter.sys [2007-07-06 16:09]
    R3 NvcMFlt;NvcMFlt;H:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2007-07-09 10:50]
    R3 nvcoas;Norman Virus Control on-access component;H:\VIRUSfighter\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
    R3 NVCScheduler;Norman Virus Control Scheduler;H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
    S3 nvcfsr;nvcfsr;H:\VIRUSfighter\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
    S3 nvcoafl51;nvcoafl51;H:\VIRUSfighter\Nvc\bin\nvcoaf l51.sys [2007-01-09 15:25]
    S3 nvcoaft51;nvcoaft51;H:\VIRUSfighter\Nvc\bin\nvcoaf t51.sys [2007-01-09 15:25]
    S3 nvcoarc51;nvcoarc51;H:\VIRUSfighter\Nvc\bin\nvcoar c51.sys [2007-01-09 15:25]
    *Newly Created Service* - GTNDIS5
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-07 21:21:09 H:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1197062450.job"
    - H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    .
    ************************************************** ************************
    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-27 01:03:39
    Windows 5.1.2600 Service Pack 2 NTFS
    scannen van verborgen processen ...
    scannen van verborgen autostart items ...
    scannen van verborgen bestanden ...
    Scan succesvol afgerond
    verborgen bestanden: 0
    ************************************************** ************************
    .
    Voltooingstijd: 2007-12-27 1:04:26 - machine was rebooted
    .
    2007-12-21 10:41:19 --- E O F ---



    En van hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:07:11, on 27/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    H:\WINDOWS\System32\svchost.exe
    H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
    H:\VIRUSfighter\Npm\Bin\Zanda.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\VIRUSfighter\Npm\bin\ZLH.EXE
    H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\VIRUSfighter\Nvc\BIN\NIP.EXE
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    H:\Program Files\Belkin\Nostromo\nost_LM.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    H:\Program Files\Microsoft Windows OneCare Live\winss.exe
    H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
    H:\VIRUSfighter\Nvc\bin\nvcoas.exe
    H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
    H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    H:\WINDOWS\System32\alg.exe
    H:\VIRUSfighter\Nvc\bin\cclaw.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\WINDOWS\system32\notepad.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\Program Files\internet explorer\iexplore.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195401160109
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
    O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - H:\VIRUSfighter\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\VIRUSfighter\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    --
    End of file - 9571 bytes
  6. 27 December 2007, 02:12 #6
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Download OTMoveIt.exe en plaats het op je bureaublad:

    Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
    In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

    H:\Program Files\1010.exe
    H:\VIRUSfighter
    H:\WINDOWS\ppqvmpqr
    H:\Program Files\zqbyxmbk
    H:\Program Files\Qfcwrntl

    Klik daarna op de knop MoveIt onderaan.
    Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
    Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.

    Member of ASAP
  7. 27 December 2007, 02:19 #7
    200016v
    200016v is offline
    Up-to-date  
    Geregistreerd
    7 October 2006
    Berichten
    25
    Bedankjes
    2
    Bedankt
    0 keer in 0 posts
    Log van Moveit

    H:\Program Files\1010.exe moved successfully.
    H:\VIRUSfighter\Temp\niu moved successfully.
    H:\VIRUSfighter\Temp\NIP moved successfully.
    H:\VIRUSfighter\Temp\mimescan moved successfully.
    H:\VIRUSfighter\Temp moved successfully.
    H:\VIRUSfighter\tasks moved successfully.
    H:\VIRUSfighter\quarantine moved successfully.
    H:\VIRUSfighter\Qtn\Bin moved successfully.
    H:\VIRUSfighter\Qtn moved successfully.
    H:\VIRUSfighter\Nvc\Config moved successfully.
    Folder cleanup failed. H:\VIRUSfighter\Nvc\Bin scheduled to be deleted on reboot.
    Folder cleanup failed. H:\VIRUSfighter\Nvc scheduled to be deleted on reboot.
    H:\VIRUSfighter\Nse\Bin moved successfully.
    H:\VIRUSfighter\Nse moved successfully.
    H:\VIRUSfighter\npm\Info moved successfully.
    H:\VIRUSfighter\npm\config moved successfully.
    Folder cleanup failed. H:\VIRUSfighter\npm\bin scheduled to be deleted on reboot.
    Folder cleanup failed. H:\VIRUSfighter\npm scheduled to be deleted on reboot.
    H:\VIRUSfighter\npf\bin moved successfully.
    H:\VIRUSfighter\npf moved successfully.
    H:\VIRUSfighter\Msg moved successfully.
    H:\VIRUSfighter\Logs moved successfully.
    H:\VIRUSfighter\Download moved successfully.
    H:\VIRUSfighter\Config moved successfully.
    Folder cleanup failed. H:\VIRUSfighter scheduled to be deleted on reboot.
    H:\WINDOWS\ppqvmpqr moved successfully.
    H:\Program Files\zqbyxmbk moved successfully.
    H:\Program Files\Qfcwrntl moved successfully.

    Created on 12/27/2007 01:14:19

    En van hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:18:51, on 27/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    H:\Program Files\Belkin\Nostromo\nost_LM.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    H:\Program Files\Microsoft Windows OneCare Live\winss.exe
    H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\internet explorer\iexplore.exe
    H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\WINDOWS\system32\NOTEPAD.EXE
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195401160109
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
    O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Unknown owner - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - H:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - H:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    --
    End of file - 9104 bytes
  8. 27 December 2007, 02:21 #8
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    * Open hijackthis en vink volgende regel aan:

    O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe

    * Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

    * Download ATF cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    * Voer dan een schijfdefragmentatie uit, daarna vertel je me hoe alles verder werkt.

    Member of ASAP

  9. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    200016v (27 December 2007)
  10. 27 December 2007, 02:47 #9
    200016v
    200016v is offline
    Up-to-date  
    Geregistreerd
    7 October 2006
    Berichten
    25
    Bedankjes
    2
    Bedankt
    0 keer in 0 posts
    Zo op het eerste zicht werkt alles nog.
    Bedankt voor de hulp!
    Hoe kom ik eingenlijk aan zo een virus/trojan?
    Men vriendin zit veel op allerhande sites voor artwork,lettertypes en afbeeldingen(Photoshop). Kan het daaruit voortkomen?


    In ieder geval, men pc'tje werk terug, ik kan terug gamen.

    THX!

    Prettige feestdagen nog...
  11. 27 December 2007, 14:15 #10
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Nog een paar tips om problemen te voorkomen in de toekomst:

    Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

    Spywareblaster
    Adaware se
    Spybot s&d


    Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

    En kies eventueel een alternatieve browser zoals Opera of Firefox.

    En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
    Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

    En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

    Bekijk ook eens deze 2 filmpjes.. Heel interessant:
    http://www2.trosradar.nl/mediaplayer...&mode=dossier#
    http://www.benedelman.org/spyware/security-111804.wmv


    Meer preventietips zijn ook op volgende sites te vinden:

    http://www.bluemedicine.be
    http://users.telenet.be/marcvn/spyware
    How did I get infected in the first place (article by TonyKlein)
    Het voorkomen van spyware-infecties en browserhijacking

    Member of ASAP
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Trojan
    Door Francis in forum HijackThis
    Reacties: 8
    Laatste bericht: 17 June 2007, 19:47
  2. W32/Trojan.XKQ , Trojan nebuler
    Door johan k in forum HijackThis
    Reacties: 7
    Laatste bericht: 11 February 2007, 01:36
  3. Trojan
    Door kir2 in forum Malware
    Reacties: 5
    Laatste bericht: 7 January 2007, 15:30
  4. Trojan
    Door PrisonerOfToday in forum HijackThis
    Reacties: 17
    Laatste bericht: 18 September 2005, 19:58

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels