denk dat pc besmet is

[Juisterr]

Download: RVAXO.exe
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Je kunt het programma laten uitpakken naar je bureaublad.
Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.

Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent.
Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

Herstart je PC niet?

Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log


Open een kladblok bestand en kopieer onderstaande vetgedrukte tekst in dat kladblokbestand:
cd..
cd..
sc delete WebrootSpySweeperService


Sla het op op je bureaublad als sc.bat met als type "alle bestanden"
Dubbelklik sc.bat.

Herstart je pc.

plaats ook een nieuw HJT logje en vertel even hoe het gaat nu.

[boefke36]

hoi hier de gevraagde logjes
graag had ik norman volledig verwijderd maar lukt niet via software en manueel voor de rest werk het al stukken beter prima werk al geleverd

---RVAXO.exe Updated: 2008-03-02---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\actskn45.ocx

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

----a-w 2,003,456 2008-03-01 17:40:27 C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\setup.exe
----a-w 7,168 2008-02-28 07:41:16 C:\Documents and Settings\Mijn Pc\coseai.exe
----a-w 7,168 2008-02-28 23:01:16 C:\Documents and Settings\Mijn Pc\dgkooi.exe
----a-w 7,168 2008-02-28 12:24:28 C:\Documents and Settings\Mijn Pc\dzicpm.exe
----a-w 7,168 2008-02-28 10:28:45 C:\Documents and Settings\Mijn Pc\fzwezc.exe
----a-w 7,168 2008-02-28 10:34:16 C:\Documents and Settings\Mijn Pc\mocapc.exe
----a-w 7,168 2008-02-28 07:46:42 C:\Documents and Settings\Mijn Pc\nrmncd.exe
----a-w 7,168 2008-02-28 22:23:22 C:\Documents and Settings\Mijn Pc\stszev.exe
----a-w 7,168 2008-02-28 23:21:38 C:\Documents and Settings\Mijn Pc\waytlk.exe
----a-w 486,449 2008-02-28 22:33:53 C:\Documents and Settings\Mijn Pc\Bureaublad\Fixwareout.exe
----a-w 16,060,472 2008-03-01 13:46:19 C:\Documents and Settings\Mijn Pc\Bureaublad\Norman_Malware_Cleaner.exe
----a-w 409,600 2008-03-02 17:04:43 C:\Documents and Settings\Mijn Pc\Bureaublad\RVAXO.exe
----a-w 1,312,273 2008-03-01 20:16:08 C:\Documents and Settings\Mijn Pc\Bureaublad\SDFix.exe
----a-w 1,303,627 2008-02-28 22:29:54 C:\Documents and Settings\Mijn Pc\Bureaublad\SmitfraudFix.exe
----a-w 77,312 2008-02-21 21:44:51 C:\Documents and Settings\Mijn Pc\Bureaublad\SmitfraudFix\UIFix.exe
----a-w 86,016 2008-02-28 10:37:00 C:\Documents and Settings\Mijn Pc\Bureaublad\SmitfraudFix\VACFix.exe
----a-w 812,344 2008-02-29 21:56:02 C:\Documents and Settings\Mijn Pc\Mijn documenten\Mijn ontvangen bestanden\HJTInstall.exe
----a-w 816,368 2008-02-20 14:15:26 C:\Program Files\CCleaner\ccleaner.exe
----a-w 111,313 2008-03-02 12:09:49 C:\Program Files\CCleaner\uninst.exe
----a-w 418,816 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgamsvr.exe
----a-w 579,072 2008-03-01 17:41:58 C:\Program Files\Grisoft\AVG7\avgcc.exe
----a-w 406,528 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avgemc.exe
----a-w 510,976 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avginet.exe
----a-w 192,512 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgrssvc.exe
----a-w 61,952 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgscan.exe
----a-w 66,048 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\avgupdln.exe
----a-w 49,664 2008-03-01 17:40:23 C:\Program Files\Grisoft\AVG7\avgupsvc.exe
----a-w 389,632 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\avgvv.exe
----a-w 219,136 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\avgw.exe
----a-w 2,007,552 2008-03-02 08:47:37 C:\Program Files\Grisoft\AVG7\setup.exe
----a-w 396,288 2008-03-01 18:06:09 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
----a-w 142,336 2008-03-01 12:15:55 C:\SDFix\catchme.exe
---ha-w 6,656 2008-03-01 12:15:55 C:\SDFix\dummy.exe
----a-w 10,240 2008-03-01 12:15:52 C:\SDFix\apps\cliptext.exe
----a-w 61,440 2008-03-01 12:15:52 C:\SDFix\apps\download.exe
----a-w 6,656 2008-03-01 12:15:52 C:\SDFix\apps\dummy.exe
----a-w 157,696 2008-03-01 12:15:52 C:\SDFix\apps\ERUNT.EXE
----a-w 27,136 2008-03-01 12:15:53 C:\SDFix\apps\FixPath.exe
----a-w 80,412 2008-03-01 12:15:53 C:\SDFix\apps\grep.exe
----a-w 33,280 2008-03-01 12:15:53 C:\SDFix\apps\isadmin.exe
----a-w 49,152 2008-03-01 12:15:53 C:\SDFix\apps\LS.exe
----a-w 6,656 2008-03-01 12:15:53 C:\SDFix\apps\MD5File.exe
----a-w 53,248 2008-03-01 12:15:53 C:\SDFix\apps\Process.exe
----a-w 16,414 2008-03-01 12:15:53 C:\SDFix\apps\procs.exe
----a-w 61,440 2008-03-01 12:15:53 C:\SDFix\apps\psservice.exe
----a-w 90,112 2008-03-01 12:15:53 C:\SDFix\apps\RegDACL.exe
----a-w 146,432 2008-03-01 12:15:54 C:\SDFix\apps\regedit.exe
----a-w 8,192 2008-03-01 12:15:54 C:\SDFix\apps\RestartIt!.exe
----a-w 31,232 2008-03-01 12:15:54 C:\SDFix\apps\sc.exe
----a-w 98,816 2008-03-01 12:15:54 C:\SDFix\apps\sed.exe
----a-w 49,152 2008-03-01 12:15:54 C:\SDFix\apps\SF.exe
----a-w 19,456 2008-03-01 12:15:54 C:\SDFix\apps\shutdown.exe
----a-w 139,776 2008-03-01 12:15:54 C:\SDFix\apps\swreg.exe
----a-w 40,960 2008-03-01 12:15:54 C:\SDFix\apps\swsc.exe
----a-w 167,936 2008-03-01 12:15:55 C:\SDFix\apps\unzip.exe
----a-w 49,152 2008-03-01 12:15:55 C:\SDFix\apps\vfind.exe
----a-w 41,472 2008-03-01 12:15:55 C:\SDFix\apps\WINMSG.EXE
----a-w 126,976 2008-03-01 12:15:55 C:\SDFix\apps\zip.exe
----a-w 94,208 2008-03-01 12:15:54 C:\SDFix\apps\Replace\W2K.exe
----a-w 94,208 2008-03-01 12:15:54 C:\SDFix\apps\Replace\XP.exe
----a-w 89,600 2008-02-27 21:59:41 C:\WINDOWS\WCSMON.EXE
----a-w 163,328 2008-03-01 12:15:52 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 163,328 2008-03-01 12:15:52 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 74,137 2008-02-20 11:55:20 C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Entries: 64 (63)
Directories: 0 Files: 64
Bytes: 31,235,985 Blocks: 61,015
=============
----a-w 868,352 2008-02-22 10:33:48 C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\sunsetstudio\nl-NL\sunsetstudio.dll
----a-w 121,912 2008-02-13 10:00:00 C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NVC\Bin\nvcmflt.dll
----a-w 23,040 2008-02-20 11:47:00 C:\Program Files\CCleaner\lang-1043.dll
----a-w 49,664 2008-03-01 17:40:16 C:\Program Files\Grisoft\AVG7\avg6cmpt.dll
----a-w 435,712 2008-03-01 17:41:58 C:\Program Files\Grisoft\AVG7\avgabout.dll
----a-w 278,016 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgamint.dll
----a-w 10,752 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgamsps.dll
----a-w 582,656 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avgcckrn.dll
----a-w 572,928 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avgcfg.dll
----a-w 615,936 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\avgcore.dll
----a-w 905,728 2008-03-01 17:41:58 C:\Program Files\Grisoft\AVG7\avgctrl.dll
----a-w 10,752 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgemcps.dll
----a-w 416,768 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avgemsui.dll
----a-w 138,752 2008-03-01 17:40:20 C:\Program Files\Grisoft\AVG7\avgeud32.dll
----a-w 48,128 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgf.dll
----a-w 19,968 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\avghlog.dll
----a-w 131,072 2008-03-01 17:40:20 C:\Program Files\Grisoft\AVG7\avginet.dll
----a-w 61,440 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgklib.dll
----a-w 58,368 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avglng.dll
----a-w 104,960 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\avglog.dll
----a-w 144,384 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgmail.dll
----a-w 15,360 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgmvfl.dll
----a-w 54,784 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgoff2k.dll
----a-w 69,632 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgrep.dll
----a-w 1,282,560 2008-03-01 17:40:18 C:\Program Files\Grisoft\AVG7\avgres.dll
----a-w 761,856 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avgresf.dll
----a-w 392,704 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\avgscan.dll
----a-w 50,688 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgse.dll
----a-w 467,456 2008-03-01 17:41:58 C:\Program Files\Grisoft\AVG7\avgset.dll
----a-w 604,160 2008-03-01 17:41:59 C:\Program Files\Grisoft\AVG7\avgtest.dll
----a-w 411,648 2008-03-01 17:40:21 C:\Program Files\Grisoft\AVG7\avgtmgr.dll
----a-w 245,248 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\avgtres.dll
----a-w 191,488 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\avgunarc.dll
----a-w 620,032 2008-03-01 17:41:44 C:\Program Files\Grisoft\AVG7\avgupd.dll
----a-w 10,240 2008-03-01 17:40:27 C:\Program Files\Grisoft\AVG7\avgupsvc.dll
----a-w 82,944 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\avgvault.dll
----a-w 1,038,848 2008-03-01 17:40:27 C:\Program Files\Grisoft\AVG7\dbghelp.dll
----a-w 46,080 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\libsasl.dll
----a-w 10,240 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\saslcrammd5.dll
----a-w 27,648 2008-03-01 17:40:20 C:\Program Files\Grisoft\AVG7\sasldigestmd5.dll
----a-w 9,216 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\sasllogin.dll
----a-w 9,216 2008-03-01 17:40:19 C:\Program Files\Grisoft\AVG7\saslplain.dll
----a-w 8,464 2008-03-01 17:40:22 C:\Program Files\Grisoft\AVG7\sporder.dll
----a-w 284,016 2008-02-15 00:00:00 C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
----a-w 128,368 2008-02-15 00:00:00 C:\WINDOWS\Downloaded Program Files\naveng32.dll
----a-w 943,472 2008-02-15 00:00:00 C:\WINDOWS\Downloaded Program Files\navex32a.dll
Entries: 46 (46)
Directories: 0 Files: 46
Bytes: 13,365,656 Blocks: 26,107
=============
----a-w 1,532 2008-03-01 17:40:37 C:\Documents and Settings\All Users\Bureaublad\AVG 7.5.lnk
----a-w 2,497 2008-02-19 19:03:21 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Excel.lnk
----a-w 2,339 2008-02-29 22:33:34 C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live Messenger.lnk
----a-w 1,551 2008-03-01 17:40:37 C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 7.5\AVG Control Center.lnk
----a-w 1,544 2008-03-01 17:40:37 C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 7.5\AVG Test Center.lnk
----a-w 1,551 2008-03-01 17:40:37 C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 7.5\AVG Virus Vault.lnk
----a-w 1,573 2008-03-01 17:40:37 C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 7.5\Uninstall AVG.lnk
----a-w 1,572 2008-02-28 19:21:32 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Systeemwerkset\Schijfdefragmentatie.ln k
----a-w 1,746 2008-03-01 18:06:10 C:\Documents and Settings\All Users\Menu Start\Programma's\HijackThis\HijackThis.lnk
----a-w 2,509 2008-02-25 19:38:20 C:\Documents and Settings\Christel\Bureaublad\Microsoft Word.lnk
----a-w 616 2008-03-02 10:42:11 C:\Documents and Settings\Christel\Onlangs geopend\NFix_2008-03-01_16-07-01.lnk
----a-w 779 2008-03-02 13:57:27 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
----a-w 804 2008-03-02 13:59:27 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
----a-w 767 2008-03-02 13:57:27 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start\Programma's\Internet Explorer.lnk
----a-w 738 2008-03-02 13:57:28 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start\Programma's\Outlook Express.lnk
----a-w 792 2008-03-02 13:59:27 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start\Programma's\Windows Media Player.lnk
----a-w 774 2008-03-02 13:57:23 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start\Programma's\Bureau-accessoires\Adresboek.lnk
----a-w 1,487 2008-03-02 14:05:53 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start\Programma's\Bureau-accessoires\Windows Verkenner.lnk
----a-w 804 2008-03-02 13:59:27 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start\Programma's\Bureau-accessoires\Entertainment\Windows Media Player.lnk
----a-w 766 2008-03-02 13:57:15 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen.lnk
----a-w 706 2008-03-02 13:57:15 C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten\Mijn muziek\Voorbeelden van muziek.lnk
----a-w 881 2008-02-28 12:26:28 C:\Documents and Settings\Mijn Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
----a-w 1,192 2008-03-02 15:43:48 C:\Documents and Settings\Mijn Pc\Application Data\Microsoft\Office\Recent\GrandCanyon-3.lnk
----a-w 1,052 2008-03-02 15:43:49 C:\Documents and Settings\Mijn Pc\Application Data\Microsoft\Office\Recent\OJ2L4BMV.lnk
----a-w 1,548 2008-03-02 12:09:22 C:\Documents and Settings\Mijn Pc\Bureaublad\CCleaner.lnk
----a-w 1,734 2008-03-01 18:06:10 C:\Documents and Settings\Mijn Pc\Bureaublad\HijackThis.lnk
----a-w 869 2008-02-28 12:26:28 C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\Internet Explorer.lnk
----a-w 1,560 2008-03-02 12:09:22 C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\CCleaner\CCleaner.lnk
----a-w 1,544 2008-03-02 12:09:22 C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\CCleaner\Uninstall CCleaner.lnk
----a-w 497 2008-03-02 15:28:15 C:\Documents and Settings\Mijn Pc\Onlangs geopend\catchme.lnk
----a-w 521 2008-03-02 17:26:26 C:\Documents and Settings\Mijn Pc\Onlangs geopend\hijackthis2.lnk
----a-w 293 2008-03-02 17:22:59 C:\Documents and Settings\Mijn Pc\Onlangs geopend\Lokaal station (C).lnk
----a-w 440 2008-03-02 17:22:59 C:\Documents and Settings\Mijn Pc\Onlangs geopend\RVAXO-results.lnk
----a-w 509 2008-03-02 17:02:20 C:\Documents and Settings\Mijn Pc\Onlangs geopend\uitvoeren.lnk
----a-w 514 2008-03-02 17:19:36 C:\Documents and Settings\Mijn Pc\Onlangs geopend\uitvoeren2.lnk
Entries: 35 (35)
Directories: 0 Files: 35
Bytes: 40,601 Blocks: 99
=============
----a-w 26 2008-03-01 20:37:36 C:\fixwareout\FindT\pre.bat
----a-w 487,404 2008-03-01 12:15:55 C:\SDFix\RunThis.bat
----a-w 719,362 2008-03-02 09:54:08 C:\WINDOWS\system32\RVAXO.bat
Entries: 3 (3)
Directories: 0 Files: 3
Bytes: 1,206,792 Blocks: 2,359
=============
--sha-w 352,321,536 2008-03-02 17:14:44 C:\pagefile.sys
---ha-w 1,024 2008-03-01 12:15:55 C:\SDFix\dummy.sys
----a-w 1,024 2008-03-01 12:15:52 C:\SDFix\apps\dummy.sys
----a-w 4,080 2008-03-01 12:15:54 C:\SDFix\apps\Replace\w2k\beep.sys
----a-w 2,800 2008-03-01 12:15:54 C:\SDFix\apps\Replace\w2k\null.sys
----a-w 4,224 2008-03-01 12:15:54 C:\SDFix\apps\Replace\xp\beep.sys
----a-w 2,944 2008-03-01 12:15:54 C:\SDFix\apps\Replace\xp\null.sys
----a-w 821,856 2008-03-01 17:40:27 C:\WINDOWS\system32\drivers\avg7core.sys
----a-w 4,224 2008-03-01 17:40:32 C:\WINDOWS\system32\drivers\avg7rsw.sys
----a-w 27,776 2008-03-01 17:40:33 C:\WINDOWS\system32\drivers\avg7rsxp.sys
----a-w 10,760 2008-03-01 17:42:00 C:\WINDOWS\system32\drivers\avgclean.sys
----a-w 26,952 2008-03-01 17:41:57 C:\WINDOWS\system32\drivers\avgmfx86.sys
----a-w 4,960 2008-03-01 17:40:35 C:\WINDOWS\system32\drivers\avgtdi.sys
----a-w 26,240 2008-03-01 17:31:49 C:\WINDOWS\system32\drivers\Mqt03.sys
Entries: 14 (12)
Directories: 0 Files: 14
Bytes: 353,260,400 Blocks: 689,968
=============



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:55, on 2/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 12196 bytes



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:48, on 2/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 12248 bytes

[Juisterr]

Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven





Jotti Virusscan http://virusscan.jotti.org/
Bovenin staat “file to upload”.



C:\WINDOWS\SYSTEM32\WLCtrl32.dll Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken. Kopieer het antwoord dat je krijgt in je volgende post.

Als de server te druk is kun je het bestand ook hier laten scannen:
Kaspersky filescanner http://www.kaspersky.com/scanforvirus

[boefke36]

Scan taken on 02 Mar 2008 20:21:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.DownLoader.49451
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.kep
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.kep
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Last file scanned at least one scanner reported something about: empire1nuevaunidad.exe.exe (MD5: a333d4b5d8cbd5f2b7633a4d3959ba8d, size: 8192 bytes), detected by:

Scanner Malware name A-Squared X AntiVir TR/Crypt.XPACK.Gen ArcaVir X Avast X AVG Antivirus X BitDefender MemScan:Backdoor.PoisonIvy.L ClamAV X CPsecure X Dr.Web Win32.HLLW.Autoruner.848 F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Ikarus X Kaspersky Anti-Virus Trojan.Win32.Inject.zg NOD32 X Norman Virus Control Sandbox: W32/Malware Panda Antivirus X Rising Antivirus X Sophos Antivirus X VirusBuster X VBA32 MalwareScope.Trojan-Downloader.Obfuscated.5

[Juisterr]

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden

Volg de instructies die daar gegeven worden.
Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

[boefke36]

hier logje super bedankt dat jij er de tijd voor neemt om mij verder te helpen

ComboFix 08-03-03.6 - Mijn Pc 2008-03-02 23:10:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.247 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\Cache\0043F382
C:\Program Files\iMeshBar\bar\Cache\0043F854
C:\Program Files\iMeshBar\bar\Cache\0043FA29.bin
C:\Program Files\iMeshBar\bar\Cache\0043FBBF.bmp
C:\Program Files\iMeshBar\bar\Cache\0043FD55.bmp
C:\Program Files\iMeshBar\bar\Cache\files.ini
C:\Program Files\iMeshBar\bar\History\search
C:\Program Files\iMeshBar\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\f3PSSavr.scr
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))
.
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 22:00 . 2008-03-02 22:00 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 20:00 . 2008-03-02 23:08 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-02 18:36 . 2008-03-02 21:58 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-02 18:27 . 2008-03-02 18:36 <DIR> d-------- C:\RVAXO
2008-03-02 18:13 . 2008-03-02 18:14 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.rvaxo
2008-03-02 18:09 . 2008-03-02 10:54 719,362 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-03-02 18:09 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\AVG7
2008-03-02 12:12 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\egyvbdkfcyll.sys
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-02 11:40 . 2008-03-02 11:42 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-02 11:39 . 2008-03-02 11:40 <DIR> d-------- C:\Documents and Settings\Christel\Application Data\AVG7
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 21:44 . 2008-03-01 23:42 <DIR> d-------- C:\SDFix
2008-03-01 18:40 . 2008-03-02 22:03 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-29 00:22 . 2008-03-01 18:31 26,240 --a------ C:\WINDOWS\system32\drivers\Mqt03.sys
2008-02-29 00:21 . 2008-02-29 00:21 7,168 --a------ C:\Documents and Settings\Mijn Pc\waytlk.exe
2008-02-29 00:01 . 2008-02-29 00:01 7,168 --a------ C:\Documents and Settings\Mijn Pc\dgkooi.exe
2008-02-28 23:44 . 2008-03-01 21:41 <DIR> d-------- C:\fixwareout
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:23 . 2008-02-28 23:23 7,168 --a------ C:\Documents and Settings\Mijn Pc\stszev.exe
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-03 23:14 0 --a------ C:\WINDOWS\system.ini
2008-02-28 13:24 . 2008-02-28 13:24 7,168 --a------ C:\Documents and Settings\Mijn Pc\dzicpm.exe
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SurfRight
2008-02-28 11:34 . 2008-02-28 11:34 7,168 --a------ C:\Documents and Settings\Mijn Pc\mocapc.exe
2008-02-28 11:28 . 2008-02-28 11:28 7,168 --a------ C:\Documents and Settings\Mijn Pc\fzwezc.exe
2008-02-28 08:46 . 2008-02-28 08:46 7,168 --a------ C:\Documents and Settings\Mijn Pc\nrmncd.exe
2008-02-28 08:41 . 2008-02-28 08:41 7,168 --a------ C:\Documents and Settings\Mijn Pc\coseai.exe
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
2008-02-15 19:41 . 2008-02-15 19:41 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-07 18:07 . 2008-02-08 22:06 <DIR> d-------- C:\Program Files\Unity
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-02 22:03 --------- d-----w C:\Program Files\SPAMfighter
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-01 21:27 --------- d-----w C:\Program Files\Java
2008-03-01 17:40 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-01 18:41 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11 2500096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-01 18:40 219136]
C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-02 21:58 11776 C:\WINDOWS\system32\WLCtrl32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R0 Mqt03;Mqt03;C:\WINDOWS\system32\Drivers\Mqt03.sys [2008-03-01 18:31]
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys []
S3 {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};C:\WINDOWS\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 23:14:36
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C46 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"????????? ?J???????J????????????Y:~????????????????????????? ????????????Y:~???????????? ???8???????????X?;~????????????j?;~??????????????? |???????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Voltooingstijd: 2008-03-03 23:16:35
ComboFix-quarantined-files.txt 2008-03-03 22:16:29
.
2008-03-01 23:03:52 --- E O F ---

[boefke36]

hier laatste hijackje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:29, on 3/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 12924 bytes

[Juisterr]

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Verwijder de wareoutfix en de Sdfix aub.



Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• File::
  C:\WINDOWS\system32\WLCtrl32.dll
  C:\WINDOWS\system32\WLCtrl32.rvaxo
  C:\WINDOWS\system32\drivers\egyvbdkfcyll.sys
  C:\WINDOWS\mmhren1.exe
• Folder::
  C:\Documents and Settings\Mijn Pc\mocapc.exe
  C:\Documents and Settings\Mijn Pc\fzwezc.exe
  C:\Documents and Settings\Mijn Pc\nrmncd.exe
  C:\Documents and Settings\Mijn Pc\coseai.exe
  C:\Documents and Settings\Mijn Pc\dzicpm.exe
  C:\Documents and Settings\Mijn Pc\stszev.exe
  C:\Documents and Settings\Mijn Pc\dgkooi.exe
  C:\Documents and Settings\Mijn Pc\waytlk.exe
• 
  Driver::
  Mqt03
• 
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
  

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.</SPAN>


plaats ook een nieuw HJT logje aub.

[boefke36]

hoi
ik merk hier al serieuse vooruitgang ben zeer tevrede over het handelen heb wel nog wat kleine vraagjes met opstarten duurt het wel een poosje voor ik internet verbinding heb mss is dat nu nog niet aan de orde om op te lossen . en als ik ga zien na systeemherstel merk ik dat er geen zijn .
Mvg


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:23, on 4/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 12453 bytes

ComboFix 08-03-03.6 - Mijn Pc 2008-03-04 18:30:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.276 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mijn Pc\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\mmhren1.exe
C:\WINDOWS\system32\drivers\egyvbdkfcyll.sys
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WLCtrl32.rvaxo
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\egyvbdkfcyll.sys
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WLCtrl32.rvaxo
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
.
2008-03-04 17:49 . 2008-03-04 17:49 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 20:00 . 2008-03-04 18:28 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\AVG7
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-02 11:40 . 2008-03-02 11:42 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-02 11:39 . 2008-03-02 11:40 <DIR> d-------- C:\Documents and Settings\Christel\Application Data\AVG7
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 21:44 . 2008-03-01 23:42 <DIR> d-------- C:\SDFix
2008-03-01 18:40 . 2008-03-04 17:51 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-29 00:22 . 2008-03-01 18:31 26,240 --a------ C:\WINDOWS\system32\drivers\Mqt03.sys
2008-02-29 00:21 . 2008-02-29 00:21 7,168 --a------ C:\Documents and Settings\Mijn Pc\waytlk.exe
2008-02-29 00:01 . 2008-02-29 00:01 7,168 --a------ C:\Documents and Settings\Mijn Pc\dgkooi.exe
2008-02-28 23:44 . 2008-03-01 21:41 <DIR> d-------- C:\fixwareout
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:23 . 2008-02-28 23:23 7,168 --a------ C:\Documents and Settings\Mijn Pc\stszev.exe
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-04 18:34 0 --a------ C:\WINDOWS\system.ini
2008-02-28 13:24 . 2008-02-28 13:24 7,168 --a------ C:\Documents and Settings\Mijn Pc\dzicpm.exe
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SurfRight
2008-02-28 11:34 . 2008-02-28 11:34 7,168 --a------ C:\Documents and Settings\Mijn Pc\mocapc.exe
2008-02-28 11:28 . 2008-02-28 11:28 7,168 --a------ C:\Documents and Settings\Mijn Pc\fzwezc.exe
2008-02-28 08:46 . 2008-02-28 08:46 7,168 --a------ C:\Documents and Settings\Mijn Pc\nrmncd.exe
2008-02-28 08:41 . 2008-02-28 08:41 7,168 --a------ C:\Documents and Settings\Mijn Pc\coseai.exe
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
2008-02-15 19:41 . 2008-02-15 19:41 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-07 18:07 . 2008-02-08 22:06 <DIR> d-------- C:\Program Files\Unity
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-04 16:49 --------- d-----w C:\Program Files\SPAMfighter
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-01 21:27 --------- d-----w C:\Program Files\Java
2008-03-01 17:40 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-01 18:41 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-01 18:40 219136]
C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R0 Mqt03;Mqt03;C:\WINDOWS\system32\Drivers\Mqt03.sys [2008-03-01 18:31]
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys []
S3 {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};C:\WINDOWS\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
*Newly Created Service* - GTNDIS5
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 18:34:29
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C46 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"????????? ?J???????J????????????Y:~????????????????????????? ????????????Y:~???????????? ???8???????????X?;~????????????j?;~??????????????? |???????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Voltooingstijd: 2008-03-04 18:36:24
ComboFix-quarantined-files.txt 2008-03-04 17:36:15
ComboFix2.txt 2008-03-03 22:16:37
.
2008-03-01 23:03:52 --- E O F ---

[Juisterr]

Een dingetje toch nog.

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• 
  File::
  C:\Documents and Settings\Mijn Pc\mocapc.exe
  C:\Documents and Settings\Mijn Pc\fzwezc.exe
  C:\Documents and Settings\Mijn Pc\nrmncd.exe
  C:\Documents and Settings\Mijn Pc\coseai.exe
  C:\Documents and Settings\Mijn Pc\dzicpm.exe
  C:\Documents and Settings\Mijn Pc\stszev.exe
  C:\Documents and Settings\Mijn Pc\dgkooi.exe
  C:\Documents and Settings\Mijn Pc\waytlk.exe
  
  

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.