denk dat pc besmet is

**boefke36** · 3 March 2008, 21:05

ComboFix 08-03-03.6 - Mijn Pc 2008-03-04 19:56:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.282 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mijn Pc\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\Documents and Settings\Mijn Pc\coseai.exe
C:\Documents and Settings\Mijn Pc\dgkooi.exe
C:\Documents and Settings\Mijn Pc\dzicpm.exe
C:\Documents and Settings\Mijn Pc\fzwezc.exe
C:\Documents and Settings\Mijn Pc\mocapc.exe
C:\Documents and Settings\Mijn Pc\nrmncd.exe
C:\Documents and Settings\Mijn Pc\stszev.exe
C:\Documents and Settings\Mijn Pc\waytlk.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mijn Pc\coseai.exe
C:\Documents and Settings\Mijn Pc\dgkooi.exe
C:\Documents and Settings\Mijn Pc\dzicpm.exe
C:\Documents and Settings\Mijn Pc\fzwezc.exe
C:\Documents and Settings\Mijn Pc\mocapc.exe
C:\Documents and Settings\Mijn Pc\nrmncd.exe
C:\Documents and Settings\Mijn Pc\stszev.exe
C:\Documents and Settings\Mijn Pc\waytlk.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
.
2008-03-04 17:49 . 2008-03-04 17:49 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 20:00 . 2008-03-04 19:54 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\AVG7
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-02 11:40 . 2008-03-02 11:42 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-02 11:39 . 2008-03-02 11:40 <DIR> d-------- C:\Documents and Settings\Christel\Application Data\AVG7
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 21:44 . 2008-03-01 23:42 <DIR> d-------- C:\SDFix
2008-03-01 18:40 . 2008-03-04 17:51 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-29 00:22 . 2008-03-01 18:31 26,240 --a------ C:\WINDOWS\system32\drivers\Mqt03.sys
2008-02-28 23:44 . 2008-03-01 21:41 <DIR> d-------- C:\fixwareout
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-04 20:00 0 --a------ C:\WINDOWS\system.ini
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SurfRight
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
2008-02-15 19:41 . 2008-02-15 19:41 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-07 18:07 . 2008-02-08 22:06 <DIR> d-------- C:\Program Files\Unity
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-04 17:52 --------- d-----w C:\Program Files\SPAMfighter
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-01 21:27 --------- d-----w C:\Program Files\Java
2008-03-01 17:40 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-01 18:41 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-01 18:40 219136]
C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R0 Mqt03;Mqt03;C:\WINDOWS\system32\Drivers\Mqt03.sys [2008-03-01 18:31]
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys []
S3 {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};C:\WINDOWS\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
*Newly Created Service* - GTNDIS5
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 20:00:11
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C46 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"????????? ?J???????J????????????Y:~????????????????????????? ????????????Y:~???????????? ???8???????????X?;~????????????j?;~??????????????? |???????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Voltooingstijd: 2008-03-04 20:01:48
ComboFix-quarantined-files.txt 2008-03-04 19:01:41
ComboFix2.txt 2008-03-04 17:36:26
ComboFix3.txt 2008-03-03 22:16:37
.
2008-03-01 23:03:52 --- E O F ---

**Juisterr** · 4 March 2008, 13:50

Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Blijft er soms een printopdracht hangen >?

vertel even hoe het nu gaat aub.

**boefke36** · 4 March 2008, 18:06

hoi juisterr
voor zo ver ik weet blijft er geen printopdracht hangen.
alles werkt na behoren maar heb toch indruk dat het wat traag verloopt.
ik heb avg virusscan wel verwijderd daar ik al norman had maar zzou graag norman weg doen en avg houden . maar dat lukt me niet via de gewonen weg . een herstelpunt aan maken lukt ook niet .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:50, on 5/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 11455 bytes

**Juisterr** · 4 March 2008, 19:38

Er is ook nog iets niet weg.

Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\WLCtrl32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Driver::
Mqt03

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

**boefke36** · 5 March 2008, 18:30

hey juisterr

hier het logje ik denk dat we goed bezig zijn ale jij toch . krijg wel nog geregeld melding van trojans grtz

ComboFix 08-03-04.5 - Mijn Pc 2008-03-06 16:46:32.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.406 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mijn Pc\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\system32\WLCtrl32.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\WLCtrl32.dll
.
--------------- FMove ---------------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MQT03
-------\Mqt03

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))
.
2008-03-06 16:51 . 2008-03-06 16:51 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-06 16:15 . 2008-03-06 16:51 26,240 --a------ C:\WINDOWS\system32\drivers\Vad71.sys
2008-03-05 17:35 . 2008-03-05 17:35 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-05 16:40 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 16:36 . 2008-03-06 16:32 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-05 16:31 . 2004-08-04 09:03 399,360 --a------ C:\CF18861.exe
2008-03-04 21:13 . 2008-03-04 21:15 <DIR> d-------- C:\Documents and Settings\Lara\Contacts
2008-03-04 21:11 . 2008-03-04 21:11 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\MSN6
2008-03-04 21:02 . 2008-03-04 21:02 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\SPAMfighter
2008-03-04 21:01 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara\Sjablonen
2008-03-04 21:01 . 2008-03-04 21:02 <DIR> dr-h----- C:\Documents and Settings\Lara\Onlangs geopend
2008-03-04 21:01 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara\Netwerkprinteromgeving
2008-03-04 21:01 . 2008-03-04 21:12 <DIR> dr------- C:\Documents and Settings\Lara\Mijn documenten
2008-03-04 21:01 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara\Menu Start
2008-03-04 21:01 . 2008-03-04 21:02 <DIR> dr------- C:\Documents and Settings\Lara\Favorieten
2008-03-04 21:01 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\Lara\Bureaublad
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-28 23:44 . 2008-03-01 21:41 <DIR> d-------- C:\fixwareout
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-06 16:51 0 --a------ C:\WINDOWS\system.ini
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
2008-02-15 19:41 . 2008-02-15 19:41 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-07 18:07 . 2008-02-08 22:06 <DIR> d-------- C:\Program Files\Unity
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-06 15:54 --------- d-----w C:\Program Files\SPAMfighter
2008-03-05 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-01 21:27 --------- d-----w C:\Program Files\Java
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-03-06_16.42.55,93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-03-06 15:34:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-03-06 15:51:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-03-06 15:34:41 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2008-03-06 15:51:14 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2008-03-06 15:36:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist0120080306 20080307\index.dat
+ 2008-03-06 15:51:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist0120080306 20080307\index.dat
- 2008-03-06 15:34:41 114,688 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-06 15:51:14 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
R0 Vad71;Vad71;C:\WINDOWS\system32\Drivers\Vad71.sys [2008-03-06 16:51]
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys []
S3 {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};C:\WINDOWS\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
*Newly Created Service* - GTNDIS5
.
Inhoud van de 'Gedeelde Taken' map
"2007-03-24 11:37:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 15:00:08 C:\WINDOWS\Tasks\{69B2FB2F-DBCD-4C46-8E1E-25404F6499E6}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exeL /Schedule=
"2008-02-29 15:00:08 C:\WINDOWS\Tasks\{CDEF5967-310E-48EE-908E-4B20132FC970}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-02-28 08:00:13 C:\WINDOWS\Tasks\{E10560A8-A027-4A79-B7FE-77089204A9CD}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 16:52:27
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3}]
"ImagePath"="\??\C:\WINDOWS\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3}"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\IKEYRFK8.DLL
-> C:\WINDOWS\system32\Amhooker.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\msiexec.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-03-06 16:57:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 15:57:07
ComboFix2.txt 2008-03-06 15:43:42
ComboFix3.txt 2008-03-04 19:01:49
.
2008-03-01 23:03:52 --- E O F ---

**Juisterr** · 6 March 2008, 22:49

Wil je dit bestand verwijderen.
C:\WINDOWS\system32\WLCtrl32.dl_

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Plaats even een nieuw hjt logje en vertel even hoe het nu gaat aub.

**boefke36** · 11 March 2008, 10:39

hoi juisterr

sorry voor mijn laten reactie maar was er ff paar dagen tussen uit .
pc werkt al behoorlijk maar toch heb ik gevoel dat nog niet volledig ok is . norman geeft soms nog meldingen van trojans.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:10, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 11738 bytes

**Juisterr** · 11 March 2008, 13:15

Wil je het zo eens proberen aub.

wil je dit bestand eerst ook even downloaden: remove.exe sla dit op in dezelfde map als onderstaande

Start de computer in veilige modus.

Open een kladblokbestand.
Kopieer onderstaande (alles wat zwart gedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
remove C:\WINDOWS\system32\Drivers\Vad71.sys C:\WINDOWS\Temp\Vad71.sys
ren C:\WINDOWS\SYSTEM32\WLCtrl32.dll WLCtrl32.res
sc delete NSNDIS5
sc delete {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3}
sc delete ctredrv.sys
sc stop Vad71
sc delete Vad71
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
C:\WINDOWS\SYSTEM32\WLCtrl32.dll
C:\WINDOWS\SYSTEM32\WLCtrl32.res
C:\WINDOWS\system32\Drivers\Vad71.sys) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
start notepad log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat

Herstart naar normale modus en dubbelklik del.bat nog een keer, post het logje dat opent.

**boefke36** · 11 March 2008, 19:51

hey

als ik op de link remove.exe klik werkt die niet grtz

**Juisterr** · 11 March 2008, 20:38

je moet hem ook alleen opslaan en dan de rest doen.

Discussie: denk dat pc besmet is

Discussietools

Discussie doorzoeken

Weergave

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

PC besmet met Trojans

virus denk

een pop-up met de melding dat ik besmet ben met het W32.Myzor.FK@yf

ik denk een virus

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten