denk dat pc besmet is

**boefke36** · 28 February 2008, 12:10

Logfile of HijackThis v1.99.1
Scan saved at 11:03:02, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\ipsecpooler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\grax.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\Program Files\Hitman Pro\hitmanpro2.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Mijn Pc\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euphony.be/site/indexNL.p...n=BELGIE%20(NL)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cse-genk.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {0F240256-9E39-4E57-AD5C-55700B7A2388} - C:\WINDOWS\dgtxrdfwrv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - C:\DOCUME~1\MIJNPC~1\LOCALS~1\Temp\ieobj.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1204149701.dll
O2 - BHO: MS Video Control 1.0 - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - C:\WINDOWS\msvidc32.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ekvgsnw - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - C:\WINDOWS\ekvgsnw.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\grax.exe
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E3EF57-B388-48E1-A778-692833A5B393}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: alofkmn - {7C488C13-1546-406A-9CE5-73F374983866} - C:\WINDOWS\alofkmn.dll
O21 - SSODL: bxlrvps - {3404902A-141B-4AA6-B99B-C1D0A36A52E6} - C:\WINDOWS\bxlrvps.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IP SEC PROTOCOL POLLER (IPSecPooler) - Unknown owner - C:\WINDOWS\system32\ipsecpooler.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

**Juisterr** · 28 February 2008, 16:10

U denkt dat de pc besmet is ??

Ik weet het wel zeker.

**Juisterr** · 28 February 2008, 16:17

Hallo, ik zie verschillende besmettingen.

Ik ga wat tooltjes aanbieden, volg nauwkeurig de aanwijzingen.

Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
(kopieer de tekst naar bijv. Word en print dit uit)</span>

1 )
Download SmitfraudFix.exe (by S!Ri), en plaats het op je bureaublad.
Indien dit niet lukt, download dan vanaf deze pagina.

Start je PC op in VEILIGE mode.
Kijk hier hoe dat moet.

Dubbelklik op smitfraudfix.exe
Kies optie #2 - Clean door2 te typen, en druk op "Enter" om de
ge?nfecteerde bestanden te verwijderen.

Je zal een vraag krijgen: "Registry cleaning - Do you want to clean the registry ?"
Antwoord "yes" door y te typen en druk op "Enter".

Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus.

Het tooltje zal nu onderzoeken of wininet.dll geïnfecteerd is. Je kan dus de vraag krijgen of je
het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door y te typen en druk op "Enter".

Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord.
(Je kan het rapport ook vinden in c:\rapport.txt )

2 )

Download FixWareOut van één van de volgende links:

Sla het op je bureaublad op en dubbelklik op Fixwareout.exe.
Klik op "Next", daarna op "Install".
Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
Volg de aanwijzingen op het scherm.
Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
Het zal wat langer duren voor de computer opnieuw volledig opgestart is. dit is normaal.
Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).

Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.</span>

Als je problemen hebt met de internet verbinding, voer dan het volgende uit:
Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".

Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".
Ga naar Start -> Uitvoeren en tik in "cmd"
Druk op enter.
Daarna tik je in: ipconfig /flushdns
Druk op enter.
Sluit het venster.

Herstart je pc.

Plaats de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt,
post ook een nieuw HijackThis log.

Nu we het daar over hebben, U gebruikt een oude versie van HJT, maak aub het nieuwe logje met deze versie.
* Download Trend Micro Hijack This™
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.

veel succes

**boefke36** · 1 March 2008, 00:06

hoi
hier mijn nieuw logje heb alles gedaan hoe jij het beschreven hebt alvast super bedankt daarvoor . mijn internet is wel nog traag en krijg geregeld aanvallen van trojans die wel door virusscanner worden tegen gehouden. kan mijn systeemherstel niet meer gebruiken daar het toch ingeschakelt staat .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:04, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\ipsecpooler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F240256-9E39-4E57-AD5C-55700B7A2388} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - (no file)
O2 - BHO: (no name) - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CS2\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: alofkmn - {7C488C13-1546-406A-9CE5-73F374983866} - (no file)
O21 - SSODL: bxlrvps - {3404902A-141B-4AA6-B99B-C1D0A36A52E6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IP SEC PROTOCOL POLLER (IPSecPooler) - Unknown owner - C:\WINDOWS\system32\ipsecpooler.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 12976 bytes

**Juisterr** · 1 March 2008, 16:23

Bedankt voor je nieuwe logje, maar ik mis nog twee logjes.

Mag ik dus de uitslag van
c:\rapport.txt en
C:\fixwareout\report.txt

aub.

**boefke36** · 1 March 2008, 20:23

Juisterr,

Hier nog wat bijkomende informatie een tooltje van NORMAN heeft in de veiligheidsmode het volgende gevonden zie het rapport, mijn virus programma werkt nu niet meer ik heb AVG gedownload en heeft op C:\Documents and Settings\Mijn Pc\Local Settings\Temp een services.exe bestand gevonden dat ik niet kan verwijderen.

Rapport tool Norman:

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/02/13 17:04:03
Norman Scanner Engine Version: 5.91.10
Nvcbin.def Version: 5.90.00, Date: 2008/02/13 17:04:03, Variants: 1304976
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: MIJN-AP8Q6JXN9H\Mijn Pc
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\MIJN PC~1\LOCALS~1\Temp\services.exe" -> "C:\WINDOWS\System32\userinit.exe,"
Scan started: 01/03/2008 16:07:01

Scanning running processes and process memory...
Number of processes/threads found: 540
Number of processes/threads scanned: 539
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 20s

Scanning file system...
Scanning: C:\*.*
C:\System Volume Information\_RESTO~1\RP810\A0319983.exe (Infected with W32/Horst.gen33)
Deleted file
C:\WINDOWS\system32\ipsecpooler_exe.vir (Infected with W32/Horst.gen33)
Deleted file
Scanning: c:\System Volume Information\*.*

Running post-scan cleanup routine:
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\MIJN PC~1\LOCALS~1\Temp\services.exe" -> "C:\WINDOWS\System32\userinit.exe,"
Number of files found: 111927
Number of archives unpacked: 1451
Number of files scanned: 111905
Number of files not scanned: 22
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 1h 9m 55s

Een nieuw logbestand:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:36, on 1/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F240256-9E39-4E57-AD5C-55700B7A2388} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - (no file)
O2 - BHO: (no name) - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CS2\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: alofkmn - {7C488C13-1546-406A-9CE5-73F374983866} - (no file)
O21 - SSODL: bxlrvps - {3404902A-141B-4AA6-B99B-C1D0A36A52E6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IP SEC PROTOCOL POLLER (IPSecPooler) - Unknown owner - C:\WINDOWS\system32\ipsecpooler.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 13779 bytes

fixwareout report:

Username "Mijn Pc" - 01/03/2008 12:09:31 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
"nameserver"="85.255.116.166 85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{042925DA-B7BE-47CB-9995-229D9490DE65}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{43970359-DAEA-49C5-B77C-377318DE95D9}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{5E7882F6-686E-4D90-A963-AD8360C3CACE}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{7227A561-F4F8-445A-8E97-264FFC5AD354}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{042925DA-B7BE-47CB-9995-229D9490DE65}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{43970359-DAEA-49C5-B77C-377318DE95D9}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{5E7882F6-686E-4D90-A963-AD8360C3CACE}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{7227A561-F4F8-445A-8E97-264FFC5AD354}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{D9E3EF57-B388-48E1-A778-692833A5B393}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTimer"="VTTimer.exe"
"iKeyWorks"="C:\\PROGRA~1\\Hardware\\Keyboard\\Ike ymain.exe"
"WheelMouse"="C:\\PROGRA~1\\Hardware\\Mouse\\Amoum ain.exe"
"SoundMan"="SOUNDMAN.EXE"
"Norman ZANDA"="C:\\Documents and Settings\\Mijn Pc\\Mijn documenten\\Norman\\Norman\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f ,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.e xe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"Flash Media"="C:\\DOCUME~1\\MIJNPC~1\\LOCALS~1\\Temp\\se rvices.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /M \"Stylus C46\" /EF \"HKCU\""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Het C:\rapport:

SmitFraudFix v2.298
Scan done at 18:24:49,50, za 01/03/2008
Run from C:\Documents and Settings\Mijn Pc\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D9E3EF57-B388-48E1-A778-692833A5B393}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: DhcpNameServer=172.19.3.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D9E3EF57-B388-48E1-A778-692833A5B393}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: DhcpNameServer=172.19.3.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{042925DA-B7BE-47CB-9995-229D9490DE65}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{43970359-DAEA-49C5-B77C-377318DE95D9}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E7882F6-686E-4D90-A963-AD8360C3CACE}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7227A561-F4F8-445A-8E97-264FFC5AD354}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D9E3EF57-B388-48E1-A778-692833A5B393}: DhcpNameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: DhcpNameServer=172.19.3.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

**Juisterr** · 1 March 2008, 21:32

Hallo, nu is het toch van belang dat je "alleen" doet wat ik adviseer en niet van alles en nog wat gaat doen wat ik dus niet van je vraag.

Ik vermoed dat je hitmanpro gebruikt, wil je die uninstallen via software met alle componenten aub.

Download SDFix en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

nog even niks mee doen.

Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {0F240256-9E39-4E57-AD5C-55700B7A2388} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - (no file)
O2 - BHO: (no name) - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - (no file)
O3 - Toolbar: (no name) - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O21 - SSODL: alofkmn - {7C488C13-1546-406A-9CE5-73F374983866} - (no file)
O21 - SSODL: bxlrvps - {3404902A-141B-4AA6-B99B-C1D0A36A52E6} - (no file)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Fixwareout.exe.
Klik op "Next", daarna op "Install".
Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
Volg de aanwijzingen op het scherm.
Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
Het zal wat langer duren voor de computer opnieuw volledig opgestart is. dit is normaal.
Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).

Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.

Plaats de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.

Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beeindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

**boefke36** · 1 March 2008, 23:55

Juisterr,

Het internet gaat al een stuk sneller er is vooruitgang.

Raport Fixwareout:

Username "Mijn Pc" - 01/03/2008 21:34:06 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
"nameserver"="85.255.116.166 85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{042925DA-B7BE-47CB-9995-229D9490DE65}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{43970359-DAEA-49C5-B77C-377318DE95D9}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{5E7882F6-686E-4D90-A963-AD8360C3CACE}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{61CA5BF2-A69E-487E-8001-D30B4A3AC1D2}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{7227A561-F4F8-445A-8E97-264FFC5AD354}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{ECC01CB1-D309-4ECE-9A6C-0C4DFA01DC5B}
"nameserver"="85.255.116.166,85.255.112.90" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{042925DA-B7BE-47CB-9995-229D9490DE65}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{43970359-DAEA-49C5-B77C-377318DE95D9}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{5E7882F6-686E-4D90-A963-AD8360C3CACE}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{7227A561-F4F8-445A-8E97-264FFC5AD354}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{D9E3EF57-B388-48E1-A778-692833A5B393}
"DhcpNameServer"="85.255.116.166,85.255.112.90 " <Value cleared.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTimer"="VTTimer.exe"
"iKeyWorks"="C:\\PROGRA~1\\Hardware\\Keyboard\\Ike ymain.exe"
"WheelMouse"="C:\\PROGRA~1\\Hardware\\Mouse\\Amoum ain.exe"
"SoundMan"="SOUNDMAN.EXE"
"Norman ZANDA"="C:\\Documents and Settings\\Mijn Pc\\Mijn documenten\\Norman\\Norman\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH"
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.e xe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"Flash Media"="C:\\DOCUME~1\\MIJNPC~1\\LOCALS~1\\Temp\\se rvices.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /M \"Stylus C46\" /EF \"HKCU\""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Rapport SDFix:

SDFix: Version 1.150
Run by Mijn Pc on za 01/03/2008 at 22:07
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name:
hipsrv
IPSECNDISBRIDGE
IPSecPooler
userinfo32
Path:
\??\C:\WINDOWS\system\hipsrv.mm
\??\C:\WINDOWS\system32\ipsecndis.sys
C:\WINDOWS\system32\ipsecpooler.exe
\??\C:\WINDOWS\system\userinfo32.ggt
hipsrv - Deleted
IPSECNDISBRIDGE - Deleted
IPSecPooler - Deleted
userinfo32 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Service asc3550o - Deleted after Reboot
Service Xwf36 - Deleted after Reboot
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\drivers\Xwf36.sys - Deleted
C:\134575~1 - Deleted
C:\WINDOWS\SYSTEM32\FUGFIDTI.TMP - Deleted
C:\DOCUME~1\MIJNPC~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\ipsecndis.sys - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\WLCtrl32.dl_ - Deleted
C:\WINDOWS\system\hipsrv.mm - Deleted
C:\WINDOWS\system\userinfo32.ggt - Deleted
C:\WINDOWS\system32\drivers\symavc32.sys - Deleted

Removing Temp Files
ADS Check :

Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 22:14:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe"="C:\\Prog ram Files\\Voiceglo\\Glophone\\glophone.exe:*

isabled:webphone"
"c:\\windows\\system32\\ossproxy.exe"="c:\\windows \\system32\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\iMesh\\Client\\iMeshClient.exe"="C:\\Progra m Files\\iMesh\\Client\\iMeshClient.exe:*:Enabled:iM esh"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\MIJNPC~1\\LOCALS~1\\Temp\\services. exe"="C:\\DOCUME~1\\MIJNPC~1\\LOCALS~1\\Temp\\serv ices.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 24 Sep 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 10 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 24 Sep 2004 4,348 ...H. --- "C:\Documents and Settings\Mijn Pc\Mijn documenten\Mijn muziek\Back-up van licentie\drmv1key.bak"
Sun 2 Oct 2005 20 A..H. --- "C:\Documents and Settings\Mijn Pc\Mijn documenten\Mijn muziek\Back-up van licentie\drmv1lic.bak"
Sat 19 Feb 2005 400 A.SH. --- "C:\Documents and Settings\Mijn Pc\Mijn documenten\Mijn muziek\Back-up van licentie\drmv2key.bak"
Finished!

Nieuw hijackThislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:27, on 1/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 11720 bytes

**Juisterr** · 2 March 2008, 13:20

Hallo weer,

Ik zie nog steeds 2 actieve antivirusscanners.

te weten NOD32 en AVG.

Kies er 1 uit die je behouden wil en zet de andere op niet actief of verwijder hem.

Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):

Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven

C:\Windows\Temp
C:\Documents and Settings\<user>\Local Settings\Temp
C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files
C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5
<user> staat hier voor je profielnaam !!
Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

Maak je prullenbak leeg.

Run nogmaals de SD fix aub en plaats nieuwe logjes .

**boefke36** · 2 March 2008, 15:13

Hai,

Ik wil NOD32 verwijderen maar dit gaat niet via configuratiescherm/software staat niet meer in de lijst. Alles van dit virusprogramma wil ik verwijderen.

Gebruikt dit meer maar is blijkbaar toch een melding ???

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

Nieuw log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:37, on 2/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\MIJNPC~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mijn Pc\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095585643890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\NPM\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 12370 bytes

Discussie: denk dat pc besmet is

Discussietools

Discussie doorzoeken

Weergave

denk dat pc besmet is

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

PC besmet met Trojans

virus denk

een pop-up met de melding dat ik besmet ben met het W32.Myzor.FK@yf

ik denk een virus

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten