Mededeling

Collapse
No announcement yet.

vundo.AJ please help

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • vundo.AJ please help

    norman blijkt dit niet te kunnen verwijderen ik heb sinds dien bijna alle spyware programma's geprobeerd maar blijkt niet tehelpen. is het misschien verstandig om een andere virusscanner te nemen? Lokatie van de virus volgens norman: windows\system\khfefcd.dll
    maar dit kan soms veranderen windows\system\gebyw.dll kan iemand mij helpen met dit probleem.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:45:04, on 27-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Installed files\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9022 bytes
    Last edited by qemarbaz; 27-12-07, 18:01.

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Bedankt voor snelle reactie ik ga het proberen

      Comment


      • #4
        [12/27/2007, 18:48:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Negar joon\Bureaublad\VirtumundoBeGone.exe" )
        [12/27/2007, 18:49:06] - Detected System Information:
        [12/27/2007, 18:49:06] - Windows Version: 5.1.2600, Service Pack 2
        [12/27/2007, 18:49:06] - Current Username: Negar joon (Admin)
        [12/27/2007, 18:49:06] - Windows is in NORMAL mode.
        [12/27/2007, 18:49:06] - Searching for Browser Helper Objects:
        [12/27/2007, 18:49:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
        [12/27/2007, 18:49:06] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
        [12/27/2007, 18:49:06] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
        [12/27/2007, 18:49:06] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/27/2007, 18:49:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:06] - No filename found. Continuing.
        [12/27/2007, 18:49:06] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
        [12/27/2007, 18:49:06] - BHO 6: {C844B873-EC21-4845-BFA0-CDA23127EDCC} ()
        [12/27/2007, 18:49:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:06] - Checking for HKLM\...\Winlogon\Notify\gebyw
        [12/27/2007, 18:49:06] - Key not found: HKLM\...\Winlogon\Notify\gebyw, continuing.
        [12/27/2007, 18:49:06] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (gFlash Class)
        [12/27/2007, 18:49:06] - BHO 8: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} ()
        [12/27/2007, 18:49:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:06] - Checking for HKLM\...\Winlogon\Notify\khfefcd
        [12/27/2007, 18:49:06] - Found: HKLM\...\Winlogon\Notify\khfefcd - This is probably Virtumundo.
        [12/27/2007, 18:49:06] - Assigning {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} MSEvents Object
        [12/27/2007, 18:49:06] - BHO list has been changed! Starting over...
        [12/27/2007, 18:49:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
        [12/27/2007, 18:49:06] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
        [12/27/2007, 18:49:06] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
        [12/27/2007, 18:49:06] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/27/2007, 18:49:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:06] - No filename found. Continuing.
        [12/27/2007, 18:49:06] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
        [12/27/2007, 18:49:06] - BHO 6: {C844B873-EC21-4845-BFA0-CDA23127EDCC} ()
        [12/27/2007, 18:49:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:06] - Checking for HKLM\...\Winlogon\Notify\gebyw
        [12/27/2007, 18:49:06] - Key not found: HKLM\...\Winlogon\Notify\gebyw, continuing.
        [12/27/2007, 18:49:06] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (gFlash Class)
        [12/27/2007, 18:49:06] - BHO 8: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} (MSEvents Object)
        [12/27/2007, 18:49:06] - ALERT: Found MSEvents Object!
        [12/27/2007, 18:49:06] - Finished Searching Browser Helper Objects
        [12/27/2007, 18:49:06] - *** Detected MSEvents Object
        [12/27/2007, 18:49:06] - Trying to remove MSEvents Object...
        [12/27/2007, 18:49:07] - Terminating Process: IEXPLORE.EXE
        [12/27/2007, 18:49:08] - Terminating Process: RUNDLL32.EXE
        [12/27/2007, 18:49:09] - Disabling Automatic Shell Restart
        [12/27/2007, 18:49:09] - Terminating Process: EXPLORER.EXE
        [12/27/2007, 18:49:09] - Suspending the NT Session Manager System Service
        [12/27/2007, 18:49:09] - Terminating Windows NT Logon/Logoff Manager
        [12/27/2007, 18:49:09] - Re-enabling Automatic Shell Restart
        [12/27/2007, 18:49:09] - File to disable: C:\WINDOWS\system32\khfefcd.dll
        [12/27/2007, 18:49:09] - Renaming C:\WINDOWS\system32\khfefcd.dll -> C:\WINDOWS\system32\khfefcd.dll.vir
        [12/27/2007, 18:49:09] - File successfully renamed!
        [12/27/2007, 18:49:09] - Removing HKLM\...\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
        [12/27/2007, 18:49:09] - Removing HKCR\CLSID\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
        [12/27/2007, 18:49:09] - Adding Kill Bit for ActiveX for GUID: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
        [12/27/2007, 18:49:10] - Deleting ATLEvents/MSEvents Registry entries
        [12/27/2007, 18:49:10] - Removing HKLM\...\Winlogon\Notify\khfefcd
        [12/27/2007, 18:49:10] - Searching for Browser Helper Objects:
        [12/27/2007, 18:49:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
        [12/27/2007, 18:49:10] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
        [12/27/2007, 18:49:10] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
        [12/27/2007, 18:49:10] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/27/2007, 18:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:10] - No filename found. Continuing.
        [12/27/2007, 18:49:10] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
        [12/27/2007, 18:49:10] - BHO 6: {C844B873-EC21-4845-BFA0-CDA23127EDCC} ()
        [12/27/2007, 18:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/27/2007, 18:49:10] - Checking for HKLM\...\Winlogon\Notify\gebyw
        [12/27/2007, 18:49:10] - Key not found: HKLM\...\Winlogon\Notify\gebyw, continuing.
        [12/27/2007, 18:49:10] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (gFlash Class)
        [12/27/2007, 18:49:10] - Finished Searching Browser Helper Objects
        [12/27/2007, 18:49:10] - Finishing up...
        [12/27/2007, 18:49:10] - A restart is needed.
        [12/27/2007, 18:49:10] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
        [12/27/2007, 18:49:20] - Attempting to Restart via STOP error (Blue Screen!)

        Comment


        • #5
          Dit is van Rvaxo

          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\system32\khfefcd.dll.vir
          C:\WINDOWS\system32\pac.txt

          Uninstallers Rogue scanners:


          Folders Found:

          C:\Program Files\FunWebProducts
          C:\Program Files\MyWebSearch
          C:\WINDOWS\system32\ineWc01
          C:\Temp\1cb
          C:\Temp\tpBe12

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          Folders Found:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            Dit is van Combofix

            ComboFix 07-12-21.4 - Negar joon 2007-12-27 19:11:05.1 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.395 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Negar joon\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Log\2007 Dec 26 - 11_28_40 PM_009.log
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Log\2007 Dec 26 - 11_28_49 PM_041.log
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\rs.dat
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Settings\CustomScan.stg
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Settings\ScanResults.stg
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
            C:\Documents and Settings\Negar joon\Application Data\AntiSpywareBot\Settings\Settings.stg
            C:\Documents and Settings\Negar joon\Application Data\macromedia\Flash Player\#SharedObjects\B6YLB5X2\www.broadcaster.com
            C:\Documents and Settings\Negar joon\Application Data\macromedia\Flash Player\#SharedObjects\B6YLB5X2\www.broadcaster.com\played_list.sol
            C:\Documents and Settings\Negar joon\Application Data\macromedia\Flash Player\#SharedObjects\B6YLB5X2\www.broadcaster.com\video_queue.sol
            C:\Documents and Settings\Negar joon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
            C:\Documents and Settings\Negar joon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
            C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
            .

            2007-12-27 18:59 . 2007-12-27 18:59 <DIR> d-------- C:\RVAXO
            2007-12-27 18:57 . 2007-12-27 19:40 573,046 --a------ C:\WINDOWS\system32\RVAXO.bat
            2007-12-27 18:57 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2007-12-27 18:35 . 2007-12-27 18:35 <DIR> d-------- C:\Documents and Settings\Negar joon\DoctorWeb
            2007-12-27 00:29 . 2007-12-27 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2007-12-27 00:28 . 2007-12-27 00:28 <DIR> d-------- C:\Documents and Settings\Negar joon\Application Data\Grisoft
            2007-12-27 00:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
            2007-12-26 23:26 . 2007-12-26 23:26 <DIR> d-------- C:\VundoFix Backups
            2007-12-15 13:07 . 2007-12-15 13:07 <DIR> d-------- C:\Documents and Settings\Negar joon\Application Data\TrojanHunter
            2007-12-15 13:06 . 2007-12-15 21:14 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
            2007-12-15 12:37 . 2007-12-15 12:37 <DIR> d-------- C:\Program Files\Lavasoft
            2007-12-15 12:37 . 2007-12-15 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2007-12-15 12:36 . 2007-12-15 12:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2007-12-15 00:37 . 2007-12-27 11:04 <DIR> d-------- C:\Program Files\Router
            2007-12-13 23:24 . 2007-12-13 23:24 <DIR> d-------- C:\WINDOWS\system32\twdr
            2007-12-13 23:24 . 2007-12-13 23:24 <DIR> d-------- C:\WINDOWS\system32\rey2
            2007-12-13 23:24 . 2007-12-13 23:24 <DIR> d-------- C:\WINDOWS\system32\ref1
            2007-12-13 23:24 . 2007-12-27 18:57 <DIR> d-------- C:\Temp
            2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
            2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
            2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
            2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
            2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
            2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-27 17:35 --------- d-----w C:\Program Files\FlashGet
            2007-12-21 22:36 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\MindMapper 2008
            2007-12-15 15:21 --------- d-----w C:\Program Files\DivX
            2007-12-15 12:13 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
            2007-12-15 12:13 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
            2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
            2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
            2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
            2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
            2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
            2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
            2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
            2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
            2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
            2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
            2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
            2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
            2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
            2007-11-26 09:40 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\vlc
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-11-11 15:49 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\Nero
            2007-11-11 15:48 --------- d-----w C:\Program Files\Common Files\Nero
            2007-11-11 15:45 --------- d-----w C:\Program Files\Nero
            2007-11-11 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
            2007-11-11 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-11-11 15:17 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\InstallShield
            2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
            2007-10-26 12:24 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
            2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
            2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
            2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
            2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
            2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
            2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
            2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
            2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
            2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
            2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
            2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
            2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
            2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
            2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
            2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
            2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
            2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
            2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
            2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
            2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
            2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
            2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
            2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
            2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
            2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
            2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
            2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
            2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
            2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
            2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
            1999-04-06 16:19 99,840 -c--a-w C:\Program Files\Common Files\IRAABOUT.DLL
            1998-12-09 01:53 70,144 -c--a-w C:\Program Files\Common Files\IRAMDMTR.DLL
            1998-12-09 01:53 48,640 -c--a-w C:\Program Files\Common Files\IRALPTTR.DLL
            1998-12-09 01:53 31,744 -c--a-w C:\Program Files\Common Files\IRAWEBTR.DLL
            1998-12-09 01:53 186,368 -c--a-w C:\Program Files\Common Files\IRAREG.DLL
            1998-12-09 01:53 17,920 -c--a-w C:\Program Files\Common Files\IRASRIAL.DLL
            2007-07-13 16:59 56 --sh--r C:\WINDOWS\system32\1119DAD984.sys
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C844B873-EC21-4845-BFA0-CDA23127EDCC}]
            C:\WINDOWS\system32\gebyw.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
            "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
            "Router"="C:\Program Files\Router\Router.exe"

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
            "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
            "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
            "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
            "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
            "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
            "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
            "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16]
            "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40]
            "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 15:47]
            "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 15:44]
            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
            "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
            "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
            "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-12-15 13:10]
            "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-31 12:29]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
            Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-08 02:17:41]
            Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 17:20:18]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
            backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
            C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
            2006-02-09 23:34 106496 --a------ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesKwekker]
            2007-04-06 10:12 1588736 --a------ C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
            C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seek Bleh]
            C:\DOCUME~1\NEGARJ~1\APPLIC~1\BIKEGR~1\Internetmetasurf.exe

            R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
            R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 09:51]
            R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 09:50]
            R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 10:38]
            R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
            S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
            S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
            S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
            S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

            *Newly Created Service* - CATCHME
            *Newly Created Service* - PROCEXP90
            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-12-27 18:02:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
            - C:\Program Files\Windows Defender\MpCmdRun.exe
            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-27 19:14:30
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2007-12-27 19:15:02
            .
            2007-12-20 19:53:14 --- E O F ---

            Comment


            • #7
              Het probleem het probleem leek verholpen te zijn maar na een uurtje kreeg ik al weer een melding van norman maar dit keer:
              lokation: c:\system volume
              Trojan: W32/D Loader. ERBV
              Zou je me kunnen vertellen wat ik nu moet doen.
              Last edited by qemarbaz; 27-12-07, 20:31.

              Comment


              • #8
                Ik heb alles opnieuw uitgeprobeerd en kreeg dit als VBG tekst: en geen blauw scherm als de eerste keer.

                [12/27/2007, 20:50:02] - VirtumundoBeGone v1.5 ( "C:\Installed files\Vundo removers\VirtumundoBeGone.exe" )
                [12/27/2007, 20:50:04] - Detected System Information:
                [12/27/2007, 20:50:04] - Windows Version: 5.1.2600, Service Pack 2
                [12/27/2007, 20:50:04] - Current Username: Negar joon (Admin)
                [12/27/2007, 20:50:04] - Windows is in NORMAL mode.
                [12/27/2007, 20:50:04] - Searching for Browser Helper Objects:
                [12/27/2007, 20:50:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
                [12/27/2007, 20:50:04] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
                [12/27/2007, 20:50:04] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
                [12/27/2007, 20:50:04] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
                [12/27/2007, 20:50:04] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
                [12/27/2007, 20:50:04] - BHO 6: {C844B873-EC21-4845-BFA0-CDA23127EDCC} ()
                [12/27/2007, 20:50:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
                [12/27/2007, 20:50:04] - Checking for HKLM\...\Winlogon\Notify\gebyw
                [12/27/2007, 20:50:04] - Key not found: HKLM\...\Winlogon\Notify\gebyw, continuing.
                [12/27/2007, 20:50:04] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (gFlash Class)
                [12/27/2007, 20:50:04] - Finished Searching Browser Helper Objects
                [12/27/2007, 20:50:04] - Finishing up...
                [12/27/2007, 20:50:04] - Nothing found! Exiting...

                Bij RVAXO kreeg ik de onderstaande tekst

                ----------------RVAXO.exe first run-------------

                Files found:

                C:\WINDOWS\system32\khfefcd.dll.vir
                C:\WINDOWS\system32\pac.txt

                Uninstallers Rogue scanners:


                Folders Found:

                C:\Program Files\FunWebProducts
                C:\Program Files\MyWebSearch
                C:\WINDOWS\system32\ineWc01
                C:\Temp\1cb
                C:\Temp\tpBe12

                Hosts-file was reset, If you use a custom hosts file please replace it...

                --------------RVAXO.exe last run---------------

                Files found:

                Folders Found:

                --------------RVAXO.exe finished----------------

                En als laatst dit na uitvoeren van combofix

                ComboFix 07-12-21.4 - Negar joon 2007-12-27 20:56:30.2 - NTFSx86
                Gestart vanuit: C:\Installed files\Vundo removers\ComboFix.exe
                .

                (((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
                .

                2007-12-27 20:54 . 2007-12-27 20:54 <DIR> d-------- C:\RVAXO
                2007-12-27 20:54 . 2007-07-04 20:32 16,384 --a------ C:\WINDOWS\system32\Restart.exe
                2007-12-27 20:44 . 2007-12-27 20:44 <DIR> d-------- C:\Program Files\SpywareGuard
                2007-12-27 20:40 . 2007-12-27 20:40 <DIR> d-------- C:\Program Files\SpywareBlaster
                2007-12-27 18:57 . 2007-12-27 19:40 573,046 --a------ C:\WINDOWS\system32\RVAXO.bat
                2007-12-27 18:57 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
                2007-12-27 18:35 . 2007-12-27 18:35 <DIR> d-------- C:\Documents and Settings\Negar joon\DoctorWeb
                2007-12-27 00:29 . 2007-12-27 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                2007-12-27 00:28 . 2007-12-27 00:28 <DIR> d-------- C:\Documents and Settings\Negar joon\Application Data\Grisoft
                2007-12-27 00:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
                2007-12-26 23:26 . 2007-12-27 20:28 <DIR> d-------- C:\VundoFix Backups
                2007-12-15 13:07 . 2007-12-15 13:07 <DIR> d-------- C:\Documents and Settings\Negar joon\Application Data\TrojanHunter
                2007-12-15 13:06 . 2007-12-15 21:14 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
                2007-12-15 12:37 . 2007-12-15 12:37 <DIR> d-------- C:\Program Files\Lavasoft
                2007-12-15 12:37 . 2007-12-15 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                2007-12-15 12:36 . 2007-12-15 12:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                2007-12-15 00:37 . 2007-12-27 11:04 <DIR> d-------- C:\Program Files\Router
                2007-12-13 23:24 . 2007-12-13 23:24 <DIR> d-------- C:\WINDOWS\system32\twdr
                2007-12-13 23:24 . 2007-12-13 23:24 <DIR> d-------- C:\WINDOWS\system32\rey2
                2007-12-13 23:24 . 2007-12-13 23:24 <DIR> d-------- C:\WINDOWS\system32\ref1
                2007-12-13 23:24 . 2007-12-27 18:57 <DIR> d-------- C:\Temp
                2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
                2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
                2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
                2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
                2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
                2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2007-12-27 17:35 --------- d-----w C:\Program Files\FlashGet
                2007-12-21 22:36 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\MindMapper 2008
                2007-12-15 15:21 --------- d-----w C:\Program Files\DivX
                2007-12-15 12:13 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
                2007-12-15 12:13 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
                2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
                2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
                2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
                2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
                2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
                2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
                2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
                2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
                Last edited by qemarbaz; 27-12-07, 21:02.

                Comment


                • #9
                  Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

                  Download de bijlage: CFScript.txt

                  Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                  Dit zal ComboFix doen herstarten.
                  Start opnieuw op als daarom gevraagd wordt,
                  en post de inhoud van de Combofix.txt in je volgende antwoord.
                  Post ook een nieuw logje van Hijackthis
                  Bijgevoegde Bestanden

                  Comment


                  • #10
                    Ik heb voor de zekerheid windows herstel uitgezet.
                    Log Combofix zoals gevraagd


                    ComboFix 07-12-21.4 - Negar joon 2007-12-28 12:14:39.5 - NTFSx86
                    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.349 [GMT 1:00]
                    Gestart vanuit: C:\Installed files\Vundo removers\ComboFix.exe
                    Command switches used :: C:\Installed files\Vundo removers\cfscript.txt
                    * Nieuw herstelpunt werd aangemaakt
                    .

                    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                    .

                    C:\DOCUME~1\NEGARJ~1\APPLIC~1\BIKEGR~1
                    C:\VundoFix Backups
                    C:\VundoFix Backups\wybeg.bak1.bad
                    C:\VundoFix Backups\wybeg.ini.bad
                    C:\WINDOWS\system32\ref1
                    C:\WINDOWS\system32\rey2
                    C:\WINDOWS\system32\twdr

                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
                    .

                    2007-12-27 20:44 . 2007-12-27 20:44 <DIR> d-------- C:\Program Files\SpywareGuard
                    2007-12-27 20:40 . 2007-12-27 20:40 <DIR> d-------- C:\Program Files\SpywareBlaster
                    2007-12-27 18:35 . 2007-12-27 22:39 <DIR> d-------- C:\Documents and Settings\Negar joon\DoctorWeb
                    2007-12-27 00:29 . 2007-12-27 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                    2007-12-27 00:28 . 2007-12-27 00:28 <DIR> d-------- C:\Documents and Settings\Negar joon\Application Data\Grisoft
                    2007-12-27 00:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
                    2007-12-15 13:07 . 2007-12-15 13:07 <DIR> d-------- C:\Documents and Settings\Negar joon\Application Data\TrojanHunter
                    2007-12-15 13:06 . 2007-12-15 21:14 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
                    2007-12-15 12:37 . 2007-12-15 12:37 <DIR> d-------- C:\Program Files\Lavasoft
                    2007-12-15 12:37 . 2007-12-15 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                    2007-12-15 12:36 . 2007-12-15 12:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                    2007-12-13 23:24 . 2007-12-27 18:57 <DIR> d-------- C:\Temp
                    2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
                    2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
                    2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
                    2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
                    2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
                    2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2007-12-27 22:18 --------- d-----w C:\Program Files\FlashGet
                    2007-12-21 22:36 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\MindMapper 2008
                    2007-12-15 15:21 --------- d-----w C:\Program Files\DivX
                    2007-12-15 12:13 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
                    2007-12-15 12:13 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
                    2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
                    2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
                    2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
                    2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
                    2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
                    2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
                    2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
                    2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
                    2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
                    2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
                    2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
                    2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
                    2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
                    2007-11-26 09:40 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\vlc
                    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                    2007-11-11 15:49 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\Nero
                    2007-11-11 15:48 --------- d-----w C:\Program Files\Common Files\Nero
                    2007-11-11 15:45 --------- d-----w C:\Program Files\Nero
                    2007-11-11 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
                    2007-11-11 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
                    2007-11-11 15:17 --------- d-----w C:\Documents and Settings\Negar joon\Application Data\InstallShield
                    2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                    2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                    2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                    2007-10-26 12:24 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                    2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
                    2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
                    2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
                    2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
                    2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
                    2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
                    2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                    2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                    2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                    2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
                    2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                    2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
                    2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
                    2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                    2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
                    2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                    2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
                    2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
                    2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
                    2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
                    2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
                    2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
                    2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
                    2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
                    2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
                    2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
                    2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                    2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                    2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                    1999-04-06 16:19 99,840 -c--a-w C:\Program Files\Common Files\IRAABOUT.DLL
                    1998-12-09 01:53 70,144 -c--a-w C:\Program Files\Common Files\IRAMDMTR.DLL
                    1998-12-09 01:53 48,640 -c--a-w C:\Program Files\Common Files\IRALPTTR.DLL
                    1998-12-09 01:53 31,744 -c--a-w C:\Program Files\Common Files\IRAWEBTR.DLL
                    1998-12-09 01:53 186,368 -c--a-w C:\Program Files\Common Files\IRAREG.DLL
                    1998-12-09 01:53 17,920 -c--a-w C:\Program Files\Common Files\IRASRIAL.DLL
                    2007-07-13 16:59 56 --sh--r C:\WINDOWS\system32\1119DAD984.sys
                    .

                    ((((((((((((((((((((((((((((( [email protected]_19.14.35.09 )))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
                    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
                    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
                    "Router"="C:\Program Files\Router\Router.exe"

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
                    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
                    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
                    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
                    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
                    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
                    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
                    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
                    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16]
                    "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40]
                    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 15:47]
                    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 15:44]
                    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
                    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
                    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
                    "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-12-15 13:10]
                    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-31 12:29]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

                    C:\Documents and Settings\Negar joon\Menu Start\Programma's\Opstarten\
                    SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

                    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
                    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-08 02:17:41]
                    Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 17:20:18]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
                    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
                    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
                    C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
                    2006-02-09 23:34 106496 --a------ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesKwekker]
                    2007-04-06 10:12 1588736 --a------ C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
                    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

                    R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
                    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 09:51]
                    R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 09:50]
                    R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 10:38]
                    R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
                    S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
                    S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
                    S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
                    S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2007-12-28 10:42:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                    - C:\Program Files\Windows Defender\MpCmdRun.exe
                    .
                    **************************************************************************

                    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2007-12-28 12:17:30
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    Voltooingstijd: 2007-12-28 12:18:11
                    C:\ComboFix2.txt ... 2007-12-28 11:49
                    C:\ComboFix3.txt ... 2007-12-27 23:27
                    .
                    2007-12-28 10:42:49 --- E O F ---

                    Log Hijackthis

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 12:20:43, on 28-12-2007
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\csrss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Windows Defender\MsMpEng.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
                    C:\Norman\Npm\bin\ELOGSVC.EXE
                    C:\Norman\Npm\Bin\Zanda.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
                    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Canon\CAL\CALMAIN.exe
                    C:\Norman\Npm\bin\NJEEVES.EXE
                    C:\WINDOWS\System32\alg.exe
                    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                    C:\WINDOWS\stsystra.exe
                    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    C:\Program Files\Dell\QuickSet\quickset.exe
                    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                    C:\WINDOWS\system32\wbem\wmiprvse.exe
                    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                    C:\Norman\Npm\bin\ZLH.EXE
                    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
                    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
                    C:\Program Files\Windows Defender\MSASCui.exe
                    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
                    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\NetWaiting\netWaiting.exe
                    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
                    C:\Program Files\Digital Line Detect\DLG.exe
                    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                    C:\Program Files\SpywareGuard\sgmain.exe
                    C:\Program Files\SpywareGuard\sgbhp.exe
                    C:\Program Files\MSN Messenger\msnmsgr.exe
                    C:\Norman\Nvc\BIN\NIP.EXE
                    C:\Norman\Nvc\bin\nvcoas.exe
                    C:\Norman\Nvc\BIN\NVCSCHED.EXE
                    C:\Norman\Nvc\bin\cclaw.exe
                    C:\Program Files\MSN Messenger\usnsvc.exe
                    C:\Program Files\Mozilla Firefox\firefox.exe
                    C:\WINDOWS\explorer.exe
                    C:\WINDOWS\system32\notepad.exe
                    C:\Installed files\hijackthis\HijackThis.exe
                    C:\WINDOWS\system32\wbem\wmiprvse.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
                    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
                    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
                    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
                    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
                    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
                    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
                    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
                    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
                    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
                    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
                    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
                    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: Digital Line Detect.lnk = ?
                    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
                    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
                    O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
                    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
                    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
                    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
                    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
                    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
                    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
                    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

                    --
                    End of file - 10037 bytes

                    Dit is trouwens log van Docter web csv het had iets 6 virusen gevonden en die zijn verplaatst. Als je systeem herstel uitzet start het bij opstarten zich automatisch opnieuw aan of moet ik het weer aan zetten. ik heb zonet gecheckt maar ik kon het alleen uitschakelen er was geen knopje om het in te schakelen.?

                    RVAXO3;C:\Installed files\Vundo removers\RVAXO;Tool.ShutDown.11;Niet repareerbaar.Verplaatst.;
                    UnInstall.exe;C:\Program Files\Router;Trojan.Rond.origin;Niet repareerbaar.Verplaatst.;
                    A0019110.exe;C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP254;Trojan.DownLoader.36408;Verwijderd.;
                    A0020903.exe;C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP267;Tool.ShutDown.11;Ongeldige bestandslokatie voor bestand ;
                    A0020989.exe;C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP268;Trojan.Rond.origin;Niet repareerbaar.Verplaatst.;
                    Restart.exe;C:\WINDOWS\system32;Tool.ShutDown.11;Niet repareerbaar.Verplaatst.;
                    Last edited by qemarbaz; 28-12-07, 12:34.

                    Comment


                    • #11
                      Verwijder de volgende map:
                      C:\Qoobox

                      Maak dan je prullenbak leeg.

                      Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                      Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                      • Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
                      • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                      • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                      • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                      • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                      • Herhaal dit tot alle oudere versies verdwenen zijn.
                      • Na het verwijderen van alle oudere versies, herstart je pc.
                      • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Ga naar Start - Uitvoeren en geef hier het volgende in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op: Er moet een spatie tussen Combofix en /U zitten.

                      Dit zal Combofix de&#239;nstalleren.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Meld of er nog problemen zijn
                      Last edited by smeenk; 28-12-07, 16:25.

                      Comment


                      • #12
                        Bedankt voor alles. ik heb al de hele dag geen melding gehad van de virus.

                        Nog een fijne jaarwisseling

                        Comment


                        • #13
                          Graag gedaan hoor

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X