Mededeling

Collapse
No announcement yet.

Virus w32/DLoader.EWRG

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Virus w32/DLoader.EWRG

    Heej, ik heb steeds een melding van Norman C:\Windows\system32\qomnmjk.dll met de Virus w32/Dloader.ewrg

    Ik wil er vanaf!! Wie weet een oplossing...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:17:13, on 8-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\zanda.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Norman\Npm\bin\ZLH.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\qomnmjk.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: qomnmjk - C:\WINDOWS\SYSTEM32\qomnmjk.dll
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

    --
    End of file - 5324 bytes
    Last edited by NickNickNick; 08-01-08, 16:43.
    It was wrote by NickNickNick
    Labels: Geen
    • Citaat
  • #2
    Ga naar deze website: http://www.virustotal.com/en/indexf.html
    Laat volgend bestandje scannen: C:\WINDOWS\system32\routing.exe

    Post het resultaat van de scan.


    Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Code:
    sc delete perfmons
sc delete Routing
    Dubbelklik op fix.bat.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    • Citaat

    Comment

    • #3
      Bedankt voor de snelle reactie!! Hier wat je vroeg.

      Antivirus Versie Laatst geüpdatet Resultaat
      AhnLab-V3 - - -
      AntiVir - - -
      Authentium - - -
      Avast - - -
      AVG - - -
      BitDefender - - -
      CAT-QuickHeal - - -
      ClamAV - - -
      DrWeb - - -
      eSafe - - -
      eTrust-Vet - - -
      Ewido - - -
      FileAdvisor - - -
      Fortinet - - -
      F-Prot - - -
      F-Secure - - -
      Ikarus - - -
      Kaspersky - - -
      McAfee - - -
      Microsoft - - -
      NOD32v2 - - -
      Norman - - -
      Panda - - -
      Prevx1 - - Generic.Rootkit
      Rising - - -
      Sophos - - -
      Sunbelt - - -
      Symantec - - -
      TheHacker - - -
      VBA32 - - suspected of Backdoor.XiaoBird.150 (paranoid heuristics)
      VirusBuster - - -
      Webwasher-Gateway - - -


      ComboFix 08-01-09.2 - Nick 2008-01-09 15:59:34.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.160 [GMT 0:00]
      Gestart vanuit: C:\Documents and Settings\Nick\Bureaublad\ComboFix.exe
      Command switches used :: and Settings\Nick\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\jkklj.dll
      C:\WINDOWS\system32\jlkkj.ini
      C:\WINDOWS\system32\jlkkj.ini2

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
      .

      2008-01-09 15:48 . <DIR> C:\WINDOWS\LastGood.Tmp
      2008-01-08 21:28 . 2008-01-08 21:28 <DIR> d-------- C:\Program Files\Lavasoft
      2008-01-08 21:28 . 2008-01-08 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-08 19:22 . 2008-01-08 19:22 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-01-08 17:35 . 2008-01-08 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
      2008-01-07 21:11 . 2008-01-08 19:52 1,355 --a------ C:\WINDOWS\imsins.BAK
      2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-07 19:38 . 2008-01-07 20:03 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\uTorrent
      2008-01-07 19:08 . 2008-01-08 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-07 17:30 . 2008-01-07 17:30 63 --a------ C:\WINDOWS\system\SysSD.dll
      2008-01-06 20:39 . 2008-01-06 20:39 40,960 --a------ C:\WINDOWS\system32\qomnmjk.dll
      2008-01-06 19:07 . 2008-01-06 19:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-01-06 18:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-06 15:40 . 2008-01-06 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
      2008-01-06 15:07 . 2008-01-06 15:07 253,440 --a------ C:\WINDOWS\system32\ndt2.sys
      2008-01-06 15:07 . 2008-01-06 15:07 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
      2008-01-06 15:07 . 2008-01-06 15:07 32,256 --a------ C:\WINDOWS\system32\routing.exe
      2008-01-06 15:07 . 2008-01-06 15:07 40 --a------ C:\WINDOWS\system32\drmgs.sys
      2008-01-06 11:31 . 2008-01-06 11:31 <DIR> dr-h----- C:\Documents and Settings\Rian\Onlangs geopend
      2008-01-06 10:02 . 2008-01-05 23:48 520,192 ---h----- C:\WINDOWS\system\Update.exe
      2008-01-05 19:49 . 2008-01-05 19:49 <DIR> d-------- C:\Program Files\MSN Messenger
      2008-01-05 19:33 . 2008-01-09 07:08 <DIR> dr-h----- C:\Documents and Settings\Nick\Onlangs geopend
      2008-01-05 15:11 . 2008-01-05 15:12 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
      2008-01-05 15:01 . 2008-01-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-01-02 10:43 . 2007-01-09 07:57 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Licence Folder
      2008-01-02 09:37 . 2005-05-05 20:50 151,552 --------- C:\WINDOWS\system32\pxwma.dll
      2008-01-02 09:11 . 2008-01-02 09:14 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\DivX
      2008-01-02 09:08 . 2007-12-09 18:28 31,232 --a------ C:\WINDOWS\system\vdremote.dll
      2008-01-02 09:08 . 2007-12-09 18:28 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
      2008-01-01 21:54 . 2001-09-17 13:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
      2008-01-01 17:56 . 2000-04-01 05:35 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
      2008-01-01 17:56 . 2000-04-01 05:35 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
      2008-01-01 17:56 . 2000-04-01 04:11 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
      2008-01-01 17:56 . 2000-04-26 19:48 240,400 --a------ C:\WINDOWS\system32\DivX_c32.ax
      2007-12-31 09:08 . 2007-12-31 09:08 <DIR> d-------- C:\Documents and Settings\Nick\Contacts
      2007-12-26 12:41 . 2007-12-27 16:32 <DIR> d-------- C:\Documents and Settings\Nick\Tracing
      2007-12-25 20:57 . 2006-01-28 10:27 <DIR> d--h----- C:\Documents and Settings\Nick\Sjablonen
      2007-12-25 20:57 . 2006-01-28 11:01 <DIR> d--h----- C:\Documents and Settings\Nick\Netwerkprinteromgeving
      2007-12-25 20:57 . 2008-01-09 15:54 <DIR> dr------- C:\Documents and Settings\Nick\Mijn documenten
      2007-12-25 20:57 . 2006-01-28 11:01 <DIR> dr------- C:\Documents and Settings\Nick\Menu Start
      2007-12-25 20:57 . 2008-01-09 15:55 <DIR> dr------- C:\Documents and Settings\Nick\Favorieten
      2007-12-25 20:57 . 2008-01-09 15:56 <DIR> d-------- C:\Documents and Settings\Nick\Bureaublad
      2007-12-25 18:12 . 2007-12-25 18:12 493,738 --a------ C:\WINDOWS\system32\prfh0413.dat
      2007-12-25 18:12 . 2007-12-25 18:12 94,694 --a------ C:\WINDOWS\system32\prfc0413.dat
      2007-12-25 09:43 . 2007-12-25 09:43 7,168 --ahs---- C:\WINDOWS\Thumbs.db
      2007-12-22 10:56 . 2007-12-22 10:56 <DIR> d-------- C:\Documents and Settings\Rian\Tracing
      2007-12-22 08:15 . 2006-01-28 10:27 <DIR> d--h----- C:\Documents and Settings\Rian\Sjablonen
      2007-12-22 08:15 . 2006-01-28 11:01 <DIR> d--h----- C:\Documents and Settings\Rian\Netwerkprinteromgeving
      2007-12-22 08:15 . 2007-12-31 16:52 <DIR> dr------- C:\Documents and Settings\Rian\Mijn documenten
      2007-12-22 08:15 . 2006-01-28 11:01 <DIR> dr------- C:\Documents and Settings\Rian\Menu Start
      2007-12-22 08:15 . 2007-12-22 08:16 <DIR> dr------- C:\Documents and Settings\Rian\Favorieten
      2007-12-22 08:15 . 2008-01-06 15:49 <DIR> d-------- C:\Documents and Settings\Rian\Bureaublad
      2007-12-21 19:18 . 2007-12-21 19:18 76,214 --a------ C:\WINDOWS\Icon_4.ico
      2007-12-20 12:20 . 2008-01-07 18:47 <DIR> d-------- C:\Temp
      2007-12-16 16:44 . 2007-03-29 13:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
      2007-12-16 16:44 . 2007-03-29 13:01 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
      2007-12-16 16:35 . 2007-12-17 13:45 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
      2007-12-16 16:29 . 2007-12-16 16:29 481 --a------ C:\WINDOWS\ipwatch.ini
      2007-12-15 12:27 . 2007-12-15 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
      2007-12-13 19:47 . 2003-06-25 15:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
      2007-12-13 19:47 . 2002-06-21 14:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
      2007-12-12 06:42 . 2004-08-04 09:03 299,008 --a------ C:\WINDOWS\system32\msh263.drv
      2007-12-10 17:09 . 2007-12-10 17:09 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
      2007-12-10 17:09 . 2007-12-10 17:09 <DIR> d--h----- C:\Program Files\CanonBJ
      2007-12-10 17:09 . 2007-12-10 17:09 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
      2007-12-10 15:08 . 2003-05-14 20:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
      2007-12-09 13:37 . 2007-12-09 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-09 16:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-08 21:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-04 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-29 12:28 720,896 -c--a-w C:\WINDOWS\iun6002.exe
      2007-12-25 09:44 --------- d-----w C:\Program Files\Windows Media Connect 2
      2007-12-22 18:01 --------- d-----w C:\Program Files\MSECache
      2007-12-18 19:07 --------- d-----w C:\Program Files\Java
      2007-12-17 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-12-11 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2007-12-10 14:09 --------- d-----w C:\Program Files\Common Files\Adobe
      2007-12-10 14:07 --------- d-----w C:\Program Files\Canon
      2007-12-07 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
      2007-12-06 16:37 --------- d-----w C:\Program Files\Windows Messaging
      2007-12-01 13:44 --------- d-----w C:\Program Files\Teach2000
      2007-11-30 04:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe
      2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
      2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
      2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-11-27 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
      2007-11-19 17:54 757,760 -c--a-w C:\WINDOWS\system32\NTSpool.exe
      2007-11-17 17:10 25,992 -c--a-w C:\WINDOWS\system32\pgdfgsvc.exe
      2007-11-17 15:40 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector
      2007-11-17 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2007-11-17 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
      2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-13 06:26 --------- d-----w C:\Program Files\MSXML 6.0
      2007-11-13 06:23 --------- d-----w C:\Program Files\MSBuild
      2007-11-13 06:16 --------- d-----w C:\Program Files\Reference Assemblies
      2007-11-11 11:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:45 1,291,776 -c--a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 09:26 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe
      2007-10-25 08:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
      2007-08-15 16:26 595 -csh--w C:\WINDOWS\system32\lbuvvltr.ini2
      2007-09-06 12:57 725,282 -csh--w C:\WINDOWS\system32\orutv.bak2
      2007-09-06 13:28 716,434 -csh--w C:\WINDOWS\system32\orutv.ini2
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}]
      2008-01-06 20:39 40960 --a------ C:\WINDOWS\system32\qomnmjk.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:03 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:03 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveSearch"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDeletePrinter"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
      "NTSpool"= NTSpool.exe

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}"= C:\WINDOWS\system32\qomnmjk.dll [2008-01-06 20:39 40960]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmjk]
      qomnmjk.dll 2008-01-06 20:39 40960 C:\WINDOWS\system32\qomnmjk.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ViOrb.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^Nick.PC-HUITEMA^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^Nick.PC-HUITEMA^Menu Start^Programma's^Opstarten^UserPicture.bmp]
      backup=C:\WINDOWS\pss\UserPicture.bmpStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^AbsoluteShield Track Eraser.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
      path=C:\Documents and Settings\Nick\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
      backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^OneNote-inhoudsopgave.onetoc2]
      backup=C:\WINDOWS\pss\OneNote-inhoudsopgave.onetoc2Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^ViOrb.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j0251430]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
      --a--c--- 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
      C:\Program Files\PrevxCSI\prevxcsi.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
      C:\WINDOWS\mrofinu1044.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
      --a--c--- 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
      C:\Program Files\Unlocker\UnlockerAssistant.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesktop]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]
      --a------ 2007-11-30 04:56 329029 C:\WINDOWS\system32\viwc.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallAgent]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows&#160;Updates]
      ---h----- 2008-01-05 23:48 520192 c:\windows\system\Update.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Nero BackItUp Scheduler 3"=2 (0x2)
      "aawservice"=2 (0x2)
      "idsvc"=3 (0x3)
      "usnjsvc"=3 (0x3)
      "winss"=2 (0x2)
      "SoundMAX Agent Service (default)"=2 (0x2)
      "ose"=2 (0x2)
      "odserv"=3 (0x3)
      "Microsoft Office Groove Audit Service"=3 (0x3)
      "iPod Service"=3 (0x3)
      "IDriverT"=3 (0x3)
      "MSIServer"=3 (0x3)
      "FontCache3.0.0.0"=2 (0x2)
      "CiSvc"=3 (0x3)
      "WMPNetworkSvc"=2 (0x2)
      "SCardDrv"=3 (0x3)

      R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 08:55]
      R2 nvcoas;Norman Virus Control on-access component;"C:\Norman\Nvc\bin\nvcoas.exe" [2007-07-12 09:38]
      R2 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 11:23]
      R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 20:04]
      R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 08:50]
      S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 10:24]
      S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2002-05-02 11:07]
      S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 13:25]
      S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 13:25]
      S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 13:25]
      S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 13:25]
      S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-05 15:12]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-09 16:08:45
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\qomnmjk.dll
      .
      Voltooingstijd: 2008-01-09 16:12:01 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-09 16:11:54
      .
      2008-01-07 21:12:08 --- E O F ---


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:15:46, on 9-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Norman\Npm\bin\ELOGSVC.EXE
      C:\Norman\Npm\Bin\zanda.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Norman\Npm\bin\NJEEVES.EXE
      C:\Norman\Nvc\bin\nvcoas.exe
      C:\Norman\Nvc\BIN\NVCSCHED.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\qomnmjk.dll
      O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
      O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O20 - Winlogon Notify: qomnmjk - C:\WINDOWS\SYSTEM32\qomnmjk.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
      O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
      O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
      O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
      O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

      --
      End of file - 4719 bytes
      It was wrote by NickNickNick
      • Citaat

      Comment

      • #4
        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        File::
C:\WINDOWS\system32\qomnmjk.dll
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini2
c:\windows\system\Update.exe
C:\WINDOWS\system32\NTSpool.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmjk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updates]
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile samen met een nieuwe hijackthislog.
        • Citaat

        Comment

        • #5
          Bedankt voor de reactie Marckie!!

          Hier de logjes!

          ComboFix 08-01-09.2 - Nick 2008-01-09 16:43:06.3 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.141 [GMT 0:00]
          Gestart vanuit: C:\Documents and Settings\Nick\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Nick\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          c:\windows\system\Update.exe
          C:\WINDOWS\system32\drmgs.sys
          C:\WINDOWS\system32\Indt2.sys
          C:\WINDOWS\system32\ndt2.sys
          C:\WINDOWS\system32\NTSpool.exe
          C:\WINDOWS\system32\orutv.bak2
          C:\WINDOWS\system32\orutv.ini2
          C:\WINDOWS\system32\qomnmjk.dll
          C:\WINDOWS\system32\routing.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\windows\system\Update.exe
          C:\WINDOWS\system32\drmgs.sys
          C:\WINDOWS\system32\Indt2.sys
          C:\WINDOWS\system32\ndt2.sys
          C:\WINDOWS\system32\NTSpool.exe
          C:\WINDOWS\system32\orutv.bak2
          C:\WINDOWS\system32\orutv.ini2
          C:\WINDOWS\system32\qomnmjk.dll
          C:\WINDOWS\system32\routing.exe

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
          .

          2008-01-08 21:28 . 2008-01-08 21:28 <DIR> d-------- C:\Program Files\Lavasoft
          2008-01-08 21:28 . 2008-01-08 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-08 19:22 . 2008-01-08 19:22 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-01-08 17:35 . 2008-01-08 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
          2008-01-07 21:11 . 2008-01-08 19:52 1,355 --a------ C:\WINDOWS\imsins.BAK
          2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-07 19:38 . 2008-01-07 20:03 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\uTorrent
          2008-01-07 19:08 . 2008-01-08 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-07 17:30 . 2008-01-07 17:30 63 --a------ C:\WINDOWS\system\SysSD.dll
          2008-01-06 19:07 . 2008-01-06 19:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
          2008-01-06 18:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-06 15:40 . 2008-01-06 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
          2008-01-06 11:31 . 2008-01-06 11:31 <DIR> dr-h----- C:\Documents and Settings\Rian\Onlangs geopend
          2008-01-05 19:49 . 2008-01-05 19:49 <DIR> d-------- C:\Program Files\MSN Messenger
          2008-01-05 19:33 . 2008-01-09 07:08 <DIR> dr-h----- C:\Documents and Settings\Nick\Onlangs geopend
          2008-01-05 15:11 . 2008-01-05 15:12 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
          2008-01-05 15:01 . 2008-01-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2008-01-02 10:43 . 2007-01-09 07:57 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Licence Folder
          2008-01-02 09:37 . 2005-05-05 20:50 151,552 --------- C:\WINDOWS\system32\pxwma.dll
          2008-01-02 09:11 . 2008-01-02 09:14 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\DivX
          2008-01-02 09:08 . 2007-12-09 18:28 31,232 --a------ C:\WINDOWS\system\vdremote.dll
          2008-01-02 09:08 . 2007-12-09 18:28 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
          2008-01-01 21:54 . 2001-09-17 13:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
          2008-01-01 17:56 . 2000-04-01 05:35 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
          2008-01-01 17:56 . 2000-04-01 05:35 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
          2008-01-01 17:56 . 2000-04-01 04:11 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
          2008-01-01 17:56 . 2000-04-26 19:48 240,400 --a------ C:\WINDOWS\system32\DivX_c32.ax
          2007-12-31 09:08 . 2007-12-31 09:08 <DIR> d-------- C:\Documents and Settings\Nick\Contacts
          2007-12-26 12:41 . 2007-12-27 16:32 <DIR> d-------- C:\Documents and Settings\Nick\Tracing
          2007-12-25 20:57 . 2006-01-28 10:27 <DIR> d--h----- C:\Documents and Settings\Nick\Sjablonen
          2007-12-25 20:57 . 2006-01-28 11:01 <DIR> d--h----- C:\Documents and Settings\Nick\Netwerkprinteromgeving
          2007-12-25 20:57 . 2008-01-09 16:41 <DIR> dr------- C:\Documents and Settings\Nick\Mijn documenten
          2007-12-25 20:57 . 2006-01-28 11:01 <DIR> dr------- C:\Documents and Settings\Nick\Menu Start
          2007-12-25 20:57 . 2008-01-09 15:55 <DIR> dr------- C:\Documents and Settings\Nick\Favorieten
          2007-12-25 20:57 . 2008-01-09 16:51 <DIR> d-------- C:\Documents and Settings\Nick\Bureaublad
          2007-12-25 18:12 . 2007-12-25 18:12 493,738 --a------ C:\WINDOWS\system32\prfh0413.dat
          2007-12-25 18:12 . 2007-12-25 18:12 94,694 --a------ C:\WINDOWS\system32\prfc0413.dat
          2007-12-25 09:43 . 2007-12-25 09:43 7,168 --ahs---- C:\WINDOWS\Thumbs.db
          2007-12-22 10:56 . 2007-12-22 10:56 <DIR> d-------- C:\Documents and Settings\Rian\Tracing
          2007-12-22 08:15 . 2006-01-28 10:27 <DIR> d--h----- C:\Documents and Settings\Rian\Sjablonen
          2007-12-22 08:15 . 2006-01-28 11:01 <DIR> d--h----- C:\Documents and Settings\Rian\Netwerkprinteromgeving
          2007-12-22 08:15 . 2007-12-31 16:52 <DIR> dr------- C:\Documents and Settings\Rian\Mijn documenten
          2007-12-22 08:15 . 2006-01-28 11:01 <DIR> dr------- C:\Documents and Settings\Rian\Menu Start
          2007-12-22 08:15 . 2007-12-22 08:16 <DIR> dr------- C:\Documents and Settings\Rian\Favorieten
          2007-12-22 08:15 . 2008-01-06 15:49 <DIR> d-------- C:\Documents and Settings\Rian\Bureaublad
          2007-12-21 19:18 . 2007-12-21 19:18 76,214 --a------ C:\WINDOWS\Icon_4.ico
          2007-12-20 12:20 . 2008-01-07 18:47 <DIR> d-------- C:\Temp
          2007-12-16 16:44 . 2007-03-29 13:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
          2007-12-16 16:44 . 2007-03-29 13:01 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
          2007-12-16 16:35 . 2007-12-17 13:45 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
          2007-12-16 16:29 . 2007-12-16 16:29 481 --a------ C:\WINDOWS\ipwatch.ini
          2007-12-15 12:27 . 2007-12-15 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
          2007-12-13 19:47 . 2003-06-25 15:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
          2007-12-13 19:47 . 2002-06-21 14:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
          2007-12-12 06:42 . 2004-08-04 09:03 299,008 --a------ C:\WINDOWS\system32\msh263.drv
          2007-12-10 17:09 . 2007-12-10 17:09 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
          2007-12-10 17:09 . 2007-12-10 17:09 <DIR> d--h----- C:\Program Files\CanonBJ
          2007-12-10 17:09 . 2007-12-10 17:09 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
          2007-12-10 15:08 . 2003-05-14 20:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
          2007-12-09 13:37 . 2007-12-09 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-09 16:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-08 21:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-04 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-29 12:28 720,896 -c--a-w C:\WINDOWS\iun6002.exe
          2007-12-25 09:44 --------- d-----w C:\Program Files\Windows Media Connect 2
          2007-12-22 18:01 --------- d-----w C:\Program Files\MSECache
          2007-12-18 19:07 --------- d-----w C:\Program Files\Java
          2007-12-17 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-12-11 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2007-12-10 14:09 --------- d-----w C:\Program Files\Common Files\Adobe
          2007-12-10 14:07 --------- d-----w C:\Program Files\Canon
          2007-12-07 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
          2007-12-06 16:37 --------- d-----w C:\Program Files\Windows Messaging
          2007-12-01 13:44 --------- d-----w C:\Program Files\Teach2000
          2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
          2007-11-27 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
          2007-11-17 15:40 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector
          2007-11-17 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
          2007-11-17 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
          2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-13 06:26 --------- d-----w C:\Program Files\MSXML 6.0
          2007-11-13 06:23 --------- d-----w C:\Program Files\MSBuild
          2007-11-13 06:16 --------- d-----w C:\Program Files\Reference Assemblies
          2007-11-11 11:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2007-10-25 09:26 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe
          2007-08-15 16:26 595 -csh--w C:\WINDOWS\system32\lbuvvltr.ini2
          .

          ((((((((((((((((((((((((((((( [email protected]_16.11.06.76 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-09 15:57:55 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-09 16:42:25 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          - 2008-01-09 15:57:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-09 16:42:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          - 2008-01-09 15:57:55 3,108,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
          + 2008-01-09 16:42:25 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          - 2008-01-09 15:57:56 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-09 16:42:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          - 2008-01-09 15:57:56 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-09 16:42:25 3,108,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
          - 2008-01-09 15:57:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-09 16:42:25 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:03 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:03 15360]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "NoResolveSearch"= 1 (0x1)

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
          "NoDeletePrinter"= 1 (0x1)
          "NoResolveTrack"= 1 (0x1)

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ViOrb.lnk]

          [HKLM\~\startupfolder\C:^Documents and Settings^Nick.PC-HUITEMA^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]

          [HKLM\~\startupfolder\C:^Documents and Settings^Nick.PC-HUITEMA^Menu Start^Programma's^Opstarten^UserPicture.bmp]
          backup=C:\WINDOWS\pss\UserPicture.bmpStartup

          [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^AbsoluteShield Track Eraser.lnk]

          [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
          path=C:\Documents and Settings\Nick\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
          backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

          [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^OneNote-inhoudsopgave.onetoc2]
          backup=C:\WINDOWS\pss\OneNote-inhoudsopgave.onetoc2Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^Nick^Menu Start^Programma's^Opstarten^ViOrb.lnk]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j0251430]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
          --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
          --a--c--- 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
          C:\Program Files\PrevxCSI\prevxcsi.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
          --a--c--- 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
          C:\Program Files\Unlocker\UnlockerAssistant.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesktop]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]
          --a------ 2007-11-30 04:56 329029 C:\WINDOWS\system32\viwc.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallAgent]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows&#160;Updates]
          c:\windows\system\Update.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "Nero BackItUp Scheduler 3"=2 (0x2)
          "aawservice"=2 (0x2)
          "idsvc"=3 (0x3)
          "usnjsvc"=3 (0x3)
          "winss"=2 (0x2)
          "SoundMAX Agent Service (default)"=2 (0x2)
          "ose"=2 (0x2)
          "odserv"=3 (0x3)
          "Microsoft Office Groove Audit Service"=3 (0x3)
          "iPod Service"=3 (0x3)
          "IDriverT"=3 (0x3)
          "MSIServer"=3 (0x3)
          "FontCache3.0.0.0"=2 (0x2)
          "CiSvc"=3 (0x3)
          "WMPNetworkSvc"=2 (0x2)
          "SCardDrv"=3 (0x3)

          R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
          R2 nvcoas;Norman Virus Control on-access component;"C:\Norman\Nvc\bin\nvcoas.exe" [2007-07-12 09:38]
          R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 20:04]
          R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 08:50]
          R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 11:23]
          S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 10:24]
          S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2002-05-02 11:07]
          S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 13:25]
          S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 13:25]
          S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 13:25]
          S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 13:25]
          S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-05 15:12]

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-09 16:52:00
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-09 16:56:33 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-09 16:56:26
          ComboFix2.txt 2008-01-09 16:12:02
          .
          2008-01-07 21:12:08 --- E O F ---



          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 16:59:24, on 9-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Norman\Npm\bin\ELOGSVC.EXE
          C:\Norman\Npm\Bin\zanda.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\msiexec.exe
          C:\Norman\Nvc\bin\nvcoas.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Norman\Nvc\BIN\NVCSCHED.EXE
          C:\Norman\Npm\bin\NJEEVES.EXE
          C:\Norman\Npm\bin\ZLH.EXE
          C:\WINDOWS\system32\ctfmon.exe
          C:\Norman\Nvc\BIN\NIP.EXE
          C:\Norman\Nvc\bin\cclaw.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
          O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
          O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
          O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
          O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
          O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
          O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
          O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
          O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

          --
          End of file - 4713 bytes
          It was wrote by NickNickNick
          • Citaat

          Comment

          • #6
            Dat ziet er al beter uit.

            Ga naar Start - Uitvoeren en tik in: ComboFix /u
            Druk op Enter.

            Voer een onlinescan uit met de ESET Online Scanner.
            Vink aan: YES, I accept the Terms Of Use.
            Klik op de knop Start.
            Klik daarna op de knop Install.
            Klik op Start.

            De scanner zal nu initialiseren en updaten.
            Vink Remove found threats NIET aan, tenzij dit gevraagd wordt.
            Klik op de knop Scan.

            Wacht geduldig af tot de scan voltooid is, dit kan een tijdje duren.
            Wanneer de scan klaar is, klik je op de tab Details.
            Kopi&#235;er en plak de inhoud van dit venster in je volgende post.
            (Je vindt dit ook terug als C:\Program Files\EsetOnlineScanner\log.txt)
            • Citaat

            Comment

            • #7
              Hier Marckie, Hij vond 'nog' wel 1 item..

              # version=4
              # OnlineScanner.ocx=1.0.0.56
              # OnlineScannerDLLA.dll=1, 0, 0, 51
              # OnlineScannerDLLW.dll=1, 0, 0, 51
              # OnlineScannerUninstaller.exe=1, 0, 0, 49
              # vers_standard_module=2778 (20080109)
              # vers_arch_module=1.060 (20071228)
              # vers_adv_heur_module=1.064 (20070717)
              # EOSSerial=83b48967e5bce0498406ef1e9c316938
              # end=finished
              # remove_checked=false
              # unwanted_checked=false
              # utc_time=2008-01-09 06:11:25
              # local_time=2008-01-09 06:11:25 (+0000, GMT (standaardtijd))
              # country="Netherlands"
              # osver=5.1.2600 NT Service Pack 2
              # scanned=166663
              # found=1
              # scan_time=2892
              C:\QooBox\Quarantine\C\WINDOWS\system32\NTSpool.exe.vir probably a variant of Win32/Agent trojan D923F829C0E623D38DA774A6FED8C021
              It was wrote by NickNickNick
              • Citaat

              Comment

              • #8
                Volgens mij had je dit niet uitgevoerd:
                Oorspronkelijk geplaatst door Marckie Bekijk Berichten
                Ga naar Start - Uitvoeren en tik in: ComboFix /u
                Druk op Enter.
                Doe het even , en meldt of er nog problemen zijn.
                • Citaat

                Comment

                • #9
                  Klopt Marckie, Overheengelezen en ondertijd uitgevoert, problemen. Nee!!, weer supersnel!!, Bedankt voor de hulp!!
                  It was wrote by NickNickNick
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan NickNickNick.

                    Best dat je nog even alle bestaande systeemherstelpunten wist:
                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Systeemherstel uitschakelen.

                    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                    De status van deze thread staat op opgelost.
                    Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                    Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                    Happy surfing again.
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X