Mededeling

**Marckie** · 19-01-08, 11:17

Hallo,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win6C.exe
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**C20v** · 19-01-08, 23:10

Hoi Marckie,

Bedankt voor je hulp

Na het uitvoeren van je instructies en het wegklikken enkele meldingen blijft het tot nu toe stil...

Combofix-log:

ComboFix 08-01-20.1 - Janco 2008-01-19 22:51:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1348 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Janco\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\OLD9.tmp

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
.

2008-01-19 22:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 22:37 . 2008-01-17 22:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-17 22:37 . 2008-01-17 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 22:36 . 2008-01-17 22:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 21:38 . 2008-01-17 21:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 19:57 . 2008-01-17 19:57 100 --a------ C:\WINDOWS\wininit.ini
2007-12-23 19:25 . 2007-12-23 19:25 <DIR> d-------- C:\Documents and Settings\Janco\Application Data\Ahead
2007-12-20 19:52 . 2007-12-20 19:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PC Suite

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 21:49 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-18 21:49 --------- d-----w C:\Documents and Settings\Janco\Application Data\Spyware Terminator
2008-01-18 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-16 19:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-16 19:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-30 15:35 --------- d-----w C:\Program Files\Prime95
2007-12-29 20:48 --------- d-----w C:\Program Files\SpeedFan
2007-12-15 16:39 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-15 13:39 --------- d-----w C:\Program Files\Electronic Arts
2007-12-14 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-14 19:00 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-14 19:00 --------- d-----w C:\Program Files\Common Files\Logishrd
2007-12-14 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 18:59 --------- d-----w C:\Documents and Settings\Janco\Application Data\InstallShield
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-04 20:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-28 17:38 --------- d-----w C:\Program Files\Activision
2007-11-23 19:14 --------- d-----w C:\Program Files\Java
2007-11-15 09:07 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll
2007-11-15 09:07 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2007-11-15 09:07 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll
2007-11-15 09:07 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2007-11-15 09:06 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-01 18:28 22,328 ----a-w C:\Documents and Settings\Janco\Application Data\PnkBstrK.sys
2007-03-27 17:57 21,488 ----a-w C:\Documents and Settings\Janco\Application Data\GDIPFONTCACHEV1.DAT
2006-07-28 17:21 1 ----a-w C:\Documents and Settings\Janco\SI.bin
2001-11-23 18:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]
"Google Update"="C:\Documents and Settings\Janco\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe" [2008-01-13 13:31 21488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-10-07 15:42 139264]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27 222208]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2005-12-20 14:34 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-25 17:46 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-10-08 18:56 2778112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Janco\Menu Start\Programma's\Opstarten\
YouTube Uploader.lnk - C:\Documents and Settings\Janco\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-07-23 07:46:49 784912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-07-12 23:33 1581056 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-25 17:46 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CPUCooLServer"=2 (0x2)

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 04:35]
R1 ntiowp;ntiowp;C:\WINDOWS\system32\drivers\ntiowp.sys [2005-01-03 17:04]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-10-08 19:01]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-29 23:53]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 Alpham;Ideazon Merc Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2005-12-04 13:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 RTCore32;RTCore32;C:\Program Files\RMClock\RTCore32.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{526a3683-199e-11db-b30a-806d6172696f}]
\Shell\AutoRun\command - D:\install.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 22:57:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-20 22:59:00
ComboFix-quarantined-files.txt 2008-01-20 21:58:25
.
2008-01-15 23:14:26 --- E O F ---

HIjackthis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:43, on 20-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Janco\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Janco\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Janco\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Janco\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mijnalbum.nl/skin/system/upload/ImageUploader3.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8459 bytes

Wat doet deze trojan eigenlijk? Ik kan er niet zoveel over vinden.
Moet ik me zorgen maken over passwords etc?

**Marckie** · 20-01-08, 12:14

Dit bestand kan je nog verwijderen:
C:\WINDOWS\wininit.ini

Wat deze allemaal doet weet ik niet, maar je paswoorden wijzigen lijkt me zeker een goede optie.

Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.

Voer een onlinescan uit met de ESET Online Scanner.
Vink aan: YES, I accept the Terms Of Use.
Klik op de knop Start.
Klik daarna op de knop Install.
Klik op Start.

De scanner zal nu initialiseren en updaten.
Vink Remove found threats NIET aan, tenzij dit gevraagd wordt.
Klik op de knop Scan.

Wacht geduldig af tot de scan voltooid is, dit kan een tijdje duren.
Wanneer de scan klaar is, klik je op de tab Details.
Kopiëer en plak de inhoud van dit venster in je volgende post.
(Je vindt dit ook terug als C:\Program Files\EsetOnlineScanner\log.txt)

**C20v** · 20-01-08, 20:22

Uhm, die online scanner werkt (bij mij) niet. Hij geeft een fout (Error: Update failed(108) ) Ligt dat aan mij of doettie het echt niet?

**Marckie** · 20-01-08, 20:29

Doe dit:

Sluit alle open vensters van Internet Explorer.
Ga naar het Configuratiescherm en dubbelklik op Internet-opties.
Het venster "Eigenschappen voor Internet" voor internet zal openen.
Ga naar het tabblad Algemeen.
Klik op de knop Cookies verwijderen, en in het venster dat opent klik je op OK.
Klik nu op de knop Bestanden verwijderen.
In het venster dat opent vink je ook aan "Ook alle offline items verwijderen".
Klik op de knop OK.

Herstart Internet Explorer en probeer opnieuw.

**C20v** · 21-01-08, 23:33

Oke, dat werkte idd. Scan gedaan:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2811 (20080121)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=6c8e9307cbc8cc498eafecda86ca954f
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-22 10:24:23
# local_time=2008-01-22 11:24:23 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# osver=5.1.2600 NT Service Pack 2
# scanned=704509
# found=0
# scan_time=6474

De uitkomst lijkt me goed, toch?

**Marckie** · 22-01-08, 17:18

Die is goed.
Zijn er nog problemen momenteel?

**C20v** · 22-01-08, 22:05

Nee, geen meldingen meer.
Dit was eigenlijk de eerste keer in 10 jaar dat ik zo`n probleem had, tot nog toe lukte het me prima om die zooi buiten de deur te houden. Het is op z`n zachtst gezegd erg vervelend als je je eigen PC niet meer kan vertrouwen.

Heel erg bedankt voor je adviezen

**Marckie** · 23-01-08, 17:58

Graag gedaan.

Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.
Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

De status van deze thread zet ik op opgelost.
Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Happy surfing again.

Mededeling

Ook de pisang-W32\Dloader.FBEE

Ook de pisang-W32\Dloader.FBEE

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment