Archief - Trojan.Win32.Obfuscated.gx

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

woody600

Legacy Member
Ik zit met deze virus en heb op enkele plaatsen gezien dat deze met hijackthis te verwijderen is. Norman antivirus krijgt hem niet verwijdert en heb al enkele tools geprobeert om deze te verwijderen(FixIEdef en smith..) Hier is het logje



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:03, on 4-7-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Corel\Graphics8\programs\MFIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gezin\Bureaublad\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\programs\MFIndexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242836677468
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8851 bytes

Juisterr

Legacy Member
niks van te zien.

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.



Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.


Plaats dit logje samen met een nieuw logje van HijackThis.

woody600

Legacy Member
HIJACKTHIS

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Corel\Graphics8\programs\MFIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gezin\Bureaublad\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\programs\MFIndexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242836677468
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8911 bytes


MALWARE

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0


COMBOFIX

ComboFix 09-07-05.03 - Gezin 06-07-2009 11:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.512.241 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Gezin\Bureaublad\ComboFix.exe
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Persoonlijke firewall *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msssc.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))))
.

2009-07-06 08:44 . 2009-07-06 08:44 -------- d-----w- c:\documents and settings\Gezin\Application Data\Malwarebytes
2009-07-06 08:44 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 08:44 . 2009-07-06 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 08:44 . 2009-07-06 08:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 08:44 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 15:17 . 2009-07-05 15:17 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2009-07-05 11:27 . 2009-07-05 11:27 -------- d-----w- c:\documents and settings\Gezin\Local Settings\Application Data\Thunderbird
2009-07-05 11:27 . 2009-07-05 11:27 -------- d-----w- c:\documents and settings\Gezin\Application Data\Thunderbird
2009-07-05 11:24 . 2009-07-05 18:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-05 10:31 . 2009-07-05 15:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 10:30 . 2009-07-05 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-05 10:29 . 2009-07-05 11:25 -------- d-----w- c:\program files\Unlocker
2009-07-05 10:14 . 2009-07-05 10:14 -------- d-sh--w- c:\documents and settings\Gezin\PrivacIE
2009-07-05 10:13 . 2009-07-05 10:13 -------- d-----w- c:\program files\Enigma Software Group
2009-07-04 17:56 . 2009-07-05 11:21 -------- d-----w- c:\program files\IncrediMail
2009-07-03 16:56 . 2009-07-03 16:56 -------- d-----w- C:\ERDNT
2009-07-03 16:56 . 2009-07-03 16:56 -------- d-----w- c:\windows\ERUNT
2009-07-03 16:56 . 2009-07-03 16:57 -------- d-----w- C:\!FixIEDef
2009-06-30 13:02 . 2009-06-30 13:02 -------- d-----w- c:\windows\system32\siscardplugins
2009-06-30 13:01 . 2009-06-30 13:01 -------- d-----w- c:\windows\system32\beidpp
2009-06-30 13:01 . 2009-06-30 13:01 -------- d-----w- c:\program files\Belgium Identity Card
2009-06-30 13:00 . 2009-06-30 13:00 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2009-06-30 13:00 . 2009-06-30 13:00 110592 ----a-w- c:\windows\system32\usbr38.dll
2009-06-30 13:00 . 2009-06-30 13:01 -------- d-----w- C:\drivers
2009-06-28 13:57 . 2009-06-28 13:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-28 13:57 . 2009-06-28 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-28 13:56 . 2009-06-28 13:56 -------- d-sh--w- c:\documents and settings\Gezin\IETldCache
2009-06-28 11:41 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-28 11:40 . 2009-06-28 11:41 -------- d-----w- c:\windows\ie8updates
2009-06-28 11:37 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-28 11:37 . 2009-04-30 21:17 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-28 11:37 . 2009-04-30 21:17 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-28 11:37 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-28 11:34 . 2009-06-28 11:36 -------- dc-h--w- c:\windows\ie8
2009-06-28 11:34 . 2009-06-28 11:36 -------- d-----w- c:\windows\system32\nl-NL
2009-06-17 12:26 . 1996-08-23 18:11 384512 ----a-w- c:\windows\system32\MFCO40.DLL
2009-06-17 12:26 . 1995-05-22 04:37 151040 ----a-w- c:\windows\system32\MFCO30.DLL
2009-06-17 12:26 . 1995-05-22 04:37 358400 ----a-w- c:\windows\system32\MFC30.DLL
2009-06-17 12:26 . 1999-08-24 08:12 40960 ------w- c:\windows\photo express 3.scr
2009-06-17 12:25 . 2009-06-17 12:25 -------- d-----w- c:\program files\Ulead Systems
2009-06-16 11:23 . 2009-06-17 12:38 -------- d-----w- c:\documents and settings\Gezin\Local Settings\Application Data\Google
2009-06-16 11:23 . 2009-06-16 11:23 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-16 11:22 . 2009-06-17 12:39 -------- d-----w- c:\program files\Google
2009-06-09 16:24 . 2009-06-09 16:24 -------- d-----w- c:\documents and settings\Gezin\Application Data\Corel
2009-06-09 15:41 . 2009-06-30 14:25 -------- d-----w- C:\TEMP
2009-06-09 15:40 . 1997-12-15 10:20 71680 ------w- c:\windows\system32\3dviewer.dll
2009-06-09 15:39 . 1997-08-21 15:44 32768 ------w- c:\windows\system32\cmgr32.dll
2009-06-09 15:39 . 1997-07-30 18:21 553984 ------w- c:\windows\system32\rave.dll
2009-06-09 15:39 . 1996-09-06 12:02 960000 ------w- c:\windows\system32\evysh7.dll
2009-06-09 15:38 . 1997-06-03 07:31 108032 ------w- c:\windows\system32\sh33w32.dll
2009-06-09 15:38 . 1997-12-15 10:20 410624 ------w- c:\windows\system32\scint78.dll
2009-06-09 15:38 . 1997-08-21 15:44 345600 ------w- c:\windows\system32\qtim32.dll
2009-06-09 15:38 . 1996-12-10 16:21 39095 ------w- c:\windows\iccsigs.dat
2009-06-09 15:37 . 1997-08-20 07:00 99840 ------w- c:\windows\system32\evysh7nl.dll
2009-06-09 15:37 . 1997-12-15 10:19 909312 ------w- c:\windows\system32\qd3d.dll
2009-06-09 15:35 . 2009-06-09 15:35 -------- d-----w- c:\windows\Favorites
2009-06-09 15:35 . 2009-06-09 15:35 -------- d-----w- C:\Corel
2009-06-09 15:35 . 2009-06-09 15:41 -------- d-----w- c:\windows\Corel

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 08:34 . 2009-05-20 18:41 -------- d-----w- c:\program files\Norman
2009-07-03 18:03 . 2009-05-21 12:15 -------- d-----w- c:\documents and settings\Gezin\Application Data\LimeWire
2009-07-01 15:50 . 2009-07-01 15:50 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx31.tmp
2009-06-17 12:33 . 2009-05-20 14:33 81000 ----a-w- c:\documents and settings\Gezin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 15:49 . 2009-06-04 15:49 360448 ----a-w- c:\windows\system32\beid35applayer.dll
2009-06-04 15:49 . 2009-06-04 15:49 86016 ----a-w- c:\windows\system32\Belgium Identity Card PKCS11.dll
2009-06-04 15:49 . 2009-06-04 15:49 86016 ----a-w- c:\windows\system32\beidpkcs11.dll
2009-06-04 15:49 . 2009-06-04 15:49 69632 ----a-w- c:\windows\system32\beidCSPlib.dll
2009-06-04 15:49 . 2009-06-04 15:49 196608 ----a-w- c:\windows\system32\beid35cardlayer.dll
2009-06-04 15:48 . 2009-06-04 15:48 262144 ----a-w- c:\windows\system32\beid35DlgsWin32.dll
2009-06-04 15:48 . 2009-06-04 15:48 126976 ----a-w- c:\windows\system32\beid35common.dll
2009-06-04 15:48 . 2009-06-04 15:48 200704 ----a-w- c:\windows\system32\eidlib.dll
2009-06-04 15:48 . 2009-06-04 15:48 200704 ----a-w- c:\windows\system32\beidlib.dll
2009-05-30 12:27 . 2009-05-30 12:27 -------- d-----w- c:\program files\easyresize
2009-05-29 17:48 . 2009-05-29 17:48 -------- d-----w- c:\program files\EASY COMPUTING
2009-05-28 15:45 . 2009-05-28 15:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 16:42 . 2009-05-26 16:42 -------- d-----w- c:\documents and settings\Gezin\Application Data\Creative
2009-05-26 16:42 . 2009-05-26 16:38 -------- d-----w- c:\program files\Creative
2009-05-26 16:41 . 2009-05-20 15:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 16:40 . 2009-05-26 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-05-26 16:40 . 2009-05-26 16:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2009-05-26 16:39 . 2009-05-26 16:40 2399468 ----a-w- c:\documents and settings\All Users\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}\setup.exe
2009-05-26 16:38 . 2009-05-26 16:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2009-05-23 14:42 . 2003-04-08 12:00 69614 ----a-w- c:\windows\system32\perfc013.dat
2009-05-23 14:42 . 2003-04-08 12:00 442318 ----a-w- c:\windows\system32\perfh013.dat
2009-05-23 11:29 . 2009-05-23 11:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-23 11:19 . 2009-05-23 11:19 -------- d-----w- c:\program files\MSXML 4.0
2009-05-22 14:57 . 2009-05-22 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-05-22 14:57 . 2009-05-22 14:57 -------- d-----w- c:\program files\TechSmith
2009-05-22 14:56 . 2009-05-22 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 18:46 . 2009-05-20 18:46 -------- d-----w- c:\program files\Microsoft
2009-05-20 18:45 . 2009-05-20 18:45 -------- d-----w- c:\program files\Windows Live
2009-05-20 18:45 . 2009-05-20 18:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-20 18:42 . 2009-05-20 18:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-20 17:35 . 2009-05-20 12:57 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-20 16:04 . 2009-05-20 16:04 -------- d-----w- c:\program files\Analog Devices
2009-05-20 15:55 . 2009-05-20 15:34 104265 ----a-w- c:\windows\hpoins04.dat
2009-05-20 15:54 . 2009-05-20 15:54 128 ----a-w- c:\documents and settings\Gezin\Local Settings\Application Data\fusioncache.dat
2009-05-20 15:48 . 2009-05-20 15:48 -------- d-----w- c:\program files\Common Files\HP
2009-05-20 15:45 . 2009-05-20 15:45 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-20 15:45 . 2009-05-20 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-20 15:45 . 2009-05-20 15:35 -------- d-----w- c:\program files\HP
2009-05-20 15:45 . 2009-05-20 15:45 45056 ----a-r- c:\documents and settings\Gezin\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-05-20 15:44 . 2009-05-20 15:44 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-20 15:26 . 2009-05-20 15:26 -------- d-----w- c:\program files\Common Files\Nero
2009-05-20 15:22 . 2009-05-20 15:21 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-20 15:21 . 2009-05-20 15:21 -------- d-----w- c:\program files\Logitech
2009-05-20 15:01 . 2009-05-20 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-05-20 15:00 . 2009-05-20 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-05-20 14:37 . 2009-05-20 14:36 -------- d-----w- c:\program files\LimeWire
2009-05-20 14:37 . 2009-05-20 14:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 14:37 . 2009-05-20 14:37 -------- d-----w- c:\program files\Java
2009-05-20 14:36 . 2009-05-20 14:36 152576 ----a-w- c:\documents and settings\Gezin\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-05-20 13:48 . 2009-05-20 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-20 13:24 . 2009-05-20 13:24 0 ----a-w- c:\windows\nsreg.dat
2009-05-20 13:22 . 2009-05-20 13:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-20 13:15 . 2009-05-20 13:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-20 12:58 . 2009-05-20 12:58 -------- d-----w- c:\program files\microsoft frontpage
2009-05-20 12:55 . 2009-05-20 12:56 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:06 . 2006-06-23 11:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2003-04-08 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:12 . 2003-04-08 12:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:18 . 2004-03-06 02:19 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 136600]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 08:33 73728]
"LogitechCameraService(E)"="c:\windows\System32\ElkCtrl.exe" [2004-11-01 262144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\programs\MFIndexer.exe [2009-6-9 83456]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

P2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\Npf\Bin\npfsvc32.exe [20-5-2009 20:42 597104]
R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [20-5-2009 20:42 79752]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [20-5-2009 20:42 22712]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [20-5-2009 20:42 53816]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [20-5-2009 20:42 74624]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [20-5-2009 20:42 20448]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [20-5-2009 20:42 121912]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [20-5-2009 20:42 126008]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [20-5-2009 20:42 310328]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [20-5-2009 20:42 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [20-5-2009 20:42 195640]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [20-5-2009 20:49 130104]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [30-6-2009 15:00 33536]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\Bin\Nvcsched.exe" --> c:\program files\Norman\Npm\Bin\Nvcsched.exe [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-06-28 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe


.
------- Bijkomende Scan -------
.
uStart Page = Google
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Gezin\Application Data\Mozilla\Firefox\Profiles\sz0wwpt5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-06 11:29
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•Ñw*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-07-06 11:32
ComboFix-quarantined-files.txt 2009-07-06 09:32

Pre-Run: 51.641.692.160 bytes beschikbaar
Post-Run: 51.646.418.944 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

258 --- E O F --- 2009-06-28 13:47


Denk dat het nu wel clean is. Kon eerder incredimail niet installeren en nu wel bedankt.

Juisterr

Legacy Member
echte poetsen ?



Download OTM (by OldTimer) naar je Bureaublad.
* Dubbelklik op OTM.exe om de tool te starten.
* Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, code tekst :
Code:
:Processes

:Services
:Reg
:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster
* Klik op de rode MoveIt! knop
* Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,
(of het logje dat je terugvindt als C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
* Sluit OTM
Indien een bestand of map niet onmiddellijk kan verplaatst worden,
kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
Klik dan op Ja/Yes.

woody600

Legacy Member
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gezin
->Temp folder emptied: 31482320 bytes
->Temporary Internet Files folder emptied: 7247031 bytes
->Java cache emptied: 186379 bytes
->FireFox cache emptied: 70054127 bytes

User: LocalService
->Temp folder emptied: 27655760 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1119633 bytes
%systemroot%\System32 .tmp files removed: 3590429 bytes
Windows Temp folder emptied: 27655760 bytes
RecycleBin emptied: 4530045 bytes

Total Files Cleaned = 165,58 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07112009_112533

Files moved on Reboot...

Registry entries deleted on Reboot...
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan