Hardnekkig virus (installer.exe enz...)

[tornado61]

mag ik het ook gewoon installeren via de usb stick?

---------- Post toegevoegd om 13:42 ---------- Vorige post was om 13:35 ----------

ok, via de usb stick is gelukt, de console wordt nu geïnstalleerd, maar kan ik het internet er weer uit halen nadat de console is geïnstalleerd ?

[kape]

ok, via de usb stick is gelukt, de console wordt nu geïnstalleerd, maar kan ik het internet er weer uit halen nadat de console is geïnstalleerd ?

Ja, dat mag.

[tornado61]

combofix heeft een rootkit gevonden ...

C:\windows\systsem32\drivers\H8SRTixngiltowqtsus

C:\windows\systsem32\H8SRTgilcfqppxe.dll

C:\windows\systsem32\H8SRTiyxnmurqhb.dat

C:\windows\systsem32\H8SRToslbfnqfco.dll

(ik weet niet of de eerste goed is, ik heb een beetje priegelig geschreven)

[tornado61]

ComboFix 09-12-26.04 - de haan 27-12-2009 12:51:04.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.218 [GMT 1:00]

Gestart vanuit: d:\data\de haan\Bureaublad\scan.exe

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\windows\system32\clrviddc.dll

c:\windows\system32\drivers\H8SRTixngiltowq.sys

c:\windows\system32\H8SRTgitcfqppxe.dll

c:\windows\system32\H8SRTiyxnmurqhb.dat

c:\windows\system32\H8SRToslbfnqfco.dll

c:\windows\system32\srcr.dat

c:\windows\system32\UpMedia

c:\windows\system32\UpMedia\uninstallSE.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-27 to 2009-12-27 ))))))))))))))))))))))))))))))

.

2009-12-27 11:17 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-27 11:17 . 2009-12-27 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware12

2009-12-27 11:17 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 21:14 . 2009-12-26 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-26 21:14 . 2009-12-27 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 21:13 . 2009-12-26 21:13 -------- d-----w- c:\program files\Trend Micro

2009-12-23 21:27 . 2009-12-23 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-23 21:22 . 2009-12-27 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-23 21:22 . 2009-12-26 21:16 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-23 21:19 . 2009-12-23 21:19 -------- d-----w- c:\documents and settings\de haan\Application Data\AVG8

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-26 19:44 . 2008-05-25 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-23 13:52 . 2008-01-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Rabo Support

2009-12-21 19:13 . 2007-12-31 13:16 -------- d-----w- c:\program files\XviD

2009-12-12 18:57 . 2007-03-07 12:28 -------- d-----w- c:\program files\Thoroughbred Tycoon

2009-12-10 15:18 . 2004-08-04 12:00 90586 ----a-w- c:\windows\system32\perfc013.dat

2009-12-10 15:18 . 2004-08-04 12:00 508910 ----a-w- c:\windows\system32\perfh013.dat

2009-11-12 20:16 . 2007-03-04 15:41 -------- d-----w- c:\program files\Picasa2

2009-10-29 07:46 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-10-21 06:03 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:03 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:53 . 2004-08-04 12:00 267264 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:54 . 2004-08-04 12:00 112640 ----a-w- c:\windows\system32\rastls.dll

2009-10-08 10:59 . 2009-01-24 12:31 21832 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2009-10-07 12:07 . 2008-10-14 17:05 214344 ----a-w- c:\windows\system32\nscrnsav.scr

2007-07-26 20:33 . 2007-03-04 15:44 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-07-26 20:33 . 2007-03-04 15:44 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-07-26 20:33 . 2007-03-04 15:44 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-07-26 20:33 . 2007-03-04 15:44 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-07-26 20:33 . 2007-03-04 15:44 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"nwiz"="nwiz.exe" [2006-08-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]

"Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2009-10-07 189824]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-3-1 131584]

Rabo Session Monitor.lnk - c:\program files\Rabo\Support\RaboSessionMon.exe [2005-1-5 869888]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-03-28 13:48 622592 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-04-10 12:58 61440 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 12:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-03-02 14:24 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"d:\\data\\de haan\\Mijn documenten\\ActiveInstall_NL.exe"=

"c:\\Program Files\\BankingTools\\C@shflow\\C@shFlowApp.exe"=

"c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=

R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [13-1-2008 14:53 32880]

R1 NGS;Norman General Security Driver;c:\norman\ngs\bin\ngs.sys [28-2-2009 10:25 25032]

R1 NPROSEC;Norman Security driver;c:\norman\ngs\bin\nprosec.sys [12-5-2009 20:47 56136]

R2 Ndiskio;Ndiskio;c:\norman\Nse\Bin\Ndiskio.sys [15-10-2009 18:30 24168]

R2 NPROSECSVC;Norman Security service;c:\norman\ngs\bin\nprosec.exe [12-5-2009 20:47 124232]

R2 NVOY;Norman Resource Provider;c:\norman\npm\bin\nvoy.exe [14-10-2008 18:05 128328]

R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [13-1-2008 14:53 368128]

R3 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\Bin\Nsesvc.exe [10-12-2009 18:14 283976]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24-1-2009 13:31 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\norman\NVC\bin\Nvcoas.exe [21-2-2009 11:31 197960]

R3 Scheduler;Norman Scheduler Service;c:\norman\npm\bin\scheduler.exe [12-5-2009 20:48 132424]

S3 adxapie;adxapie;\??\c:\docume~1\maike\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\maike\LOCALS~1\Temp\adxapie.sys [?]

S3 KMUSBSC2;KM USB Scan Svc2;c:\windows\system32\drivers\KMUSBSC2.sys [27-1-2008 20:24 25344]

S3 KMUSBSCN;KM USB Scan Svc;c:\windows\system32\drivers\KMUSBSCN.sys [27-1-2008 20:22 31232]

S3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\Bin\Nvcsched.exe" --> c:\norman\Npm\Bin\Nvcsched.exe [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.86.127.26/activex/AMC.cab

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-Eraser - c:\program files\Eraser\eraser.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME\TomTomHOME.exe

AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe

AddRemove-PCLedenPatch6112a_is1 - c:\program files\PCLeden6\bin\unins000.exe

AddRemove-mijn manege - c:\tivola\mijn manege\uninst.exe

AddRemove-Mijn paard - c:\tivola\Mijn paard\uninst.exe

AddRemove-Mijn paardenvakantie - c:\tivola\Mijn paardenvakantie\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-27 13:02

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(228)

c:\norman\nvc\bin\Niphk.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\norman\Npm\bin\ELOGSVC.EXE

c:\norman\Npm\Bin\Zanda.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\norman\Npm\Bin\Njeeves.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\SOUNDMAN.EXE

c:\norman\Nvc\Bin\Nip.exe

c:\norman\Nvc\Bin\cclaw.exe

.

**************************************************************************

.

Voltooingstijd: 2009-12-27 13:11:56 - machine werd herstart

ComboFix-quarantined-files.txt 2009-12-27 12:11

Pre-Run: 4.303.769.600 bytes beschikbaar

Post-Run: 5.479.428.096 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DE117E52A1D05E86F2552E3AA6C828DF

zoals in het logje volgens mij te zien is, kon ik norman niet uitzetten, geeft dit ernstige problemen?

---------- Post toegevoegd om 14:33 ---------- Vorige post was om 14:27 ----------

norman virus control doet het trouwens weer

(zal ik laten scannen?)

[tornado61]

Malwarebytes' Anti-Malware 1.42

Database versie: 3289

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

27-12-2009 13:57:44

mbam-log-2009-12-27 (13-57-39).txt

Scan type: Snelle Scan

Objecten gescand: 116440

Verstreken tijd: 21 minute(s), 27 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\WINDOWS\system32\encdec32.dll (Trojan.Agent) -> No action taken.

dit is een logje van MBAM (alles doet het weer)

kan ik die dingen verwijderen?

want er staat ook 1 in system 32 :S

[tornado61]

de computer is nu opeens zeer traag?

weet iemand waarom?

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\docume~1\maike\LOCALS~1\Temp\adxapie.sys

Driver::

adxapie

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[tornado61]

hier het combofix logje:

ComboFix 09-12-26.04 - de haan 27-12-2009 19:14:19.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.200 [GMT 1:00]

Gestart vanuit: d:\data\de haan\Bureaublad\scan.exe

gebruikte Opdracht switches :: d:\data\de haan\Bureaublad\CFScript.txt

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FILE ::

"c:\docume~1\maike\locals~1\temp\adxapie.sys"

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-27 to 2009-12-27 ))))))))))))))))))))))))))))))

.

2009-12-27 12:33 . 2009-12-27 12:33 -------- d-----w- c:\documents and settings\de haan\Application Data\Malwarebytes

2009-12-27 11:17 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-27 11:17 . 2009-12-27 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware12

2009-12-27 11:17 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 21:14 . 2009-12-26 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-26 21:14 . 2009-12-27 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 21:13 . 2009-12-26 21:13 -------- d-----w- c:\program files\Trend Micro

2009-12-23 21:27 . 2009-12-23 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-23 21:22 . 2009-12-27 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-23 21:22 . 2009-12-26 21:16 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-23 21:19 . 2009-12-23 21:19 -------- d-----w- c:\documents and settings\de haan\Application Data\AVG8

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-26 19:44 . 2008-05-25 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-23 13:52 . 2008-01-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Rabo Support

2009-12-21 19:13 . 2007-12-31 13:16 -------- d-----w- c:\program files\XviD

2009-12-12 18:57 . 2007-03-07 12:28 -------- d-----w- c:\program files\Thoroughbred Tycoon

2009-12-10 15:18 . 2004-08-04 12:00 90586 ----a-w- c:\windows\system32\perfc013.dat

2009-12-10 15:18 . 2004-08-04 12:00 508910 ----a-w- c:\windows\system32\perfh013.dat

2009-11-12 20:16 . 2007-03-04 15:41 -------- d-----w- c:\program files\Picasa2

2009-10-29 07:46 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-10-21 06:03 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:03 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:53 . 2004-08-04 12:00 267264 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:54 . 2004-08-04 12:00 112640 ----a-w- c:\windows\system32\rastls.dll

2009-10-08 10:59 . 2009-01-24 12:31 21832 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2009-10-07 12:07 . 2008-10-14 17:05 214344 ----a-w- c:\windows\system32\nscrnsav.scr

2007-07-26 20:33 . 2007-03-04 15:44 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-07-26 20:33 . 2007-03-04 15:44 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-07-26 20:33 . 2007-03-04 15:44 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-07-26 20:33 . 2007-03-04 15:44 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-07-26 20:33 . 2007-03-04 15:44 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"nwiz"="nwiz.exe" [2006-08-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]

"Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2009-10-07 189824]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-3-1 131584]

Rabo Session Monitor.lnk - c:\program files\Rabo\Support\RaboSessionMon.exe [2005-1-5 869888]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-03-28 13:48 622592 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-04-10 12:58 61440 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 12:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-03-02 14:24 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"d:\\data\\de haan\\Mijn documenten\\ActiveInstall_NL.exe"=

"c:\\Program Files\\BankingTools\\C@shflow\\C@shFlowApp.exe"=

"c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=

R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [13-1-2008 14:53 32880]

R1 NGS;Norman General Security Driver;c:\norman\ngs\bin\ngs.sys [28-2-2009 10:25 25032]

R1 NPROSEC;Norman Security driver;c:\norman\ngs\bin\nprosec.sys [12-5-2009 20:47 56136]

R2 Ndiskio;Ndiskio;c:\norman\Nse\Bin\Ndiskio.sys [15-10-2009 18:30 24168]

R2 NPROSECSVC;Norman Security service;c:\norman\ngs\bin\nprosec.exe [12-5-2009 20:47 124232]

R2 NVOY;Norman Resource Provider;c:\norman\npm\bin\nvoy.exe [14-10-2008 18:05 128328]

R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [13-1-2008 14:53 368128]

R3 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\Bin\Nsesvc.exe [10-12-2009 18:14 283976]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24-1-2009 13:31 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\norman\NVC\bin\Nvcoas.exe [21-2-2009 11:31 197960]

R3 Scheduler;Norman Scheduler Service;c:\norman\npm\bin\scheduler.exe [12-5-2009 20:48 132424]

S3 adxapie;adxapie;\??\c:\docume~1\maike\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\maike\LOCALS~1\Temp\adxapie.sys [?]

S3 KMUSBSC2;KM USB Scan Svc2;c:\windows\system32\drivers\KMUSBSC2.sys [27-1-2008 20:24 25344]

S3 KMUSBSCN;KM USB Scan Svc;c:\windows\system32\drivers\KMUSBSCN.sys [27-1-2008 20:22 31232]

S3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\Bin\Nvcsched.exe" --> c:\norman\Npm\Bin\Nvcsched.exe [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.86.127.26/activex/AMC.cab

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-27 19:20

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3300)

c:\norman\nvc\bin\Niphk.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2009-12-27 19:24:28

ComboFix-quarantined-files.txt 2009-12-27 18:24

ComboFix2.txt 2009-12-27 12:11

Pre-Run: 5.603.135.488 bytes beschikbaar

Post-Run: 5.573.066.752 bytes beschikbaar

- - End Of File - - 9A3865D7D0E16B25BF01A52EEADA9F8C

---------- Post toegevoegd om 22:28 ---------- Vorige post was om 22:28 ----------

en hier het Hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:54, on 27-12-2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\Bin\Zanda.exe

C:\Norman\npm\bin\nvoy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\RaboCommSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\Bin\scheduler.exe

C:\Norman\Npm\Bin\Njeeves.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Norman\Npm\Bin\ZLH.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Rabo\Support\RaboSessionMon.exe

C:\Norman\nse\bin\NSESVC.EXE

C:\Norman\Nvc\Bin\Nip.exe

C:\Norman\Nvc\Bin\nvcoas.exe

C:\Norman\Nvc\Bin\cclaw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.86.127.26/activex/AMC.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\Bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Npm\Bin\Nvcsched.exe (file missing)

O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe

O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe

--

End of file - 8776 bytes

[kape]

Niet helemaal gelukt. Logje van HijackThis ziet er goed uit Maar Combofix moet nog even herhaald worden ... en nu dan in "veilige modus".

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\docume~1\maike\LOCALS~1\Temp\adxapie.sys

Driver::

adxapie

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[tornado61]

ok, begin ik morgen aan, hoe start je windows ook alweer in veilige modus op? (windows xp)

en hoe moet ik norman uitschakelen, want dat lukt niet :S