PDA

Volledige versie bekijken : wie kijk deze even na aub?


patrick1964
21 May 2007, 19:51
Hallo

kan er iemand even mijn log nakijken want ken er zelf nog niet veel van en mijn pc heeft regelmatig kuren.
alvast bedankt....patrick

Logfile of HijackThis v1.99.1
Scan saved at 19:51:05, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
DJ Inpossible
21 May 2007, 20:27
Hoi Patrick,

Ik ga even kijken voor je. Zodra ik een fix heb post ik hem.

Pim
DJ Inpossible
21 May 2007, 21:57
Hoi Patrick,

1. Zet Hijackthis in een eigen map. Dit i.v.m. met de backup's die het programma maakt en verloren kunnen gaan als je deze vanuit de temp map start. Voorbeeld: C:\hijackthis of C:\program files\hijackthis

2. Start Hijackthis, kies voor 'Do a system scan only' en vink alleen onderstaande regel aan:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Voor de rest ziet het er goed uit :) heb je problemen?

pim :good:
patrick1964
21 May 2007, 22:09
hallo pim
alvast bedankt voor je tijd .
ja m,n pc blijft regelmatig hangen en bij het opstarten duurt dit heel lang +5minuten.
weet niet wat er scheelt maar ben blij te weten dat hij toch in orde is.
grtjs patrick
DJ Inpossible
22 May 2007, 22:18
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad

Dubbelklik op combofix.exe
Volg de instructies, aanvaard de disclaimer door y of Y te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Bewaar dit logje.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
patrick1964
26 May 2007, 08:54
hallo
hier het logje.
bedankt voor uw reaktie.
grtn patrick

"Eigenaar" - 2007-05-27 8:52:37 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Eigenaar\Bureaublad\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))

2007-05-24 17:12 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2007-05-24 17:12 <DIR> dr-h----- C:\DOCUME~1\Eigenaar\Onlangs geopend
2007-05-23 19:08 339,257 --a------ C:\Program Files\CleanUp452.exe
2007-05-23 19:07 2,719,216 --a------ C:\Program Files\ccsetup140.exe
2007-05-23 19:07 <DIR> d-------- C:\Program Files\CCleaner
2007-05-23 19:06 <DIR> d-------- C:\Program Files\ToniArts
2007-05-23 19:05 2,951,802 --a------ C:\Program Files\EClea2_0.exe
2007-05-23 18:07 210,528 --a------ C:\Program Files\rcsetup101.exe
2007-05-23 18:00 2,960,490 --a------ C:\Program Files\DriverMagician.exe
2007-05-22 22:34 3,098,056 --a------ C:\Program Files\LimeWireWin.exe
2007-05-22 22:29 744,529 --a------ C:\Program Files\bazookasetup.exe
2007-05-22 22:21 <DIR> d-------- C:\Program Files\RegCleaner
2007-05-22 21:59 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\iMesh
2007-05-22 20:22 <DIR> d-------- C:\Program Files\Bazooka Scanner
2007-05-18 10:38 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\LimeWire
2007-05-18 10:36 <DIR> d-------- C:\Program Files\LimeWire
2007-05-18 10:29 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Azureus
2007-05-18 10:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
2007-05-17 22:43 2,621,440 --a------ C:\Documents and Settings\Eigenaar\ntuser.dat
2007-05-17 22:43 2,621,440 --a------ C:\DOCUME~1\Eigenaar\ntuser.dat
2007-05-16 22:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-16 22:25 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Lavasoft
2007-05-16 22:21 164 --a------ C:\install.dat
2007-05-16 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-05-16 22:20 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-05-16 22:14 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-05-16 22:09 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-05-12 15:11 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\CoffeeCup Software
2007-05-08 22:54 813,968 --a------ C:\Program Files\Google Updater.exe
2007-05-08 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
2007-05-08 22:15 <DIR> d-------- C:\WINDOWS\pss
2007-04-28 19:45 <DIR> d-------- C:\Documents and Settings\Eigenaar\Contacts
2007-04-28 19:45 <DIR> d-------- C:\DOCUME~1\Eigenaar\Contacts
2007-04-28 19:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-28 19:44 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-28 19:42 17,874,288 --a------ C:\Program Files\Install_Messenger.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-05-25 18:38:21 -------- d-----w C:\Program Files\C-Media 3D Audio
2007-05-23 17:06:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 20:31:52 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-05-18 20:31:52 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-05-08 20:55:23 -------- d-----w C:\Program Files\Google
2007-04-23 06:45:08 -------- d-----w C:\Program Files\Sitecom
2007-04-21 16:29:54 1,945,800 ----a-w C:\Program Files\PPVIEWER.EXE
2007-04-21 16:17:58 3,412,392 ----a-w C:\Program Files\ppconv31.exe
2007-04-21 16:12:54 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\DivX
2007-04-21 16:07:06 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-21 16:06:40 2,301 ----a-w C:\WINDOWS\mozver.dat
2007-04-21 16:05:42 -------- d-----w C:\Program Files\DivX
2007-04-21 16:02:02 14,762,968 ----a-w C:\Program Files\DivXInstaller.exe
2007-04-21 04:23:58 -------- d-----w C:\Program Files\Windows Defender
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:49:09 7,227,075 ----a-w C:\Program Files\BlazeDVDSetup.exe
2007-04-16 17:23:46 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-16 01:09:29 -------- d-----w C:\Program Files\Messenger
2007-04-15 10:38:48 -------- d-----w C:\Program Files\Common Files\AVSMedia
2007-04-15 10:38:47 -------- d-----w C:\Program Files\AVSMedia
2007-04-15 10:38:18 5,846,126 ----a-w C:\Program Files\AVSDiscCreator.exe
2007-04-15 10:30:22 -------- d-----w C:\Program Files\PowerDVD
2007-04-15 10:30:02 -------- d-----w C:\Program Files\Power DVD Player
2007-04-15 10:30:02 -------- d-----w C:\Program Files\Nero
2007-04-15 10:30:02 -------- d-----w C:\Program Files\CodecInstaller
2007-04-15 10:29:43 -------- d-----w C:\Program Files\Ahead
2007-04-15 08:28:34 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Ahead
2007-04-15 08:12:33 36 ----a-w C:\WINDOWS\system32\ddp.dat
2007-04-10 12:47:33 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Google
2007-04-09 17:10:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-09 17:10:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-09 17:08:58 19,755,560 ----a-w C:\Program Files\avg75free_446a965.exe
2007-04-09 16:52:29 -------- d-----w C:\Program Files\Microsoft Works
2007-04-09 16:50:10 -------- d-----w C:\Program Files\DVD Shrink
2007-04-09 16:18:53 21,748 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-08 21:52:38 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:32 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-27 07:55:32 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-27 07:55:31 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-17 13:45:54 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:39:10 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:39:10 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:39:10 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:59 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-08 22:54]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
"C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"TermService"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"Schedule"=2 (0x2)
"Netman"=3 (0x3)
"MSDTC"=3 (0x3)
"CiSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* -PROCEXP90

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070523-175310-979
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20070523-175310-939
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00, 6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"EulaAccepted"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Setting s]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00, c0,4f,c2,97,eb,01,00,\
00,00,03,ca,32,40,04,38,ef,4c,ac,c5,77,9d,35,f0,0e ,9d,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00 ,67,4e,6b,ab,61,e9,42,f9,\
a7,da,6b,17,03,fd,3c,42,00,00,00,00,04,80,00,00,a0 ,00,00,00,10,00,00,00,de,\
ca,09,39,5c,4e,a0,90,9d,5c,b9,b2,f8,8c,2e,62,b0,01 ,00,00,75,68,c2,09,26,ac,\
24,eb,9a,dc,e1,1f,47,fc,b5,b2,e2,22,82,3e,83,c8,e5 ,9e,81,f0,50,44,9d,25,bc,\
65,e0,b1,07,00,e3,cb,05,9e,5e,76,05,03,2f,28,22,a2 ,8c,1d,db,64,65,0f,4c,ae,\
39,71,3a,82,21,c3,b9,36,62,52,4f,91,cb,44,e5,9b,54 ,99,e8,6b,00,42,d4,96,c1,\
dc,54,78,7f,2d,d2,c2,12,ae,72,58,8a,ff,82,1c,f7,7a ,3d,b0,8d,8e,63,3b,84,0f,\
9c,54,9f,5e,01,8a,0a,72,ae,25,ec,d6,75,1c,78,d6,9c ,da,da,fc,f8,33,d7,de,21,\
42,23,c4,1f,b4,05,38,01,67,5a,34,82,b5,37,c0,b6,2c ,74,da,91,9c,a1,1a,48,e5,\
e3,f5,f5,85,30,b3,59,07,50,f1,6f,bf,d6,cb,21,02,da ,be,6e,f5,3a,d8,51,f9,75,\
17,47,ba,17,be,df,e0,a8,72,61,1a,15,b8,b7,a0,a5,60 ,13,50,9f,25,c3,ad,5b,02,\
4e,55,9b,c0,76,db,52,08,6a,4d,cc,00,89,5e,15,bf,ea ,b5,22,44,29,da,ec,a6,6f,\
99,99,a3,5c,f4,c7,b7,1c,b7,f8,9f,9f,98,63,e4,78,ec ,de,bc,0d,eb,e9,6f,97,4f,\
52,30,ca,d7,b3,e1,d0,ec,3b,f0,d8,ec,71,dc,81,04,ba ,f3,cc,80,28,78,b5,63,92,\
83,31,c5,26,96,f1,95,94,42,1c,e7,e0,d1,53,32,85,76 ,b0,6b,be,34,35,62,5e,65,\
b4,4b,88,ea,9e,8c,c8,3d,e0,da,18,cc,07,0e,6e,9b,66 ,5e,cf,b9,95,e2,31,bb,cc,\
13,5e,17,dc,61,d1,cb,03,50,bd,03,9d,6c,c3,e3,30,db ,59,d6,a2,de,91,ca,90,4e,\
88,d7,2a,37,4b,29,09,5a,1c,9a,3e,6e,20,88,6d,5c,e4 ,a2,93,79,de,3e,a4,2f,6c,\
f1,c2,56,97,ce,4d,ce,24,a5,e0,30,c8,83,67,ae,60,f7 ,ed,f3,71,ff,a5,2b,c2,60,\
3f,0f,c9,18,bc,76,f7,d3,e8,18,21,07,0e,66,1b,38,b2 ,16,a8,f4,51,22,89,1e,6a,\
4a,14,00,00,00,5b,d5,0d,24,46,ef,94,39,24,cd,4f,6d ,e5,80,f1,2d,c3,0b,6f,ea

backup-20070523-175310-922
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20070523-175310-781
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
backup-20070523-175310-253
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20070523-175310-360
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20070523-175309-218
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

backup-20070523-175309-808
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20070523-175309-447
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
backup-20070523-175309-949
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20070523-175309-868
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
???????????????????????????????????????????4?????? ?????????????????=???????????????????????????????? ????????????????????????????????????????
backup-20070523-175309-474
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
???????????????????????????????????????????4?????? ?????????????????????????????????????????????????? ????????????????4???=????????????????????????????? ?????????????????????????????????????????????????? ???????????????????????????????????????
backup-20070523-175309-703
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
???????????????????????????????????????????4?????? ?????????????????????????????????????????????????? ????????????????4???=????????????????????????????? ?????????????????????????????????????????????????? ???????????????????????????????????????
backup-20070523-175309-462
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
backup-20070523-175309-771
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
backup-20070523-175309-751
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
backup-20070523-175309-889
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20070523-175309-355
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20070523-175309-156
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
backup-20070523-175309-508
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
backup-20070523-175308-471
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
backup-20070523-175308-691
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
backup-20070523-175308-774
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
backup-20070522-221354-839
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Contents of the 'Scheduled Tasks' folder
2007-05-25 19:26:26 C:\WINDOWS\tasks\MP Scheduled Scan.job
************************************************** ******************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 08:54:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0

************************************************** ******************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

Completion time: 2007-05-27 8:54:49
--- E O F ---
DJ Inpossible
28 May 2007, 21:38
Hoi Patrick,

Heb zelf regels gefixed met Hijackthis?

Pim