:p ja dr zitte weer een aantal trojans in :')

krijg veel auto popups en volges mij heb ik ook een trojan downloader want mijnen telemeter schiet zomaar in de hoogte

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:32:24, on 3/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\System32\WinSys.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nafsuopv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\michael-\Bureaublad\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\rqrqomm.dll
O2 - BHO: (no name) - {966E26D2-4C86-4BFC-AE6F-93FFC0742DDA} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\rvkswrhv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\System32\WinSys.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hbdwpmav.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179950500249
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
O20 - Winlogon Notify: rqrqomm - C:\WINDOWS\SYSTEM32\rqrqomm.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hakijspy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7830 bytes

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Hijack:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:26, on 2007-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\michael-\Bureaublad\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179950500249
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7108 bytes


Combofix:


2001-09-07 14:00 34304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.t mp.dll.vir
2004-08-04 00:56 1836032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000012_.t mp.dll.vir
2004-08-04 01:03 1024512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000005_.t mp.dll.vir
2004-08-04 01:03 111104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.t mp.dll.vir
2004-08-04 01:03 132096 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.t mp.dll.vir
2004-08-04 01:03 611328 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.t mp.dll.vir
2004-08-04 01:03 727040 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.t mp.dll.vir
2004-08-04 01:03 96768 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000003_.t mp.dll.vir
2004-10-04 09:59 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WinSys.exe .vir
2005-08-02 23:08 24064 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket. dll.vir
2005-08-02 23:08 29696 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll .vir
2005-08-02 23:10 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\np f.sys.vir
2005-08-02 23:18 93696 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll. vir
2005-08-02 23:24 14336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC. dll.vir
2007-06-04 21:16 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\michael-\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www .broadcaster.com\settings.sol.vir
2007-07-03 11:14 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqomm.dl l.vir
2007-07-03 18:19 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkhi.dll. vir
2007-07-03 18:20 6369 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihkmp.bak1 .vir
2007-07-04 11:38 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uphjpukn.d ll.vir
2007-07-05 11:45 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ediyksom.d ll.vir
2007-07-05 12:38 1053927 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\moskyide.i ni.vir
2007-07-06 12:48 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fxkayiyj.d ll.vir
2007-07-06 12:49 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nfabrasx.e xe.vir
2007-07-06 23:07 1054209 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jyiyakxf.i ni.vir
2007-07-07 12:49 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eodefikc.e xe.vir
2007-07-08 14:41 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\akhqnyds.e xe.vir
2007-07-08 15:43 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pxvkxwam.e xe.vir
2007-07-09 15:39 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gksfikye.e xe.vir
2007-07-10 17:17 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\laxcgnss.e xe.vir
2007-07-11 19:03 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aoldlrmd.e xe.vir
2007-07-11 19:05 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lrdowwts.e xe.vir
2007-07-11 19:08 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pisofsom.d ll.vir
2007-07-13 00:14 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wwivthvc.e xe.vir
2007-07-13 00:14 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dkvtfeur.d ll.vir
2007-07-13 00:18 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yqupghmo.e xe.vir
2007-07-13 01:15 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pdtkacbw.e xe.vir
2007-07-13 01:15 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihtrvcyw.d ll.vir
2007-07-13 01:18 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dbxfegac.e xe.vir
2007-07-14 01:16 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lcswxgge.e xe.vir
2007-07-14 01:16 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xmslqlau.e xe.vir
2007-07-14 01:22 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ohyumeuc.d ll.vir
2007-07-15 01:21 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mxrbrcow.e xe.vir
2007-07-15 01:25 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fqenimei.e xe.vir
2007-07-15 01:28 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fmslojid.e xe.vir
2007-07-15 01:31 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ojqmukcd.d ll.vir
2007-07-16 01:24 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ulygvrmc.e xe.vir
2007-07-16 01:27 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jliyxgie.d ll.vir
2007-07-16 01:30 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mudljtfw.e xe.vir
2007-07-17 12:39 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ehoufuyu.e xe.vir
2007-07-17 12:41 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atxkugdd.e xe.vir
2007-07-17 12:47 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qarnmxqn.d ll.vir
2007-07-17 13:41 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ydfruqup.e xe.vir
2007-07-17 13:41 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\okbkpotb.e xe.vir
2007-07-17 13:44 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xjajbrug.d ll.vir
2007-07-18 13:40 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hkgfoofk.e xe.vir
2007-07-18 13:40 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\teufaxll.e xe.vir
2007-07-18 13:43 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\orkgxkbw.d ll.vir
2007-07-19 17:32 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ogjjbrqp.e xe.vir
2007-07-19 17:33 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kvsoqctk.e xe.vir
2007-07-19 17:37 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aiyoqler.d ll.vir
2007-07-19 17:40 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyumcwpm.e xe.vir
2007-07-26 15:56 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mwkfgkyb.e xe.vir
2007-07-26 16:01 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fffnmile.e xe.vir
2007-07-26 16:03 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rsbailol.d ll.vir
2007-07-29 14:37 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ecydgbbo.e xe.vir
2007-07-29 14:41 69184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rvkswrhv.d ll.vir
2007-07-29 14:44 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wyfkwqyl.e xe.vir
2007-08-01 23:18 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvdxcxpn.e xe.vir
2007-08-01 23:19 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\najcijrv.e xe.vir
2007-08-03 00:21 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihxxylvc.e xe.vir
2007-08-03 00:21 716986 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihkmp.bak2 .vir
2007-08-03 00:22 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\waeapnnd.e xe.vir
2007-08-03 00:25 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nafsuopv.e xe.vir
2007-08-03 21:14 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ewnsqybw.e xe.vir
2007-08-03 21:17 1198 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.r eg.cf
2007-08-03 21:17 2404 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF .reg.cf
2007-08-03 21:17 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Dom ainService.reg.cf
2007-08-03 21:17 718403 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihkmp.ini. vir
2007-08-03 21:17 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAI NSERVICE.reg.cf
2007-08-03 21:19 294057 --a------ C:\Qoobox\Quarantine\catchme2007-08-03_212211.21.zip
2007-08-03 21:19 456 --a------ C:\Qoobox\Quarantine\catchme.log


Map PATH-lijst
Het volumenummer is A401-2865
C:\QOOBOX
\---Quarantine
| catchme.log
| catchme2007-08-03_212211.21.zip
|
+---C
| +---DOCUME~1
| | \---michael-
| | \---APPLIC~1
| | \---Macromedia
| | \---Flash Player
| | \---macromedia.com
| | \---support
| | \---flashplayer
| | \---sys
| | \---#www.broadcaster.com
| | settings.sol.vir
| |
| \---WINDOWS
| \---system32
| | aiyoqler.dll.vir
| | akhqnyds.exe.vir
| | aoldlrmd.exe.vir
| | atxkugdd.exe.vir
| | dbxfegac.exe.vir
| | dkvtfeur.dll.vir
| | dyumcwpm.exe.vir
| | ecydgbbo.exe.vir
| | ediyksom.dll.vir
| | ehoufuyu.exe.vir
| | eodefikc.exe.vir
| | ewnsqybw.exe.vir
| | fffnmile.exe.vir
| | fmslojid.exe.vir
| | fqenimei.exe.vir
| | fxkayiyj.dll.vir
| | gksfikye.exe.vir
| | hkgfoofk.exe.vir
| | ihkmp.bak1.vir
| | ihkmp.bak2.vir
| | ihkmp.ini.vir
| | ihtrvcyw.dll.vir
| | ihxxylvc.exe.vir
| | jliyxgie.dll.vir
| | jyiyakxf.ini.vir
| | kvsoqctk.exe.vir
| | laxcgnss.exe.vir
| | lcswxgge.exe.vir
| | lrdowwts.exe.vir
| | moskyide.ini.vir
| | mudljtfw.exe.vir
| | mwkfgkyb.exe.vir
| | mxrbrcow.exe.vir
| | nafsuopv.exe.vir
| | najcijrv.exe.vir
| | nfabrasx.exe.vir
| | ogjjbrqp.exe.vir
| | ohyumeuc.dll.vir
| | ojqmukcd.dll.vir
| | okbkpotb.exe.vir
| | orkgxkbw.dll.vir
| | Packet.dll.vir
| | pdtkacbw.exe.vir
| | pisofsom.dll.vir
| | pmkhi.dll.vir
| | pthreadVC.dll.vir
| | pxvkxwam.exe.vir
| | qarnmxqn.dll.vir
| | rqrqomm.dll.vir
| | rsbailol.dll.vir
| | rvkswrhv.dll.vir
| | teufaxll.exe.vir
| | ulygvrmc.exe.vir
| | uphjpukn.dll.vir
| | vvdxcxpn.exe.vir
| | waeapnnd.exe.vir
| | WanPacket.dll.vir
| | WinSys.exe.vir
| | wpcap.dll.vir
| | wwivthvc.exe.vir
| | wyfkwqyl.exe.vir
| | xjajbrug.dll.vir
| | xmslqlau.exe.vir
| | ydfruqup.exe.vir
| | yqupghmo.exe.vir
| | _000003_.tmp.dll.vir
| | _000005_.tmp.dll.vir
| | _000006_.tmp.dll.vir
| | _000007_.tmp.dll.vir
| | _000008_.tmp.dll.vir
| | _000009_.tmp.dll.vir
| | _000010_.tmp.dll.vir
| | _000012_.tmp.dll.vir
| |
| \---drivers
| npf.sys.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
LEGACY_NPF.reg.cf
services_DomainService.reg.cf
services_NPF.reg.cf

Kan je dat logje nog eens opnieuw posten? want er klopt iets niet aan het logje. :)

combofix: (ik had net de code tags er uit gehaald :))



2001-09-07 14:00 34304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.t mp.dll.vir
2004-08-04 00:56 1836032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000012_.t mp.dll.vir
2004-08-04 01:03 1024512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000005_.t mp.dll.vir
2004-08-04 01:03 111104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.t mp.dll.vir
2004-08-04 01:03 132096 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.t mp.dll.vir
2004-08-04 01:03 611328 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.t mp.dll.vir
2004-08-04 01:03 727040 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.t mp.dll.vir
2004-08-04 01:03 96768 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000003_.t mp.dll.vir
2004-10-04 09:59 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WinSys.exe .vir
2005-08-02 23:08 24064 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket. dll.vir
2005-08-02 23:08 29696 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll .vir
2005-08-02 23:10 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\np f.sys.vir
2005-08-02 23:18 93696 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll. vir
2005-08-02 23:24 14336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC. dll.vir
2007-06-04 21:16 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\michael-\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www .broadcaster.com\settings.sol.vir
2007-07-03 11:14 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqomm.dl l.vir
2007-07-03 18:19 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkhi.dll. vir
2007-07-03 18:20 6369 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihkmp.bak1 .vir
2007-07-04 11:38 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uphjpukn.d ll.vir
2007-07-05 11:45 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ediyksom.d ll.vir
2007-07-05 12:38 1053927 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\moskyide.i ni.vir
2007-07-06 12:48 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fxkayiyj.d ll.vir
2007-07-06 12:49 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nfabrasx.e xe.vir
2007-07-06 23:07 1054209 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jyiyakxf.i ni.vir
2007-07-07 12:49 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eodefikc.e xe.vir
2007-07-08 14:41 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\akhqnyds.e xe.vir
2007-07-08 15:43 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pxvkxwam.e xe.vir
2007-07-09 15:39 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gksfikye.e xe.vir
2007-07-10 17:17 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\laxcgnss.e xe.vir
2007-07-11 19:03 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aoldlrmd.e xe.vir
2007-07-11 19:05 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lrdowwts.e xe.vir
2007-07-11 19:08 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pisofsom.d ll.vir
2007-07-13 00:14 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wwivthvc.e xe.vir
2007-07-13 00:14 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dkvtfeur.d ll.vir
2007-07-13 00:18 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yqupghmo.e xe.vir
2007-07-13 01:15 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pdtkacbw.e xe.vir
2007-07-13 01:15 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihtrvcyw.d ll.vir
2007-07-13 01:18 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dbxfegac.e xe.vir
2007-07-14 01:16 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lcswxgge.e xe.vir
2007-07-14 01:16 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xmslqlau.e xe.vir
2007-07-14 01:22 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ohyumeuc.d ll.vir
2007-07-15 01:21 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mxrbrcow.e xe.vir
2007-07-15 01:25 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fqenimei.e xe.vir
2007-07-15 01:28 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fmslojid.e xe.vir
2007-07-15 01:31 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ojqmukcd.d ll.vir
2007-07-16 01:24 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ulygvrmc.e xe.vir
2007-07-16 01:27 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jliyxgie.d ll.vir
2007-07-16 01:30 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mudljtfw.e xe.vir
2007-07-17 12:39 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ehoufuyu.e xe.vir
2007-07-17 12:41 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atxkugdd.e xe.vir
2007-07-17 12:47 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qarnmxqn.d ll.vir
2007-07-17 13:41 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ydfruqup.e xe.vir
2007-07-17 13:41 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\okbkpotb.e xe.vir
2007-07-17 13:44 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xjajbrug.d ll.vir
2007-07-18 13:40 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hkgfoofk.e xe.vir
2007-07-18 13:40 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\teufaxll.e xe.vir
2007-07-18 13:43 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\orkgxkbw.d ll.vir
2007-07-19 17:32 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ogjjbrqp.e xe.vir
2007-07-19 17:33 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kvsoqctk.e xe.vir
2007-07-19 17:37 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aiyoqler.d ll.vir
2007-07-19 17:40 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyumcwpm.e xe.vir
2007-07-26 15:56 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mwkfgkyb.e xe.vir
2007-07-26 16:01 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fffnmile.e xe.vir
2007-07-26 16:03 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rsbailol.d ll.vir
2007-07-29 14:37 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ecydgbbo.e xe.vir
2007-07-29 14:41 69184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rvkswrhv.d ll.vir
2007-07-29 14:44 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wyfkwqyl.e xe.vir
2007-08-01 23:18 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvdxcxpn.e xe.vir
2007-08-01 23:19 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\najcijrv.e xe.vir
2007-08-03 00:21 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihxxylvc.e xe.vir
2007-08-03 00:21 716986 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihkmp.bak2 .vir
2007-08-03 00:22 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\waeapnnd.e xe.vir
2007-08-03 00:25 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nafsuopv.e xe.vir
2007-08-03 21:14 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ewnsqybw.e xe.vir
2007-08-03 21:17 1198 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.r eg.cf
2007-08-03 21:17 2404 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF .reg.cf
2007-08-03 21:17 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Dom ainService.reg.cf
2007-08-03 21:17 718403 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ihkmp.ini. vir
2007-08-03 21:17 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAI NSERVICE.reg.cf
2007-08-03 21:19 294057 --a------ C:\Qoobox\Quarantine\catchme2007-08-03_212211.21.zip
2007-08-03 21:19 456 --a------ C:\Qoobox\Quarantine\catchme.log


Map PATH-lijst
Het volumenummer is A401-2865
C:\QOOBOX
\---Quarantine
| catchme.log
| catchme2007-08-03_212211.21.zip
|
+---C
| +---DOCUME~1
| | \---michael-
| | \---APPLIC~1
| | \---Macromedia
| | \---Flash Player
| | \---macromedia.com
| | \---support
| | \---flashplayer
| | \---sys
| | \---#www.broadcaster.com
| | settings.sol.vir
| |
| \---WINDOWS
| \---system32
| | aiyoqler.dll.vir
| | akhqnyds.exe.vir
| | aoldlrmd.exe.vir
| | atxkugdd.exe.vir
| | dbxfegac.exe.vir
| | dkvtfeur.dll.vir
| | dyumcwpm.exe.vir
| | ecydgbbo.exe.vir
| | ediyksom.dll.vir
| | ehoufuyu.exe.vir
| | eodefikc.exe.vir
| | ewnsqybw.exe.vir
| | fffnmile.exe.vir
| | fmslojid.exe.vir
| | fqenimei.exe.vir
| | fxkayiyj.dll.vir
| | gksfikye.exe.vir
| | hkgfoofk.exe.vir
| | ihkmp.bak1.vir
| | ihkmp.bak2.vir
| | ihkmp.ini.vir
| | ihtrvcyw.dll.vir
| | ihxxylvc.exe.vir
| | jliyxgie.dll.vir
| | jyiyakxf.ini.vir
| | kvsoqctk.exe.vir
| | laxcgnss.exe.vir
| | lcswxgge.exe.vir
| | lrdowwts.exe.vir
| | moskyide.ini.vir
| | mudljtfw.exe.vir
| | mwkfgkyb.exe.vir
| | mxrbrcow.exe.vir
| | nafsuopv.exe.vir
| | najcijrv.exe.vir
| | nfabrasx.exe.vir
| | ogjjbrqp.exe.vir
| | ohyumeuc.dll.vir
| | ojqmukcd.dll.vir
| | okbkpotb.exe.vir
| | orkgxkbw.dll.vir
| | Packet.dll.vir
| | pdtkacbw.exe.vir
| | pisofsom.dll.vir
| | pmkhi.dll.vir
| | pthreadVC.dll.vir
| | pxvkxwam.exe.vir
| | qarnmxqn.dll.vir
| | rqrqomm.dll.vir
| | rsbailol.dll.vir
| | rvkswrhv.dll.vir
| | teufaxll.exe.vir
| | ulygvrmc.exe.vir
| | uphjpukn.dll.vir
| | vvdxcxpn.exe.vir
| | waeapnnd.exe.vir
| | WanPacket.dll.vir
| | WinSys.exe.vir
| | wpcap.dll.vir
| | wwivthvc.exe.vir
| | wyfkwqyl.exe.vir
| | xjajbrug.dll.vir
| | xmslqlau.exe.vir
| | ydfruqup.exe.vir
| | yqupghmo.exe.vir
| | _000003_.tmp.dll.vir
| | _000005_.tmp.dll.vir
| | _000006_.tmp.dll.vir
| | _000007_.tmp.dll.vir
| | _000008_.tmp.dll.vir
| | _000009_.tmp.dll.vir
| | _000010_.tmp.dll.vir
| | _000012_.tmp.dll.vir
| |
| \---drivers
| npf.sys.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
LEGACY_NPF.reg.cf
services_DomainService.reg.cf
services_NPF.reg.cf




Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:26, on 2007-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\michael-\Bureaublad\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179950500249
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7108 bytes

Dat is geen combofix logje...kijk nog even goed. Probeer geen nieuwe te maken want dat heeft geen zin.

excuses =)


ComboFix 07-08-03.4 - "michael-" 2007-08-03 21:12:41.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.Waar
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\michael-\APPLIC~1.\macromedia\Flash Player\#SharedObjects\ZYDRLPFT\www.broadcaster.com
C:\DOCUME~1\michael-\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www .broadcaster.com
C:\DOCUME~1\michael-\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www .broadcaster.com\settings.sol
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\aiyoqler.dll
C:\WINDOWS\system32\akhqnyds.exe
C:\WINDOWS\system32\aoldlrmd.exe
C:\WINDOWS\system32\atxkugdd.exe
C:\WINDOWS\system32\dbxfegac.exe
C:\WINDOWS\system32\dkvtfeur.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dyumcwpm.exe
C:\WINDOWS\system32\ecydgbbo.exe
C:\WINDOWS\system32\ediyksom.dll
C:\WINDOWS\system32\ehoufuyu.exe
C:\WINDOWS\system32\eodefikc.exe
C:\WINDOWS\system32\ewnsqybw.exe
C:\WINDOWS\system32\fffnmile.exe
C:\WINDOWS\system32\fmslojid.exe
C:\WINDOWS\system32\fqenimei.exe
C:\WINDOWS\system32\fxkayiyj.dll
C:\WINDOWS\system32\gksfikye.exe
C:\WINDOWS\system32\hkgfoofk.exe
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihtrvcyw.dll
C:\WINDOWS\system32\ihxxylvc.exe
C:\WINDOWS\system32\jliyxgie.dll
C:\WINDOWS\system32\jyiyakxf.ini
C:\WINDOWS\system32\kvsoqctk.exe
C:\WINDOWS\system32\laxcgnss.exe
C:\WINDOWS\system32\lcswxgge.exe
C:\WINDOWS\system32\lrdowwts.exe
C:\WINDOWS\system32\moskyide.ini
C:\WINDOWS\system32\mudljtfw.exe
C:\WINDOWS\system32\mwkfgkyb.exe
C:\WINDOWS\system32\mxrbrcow.exe
C:\WINDOWS\system32\nafsuopv.exe
C:\WINDOWS\system32\najcijrv.exe
C:\WINDOWS\system32\nfabrasx.exe
C:\WINDOWS\system32\ogjjbrqp.exe
C:\WINDOWS\system32\ohyumeuc.dll
C:\WINDOWS\system32\ojqmukcd.dll
C:\WINDOWS\system32\okbkpotb.exe
C:\WINDOWS\system32\orkgxkbw.dll
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pdtkacbw.exe
C:\WINDOWS\system32\pisofsom.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pxvkxwam.exe
C:\WINDOWS\system32\qarnmxqn.dll
C:\WINDOWS\system32\rqrqomm.dll
C:\WINDOWS\system32\rsbailol.dll
C:\WINDOWS\system32\rvkswrhv.dll
C:\WINDOWS\system32\teufaxll.exe
C:\WINDOWS\system32\ulygvrmc.exe
C:\WINDOWS\system32\uphjpukn.dll
C:\WINDOWS\system32\vvdxcxpn.exe
C:\WINDOWS\system32\waeapnnd.exe
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wwivthvc.exe
C:\WINDOWS\system32\wyfkwqyl.exe
C:\WINDOWS\system32\xjajbrug.dll
C:\WINDOWS\system32\xmslqlau.exe
C:\WINDOWS\system32\ydfruqup.exe
C:\WINDOWS\system32\yqupghmo.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\DomainService
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-03 21:17 69,184 --a------ C:\WINDOWS\system32\hwuuqfjj.dll
2007-08-03 21:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 00:22 125,504 --a------ C:\WINDOWS\system32\hbdwpmav.dll
2007-07-29 15:17 <DIR> d-------- C:\WINDOWS\pss
2007-07-29 15:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-07-29 15:06 <DIR> d-------- C:\Program Files\Windows Live
2007-07-29 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-07-29 14:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-26 15:58 126,016 --a------ C:\WINDOWS\system32\noflovor.dll
2007-07-18 21:31 <DIR> d-------- C:\Program Files\Guitar Pro 5
2007-07-09 22:58 <DIR> d-------- C:\Program Files\Sytexis Software
2007-07-07 01:19 <DIR> d-------- C:\temp
2007-07-06 00:38 36 --a------ C:\WINDOWS\system32\m4p.dat
2007-07-05 16:31 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-07-05 15:57 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-07-05 15:57 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-07-05 15:49 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-07-05 15:49 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-07-05 15:49 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-07-05 15:49 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-07-05 15:49 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-07-05 15:49 <DIR> d-------- C:\Program Files\Cucusoft
2007-07-05 15:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-07-05 14:21 <DIR> d-------- C:\Program Files\Gabest
2007-07-05 13:19 <DIR> d-------- C:\DOCUME~1\michael-\APPLIC~1\DivX
2007-07-05 12:07 <DIR> d-------- C:\Program Files\DivX
2007-07-04 13:37 <DIR> d-------- C:\Program Files\VUGames
2007-07-04 12:12 <DIR> d-------- C:\Program Files\WiFiConnector
2007-07-04 01:13 <DIR> d-------- C:\Program Files\PQDVD
2007-07-03 17:44 <DIR> d-------- C:\Program Files\Red Kawa
2007-07-03 17:27 <DIR> d-------- C:\Program Files\Easy Video to PSP Converter
2007-07-03 10:58 <DIR> d-------- C:\Program Files\Smart Projects


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-03 21:23 --------- d-------- C:\DOCUME~1\michael-\APPLIC~1\Xfire
2007-07-29 15:12 --------- d-------- C:\Program Files\MSN Messenger
2007-07-29 14:41 --------- d---s---- C:\Program Files\Xfire
2007-07-16 16:25 --------- d-------- C:\Program Files\SPAMfighter
2007-07-12 02:09 77628 --a------ C:\WINDOWS\system32\perfc013.dat
2007-07-12 02:09 458570 --a------ C:\WINDOWS\system32\perfh013.dat
2007-07-04 13:52 --------- d-------- C:\DOCUME~1\michael-\APPLIC~1\teamspeak2
2007-07-03 23:36 --------- d-------- C:\Program Files\Google
2007-07-03 23:29 --------- d-------- C:\DOCUME~1\michael-\APPLIC~1\Google
2007-07-03 19:13 --------- d-------- C:\Program Files\Steam
2007-07-02 21:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 21:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 21:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 21:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 21:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 21:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 21:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 21:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 21:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 21:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 21:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 21:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 21:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 21:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 21:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 21:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 21:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 21:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-02 17:23 --------- d-------- C:\Program Files\BitLord
2007-07-01 12:43 --------- d-------- C:\Program Files\BearShare Applications
2007-06-30 15:15 --------- d-------- C:\Program Files\Common Files\Application
2007-06-30 15:15 --------- d-------- C:\Program Files\Common Files\Ankiro
2007-06-16 22:09 --------- d-------- C:\Program Files\Tasker
2007-06-13 23:34 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-12 22:18 --------- d-------- C:\Program Files\CADdy++ - SEE
2007-06-12 22:08 --------- d-------- C:\Program Files\Common Files\Bcgsoft
2007-06-12 22:04 6656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-06-12 22:04 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-06-12 22:04 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-06-12 22:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-12 22:03 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-12 18:21 --------- d-------- C:\Program Files\MSBuild
2007-06-12 18:21 --------- d-------- C:\Program Files\Microsoft Works
2007-06-08 21:05 --------- d-------- C:\Program Files\Symantec
2007-06-05 10:34 1184664 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-06-04 22:12 --------- d-------- C:\Program Files\Xplosiv
2007-06-01 08:20 51568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-22 12:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-18 18:34 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-05-18 17:18 8 --a------ C:\DFIMB.DAT
2007-05-18 17:03 0 -rahs---- C:\MSDOS.SYS
2007-05-18 17:03 0 -rahs---- C:\IO.SYS
2007-05-18 17:03 0 --a------ C:\CONFIG.SYS
2007-05-18 17:03 0 --a------ C:\AUTOEXEC.BAT
2007-05-18 17:00 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 17:19 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:19 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:19 683520 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:19 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-04 14:54 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-18 18:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-12-09 15:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
"LogitechCameraService(E)"="C:\WINDOWS\System32\ElkCtrl.exe" [2004-11-01 17:22]
"NVCLOCK"="nvclock.dll" [2003-04-14 03:59 C:\WINDOWS\system32\nvclock.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-18 17:15]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21]
"Steam"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" []

C:\Documents and Settings\michael-\Menu Start\Programma's\Opstarten\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-11 03:07:46]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe [2003-01-16 07:12:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzwr32]
winzwr32.dll

R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDr v.sys
R2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sy s
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\ hardlock.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sy s
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 VGAUTI;VGAUTI;\??\C:\WINDOWS\System32\DRIVERS\VGAU TI.sys
S3 cel90xbe;cel90xbe;\??\C:\DOCUME~1\michael-\LOCALS~1\Temp\cel90xbe.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5. sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys


************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 21:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:

Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

C:\WINDOWS\system32\hwuuqfjj.dll
C:\WINDOWS\system32\noflovor.dll
C:\WINDOWS\system32\hbdwpmav.dll

Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.

OTmoveIt:


DllUnregisterServer procedure not found in C:\WINDOWS\system32\hwuuqfjj.dll
C:\WINDOWS\system32\hwuuqfjj.dll NOT unregistered.
C:\WINDOWS\system32\hwuuqfjj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\noflovor.dll
C:\WINDOWS\system32\noflovor.dll NOT unregistered.
C:\WINDOWS\system32\noflovor.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hbdwpmav.dll
C:\WINDOWS\system32\hbdwpmav.dll NOT unregistered.
C:\WINDOWS\system32\hbdwpmav.dll moved successfully.

Created on 08-03-2007 23:20:19


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:22, on 2007-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\michael-\Bureaublad\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179950500249
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7140 bytes

Fix de volgende regels in hijackthis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)

Herstart dan je pc en vertel hoe alles verder werkt.

thx ik ben van die irritante popups verlost ook!!!! =)
& alles draait sneller

Graag gedaan.