Hallo,

IK heb een beetje last van spyware, in de vorm van popup`s
Zou iemand mijn logje eens willen gekijken alvast bedankt! ;)

Logfile of HijackThis v1.99.1
Scan saved at 12:38:45, on 13-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\VMware\VMware Server\vmware.exe
C:\Program Files\VMware\VMware Server\bin\vmware-vmx.exe
C:\Program Files\VMware\VMware Server\bin\vmware-remotemks.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gebruiker\Bureaublad\hijackthis\HijackThi s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {9b74ea64-64a0-4ded-8fe3-5fe43f20c58f} - C:\WINDOWS\system32\ir3nth.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp5.tmp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\wvwtrq.dll",forkonce
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [VD] C:\Program Files\VitalDesktopVideo\vd.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: c:\windows\system32\jkhhghe.dll
O20 - Winlogon Notify: ir3nth - C:\WINDOWS\SYSTEM32\ir3nth.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

ComboFix 07-08-09.3 - "Gebruiker" 2007-08-13 21:50:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1546 [GMT 2:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmp1C.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmp3.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmp4.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmp5.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmpA.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmpC7.tmp.exe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\tmpC9.tmp.exe
C:\WINDOWS\qrtwvw.ini
C:\WINDOWS\rqrron.dll
C:\WINDOWS\system32\ir3nth.dll
C:\WINDOWS\system32\jkhhghe.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmpC9.tmp.dll
C:\WINDOWS\wvwtrq.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-13 21:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 12:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-08 23:13 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-08 22:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-08 14:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-08 14:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-08 14:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-06 06:42 4 --a------ C:\WINDOWS\IIEsv44JBS5X.dll
2007-08-06 06:42 37 --a------ C:\WINDOWS\IIEsv44JBS5X2.dll
2007-08-06 06:42 18 --a------ C:\WINDOWS\XMMR810eno.dll
2007-08-05 11:22 <DIR> d-------- C:\Program Files\Xeno Assault II
2007-08-05 11:22 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-08-05 05:43 <DIR> d-------- C:\QUARANTINE
2007-08-05 05:27 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-08-05 05:27 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-08-05 05:27 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-08-05 05:27 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-08-05 05:27 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-08-05 05:27 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-08-05 05:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-05 05:25 <DIR> d-------- C:\Program Files\McAfee
2007-08-05 05:25 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-08-05 05:15 18 --a------ C:\WINDOWS\system32\dnfc45f8a3.dat
2007-08-05 04:49 25,664 --a------ C:\WINDOWS\system32\a7W5F84v.exe
2007-08-01 12:52 <DIR> d---s---- C:\DOCUME~1\GEBRUI~1\UserData
2007-07-29 08:59 <DIR> d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\Google
2007-07-29 08:58 <DIR> d-------- C:\Program Files\Google
2007-07-25 09:39 <DIR> d-------- C:\Program Files\MTA San Andreas
2007-07-25 03:10 <DIR> d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\dvdcss
2007-07-24 02:37 <DIR> d-------- C:\Program Files\uTorrent
2007-07-24 02:37 <DIR> d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\uTorrent
2007-07-19 21:23 <DIR> d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\vlc
2007-07-19 21:19 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-18 11:10 <DIR> d--hs---- C:\$RECYCLE.BIN
2007-07-17 12:46 <DIR> d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\VMware
2007-07-17 12:44 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2007-07-17 12:44 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2007-07-17 12:44 15,616 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2007-07-17 12:44 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2007-07-17 12:44 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2007-07-17 12:44 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-07-17 12:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-07-17 12:43 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2007-07-17 12:43 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2007-07-17 12:36 <DIR> d-------- C:\Virtual Machines
2007-07-17 12:36 <DIR> d-------- C:\Program Files\Common Files\VMware
2007-07-17 12:35 <DIR> d-------- C:\Program Files\VMware
2007-07-16 23:13 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-07-16 23:10 <DIR> d-------- C:\Program Files\Foxit Software
2007-07-16 12:12 <DIR> dr-h----- C:\DOCUME~1\GEBRUI~1\APPLIC~1\SecuROM
2007-07-13 21:00 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-13 21:00 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-13 21:00 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-13 21:00 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-13 21:00 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-13 21:00 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-13 21:00 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-13 21:00 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-13 20:51 <DIR> d-------- C:\Program Files\Ubisoft
2007-07-13 20:51 <DIR> d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\InstallShield


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-13 21:54 --------- d-------- C:\Program Files\Steam
2007-08-13 09:19 --------- d-------- C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabIt
2007-08-06 04:11 --------- d-------- C:\Program Files\DAEMON Tools
2007-08-05 05:27 --------- d-------- C:\Program Files\Common Files\Network Associates
2007-08-01 15:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 12:44 55674 --a------ C:\WINDOWS\system32\perfc013.dat
2007-07-17 12:44 369970 --a------ C:\WINDOWS\system32\perfh013.dat
2007-07-16 12:12 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-09 14:33 --------- d-------- C:\Program Files\MSN Messenger
2007-07-08 00:10 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-07 23:07 --------- d-------- C:\Program Files\Rockstar Games
2007-07-02 15:57 --------- d-------- C:\Program Files\Peretek
2007-07-02 15:56 --------- d-------- C:\Program Files\7-Zip
2007-06-23 20:44 --------- d-------- C:\Program Files\Trickshot
2007-06-22 14:15 --------- d-------- C:\Program Files\MSBuild
2007-06-22 14:15 --------- d-------- C:\Program Files\Microsoft Works
2007-06-20 20:24 --------- d-------- C:\Program Files\Infogrames
2007-06-19 19:51 --------- d-------- C:\Program Files\Destineer
2007-06-19 19:06 --------- d-------- C:\Program Files\QuickPar
2007-06-18 22:06 --------- d-------- C:\Program Files\WhatPulse
2007-06-17 16:25 --------- d-------- C:\Program Files\FTDv3.7.3
2007-06-17 16:24 --------- d-------- C:\Program Files\GrabIt
2007-06-17 16:24 --------- d-------- C:\Program Files\FTD Watchdog
2007-06-17 15:02 --------- d-------- C:\Program Files\EA GAMES
2007-06-17 14:52 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 14:27 --------- d-------- C:\Program Files\Common Files\Cisco Systems
2007-06-17 14:17 --------- d-------- C:\Program Files\Marvell
2007-06-17 14:16 --------- d-------- C:\Program Files\Realtek
2007-06-17 14:15 --------- d-------- C:\Program Files\Intel
2007-06-17 14:15 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-17 14:12 --------- d-------- C:\Program Files\ASUSTeK
2007-06-16 22:09 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-16 22:09 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-16 20:34 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-16 20:33 0 -rahs---- C:\MSDOS.SYS
2007-06-16 20:33 0 -rahs---- C:\IO.SYS
2007-06-16 20:33 0 --a------ C:\CONFIG.SYS
2007-06-16 20:33 0 --a------ C:\AUTOEXEC.BAT
2007-06-16 20:32 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-16 20:32 --------- d-------- C:\Program Files\Online Services
2007-06-16 20:31 --------- d-------- C:\Program Files\Movie Maker
2007-06-16 20:31 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-16 20:30 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-16 20:30 --------- d-------- C:\Program Files\Windows NT
2007-06-16 20:30 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-06-16 20:30 --------- d-------- C:\Program Files\Messenger


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05]
"nwiz"="nwiz.exe" [2006-02-13 15:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 05:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 12:05 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-07-02 13:49 C:\WINDOWS\ALCMTR.EXE]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"WhatPulse"="C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE" [2004-12-05 12:20]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"Steam"="c:\program files\steam\steam.exe" [2007-07-11 13:52]
"VD"="C:\Program Files\VitalDesktopVideo\vd.exe" []

R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
S2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe


Contents of the 'Scheduled Tasks' folder
2007-08-12 22:01:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 07:01:00 C:\WINDOWS\Tasks\At10.job
2007-08-13 08:01:00 C:\WINDOWS\Tasks\At11.job
2007-08-13 09:01:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 10:01:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 11:01:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 12:02:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 13:01:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 14:01:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 15:01:00 C:\WINDOWS\Tasks\At18.job
2007-08-13 16:01:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-12 23:01:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 17:01:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 18:01:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 19:01:54 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-12 20:01:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-12 21:01:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 00:01:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 01:01:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 02:01:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 03:01:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 04:01:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 05:01:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-08-13 06:01:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\a7W5F84v.exe
2007-07-29 12:44:00 C:\WINDOWS\Tasks\shutdown.job - C:\Documents and Settings\Gebruiker\Bureaublad\shutdown.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 21:54:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-13 21:55:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 21:55

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 21:56:42, on 13-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gebruiker\Bureaublad\hijackthis\HijackThi s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [VD] C:\Program Files\VitalDesktopVideo\vd.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

* Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:

Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

C:\WINDOWS\system32\a7W5F84v.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.jo
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht.

* Ga naar http://www.virustotal.com/ en upload de volgende bestandjes:

C:\WINDOWS\IIEsv44JBS5X.dll
C:\WINDOWS\IIEsv44JBS5X2.dll
C:\WINDOWS\XMMR810eno.dll

* Post het resultaat hier met een nieuw hijackthis logje en het logje van OTMoveIt.

C:\WINDOWS\system32\a7W5F84v.exe moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
File/Folder C:\WINDOWS\Tasks\At18.jo not found.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.

Created on 08-14-2007 11:27:42

Logfile of HijackThis v1.99.1
Scan saved at 11:40:15, on 14-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gebruiker\Bureaublad\hijackthis\HijackThi s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [VD] C:\Program Files\VitalDesktopVideo\vd.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


En in al die bestandjes zat niks.

Ziet er goed uit, hoe werkt alles verder?

Volgens mij is alles weer zoals het oude, goed dus :D

Bedankt voor de moeite!

/close

Graag gedaan.