Hallo daar beste forum leden,

Ik heb deze vraag al gepost in de windows thread, maar Baloeke raadde mij aan om een log te maken met Hijackthis en om deze hier te posten, dus nogmaals mijn vraag:


Ik weet dat het onbeleefd is om gelijk met de deur in huis te vallen, maar ik ben bezorgd over deze kwestie. Dus vergeef me alstublieft voor mijn onbeleefdheid.....

Ik heb heel wat bestanden staan op mijn externe harde schijf, waarvan er een aantal to mijn verbazing waren verplaatst van de ene folder naar de andere folder.

En sommige waren in de vorm van lege mappen waren gekopieerd?? Dus bijvoorbeeld Bestand-a en Bestand-a(2) maar dan een lege map????

Dus van folder a naar folder b zonder dat ik ze heb verplaatst? Een ander raar feit is dat sommige verwijderde folders ineens weer verschenen, maar dan zonder inhoud?

Ik ging aanvankelijk van een virus uit, maar dat is denk ik niet aan de orde??

Ik maak gebruik van Comodo Firewall, Avast anti virus Pro, Boclean, CCleaner en Spybot, en die vinden niets verdachts...


Ik voer nu een schijf controle uit op de externe harde schijf, en ik hoop dat er niets ernstigs aan de hand is.

Wat zou er aan de hand kunnen zijn beste mensen? Wordt ik gehackt? Sorry dat ik zo paranoia ben.....

Dit is mijn log file:


Logfile of HijackThis v1.99.1
Scan saved at 1:04:21 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\******\My Documents\mozilla downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by chello broadband n.v.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


Ik hoop dat jullie mij uit de brand kunnen helpen, dank u vriendelijk voor de tijd en aandacht.

Groetjes,

David... :bow:

Vreemd zo'n verplaatsing, nog niet eerder gezien.


Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
- Start Spybot
- Ga naar Mode > selecteer Advanced Mode
- Ga naar Tools en klik op het Resident-icoon in de lijst
- Haal het vinkje weg bij Resident TeaTimer en klik OK
- Herstart de computer

Download vervolgens ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je Bureaublad.
Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
Als de computer schoon is, kun je TeaTimer weer aan zetten


Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Klik op 'Fix checked' om de items te verwijderen.
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.

Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Hallo Juisterr,

Bedankt voor je hulp, ik zal alle stappen ondernemen die je mij hebt voorgedragen.

Hier is de log van combotxt:

ComboFix 07-11-05.2 - Salaman Jenkins 2007-11-05 10:49:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.353 [GMT 1:00]
Running from: C:\Documents and Settings\Salaman Jenkins\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-05 10:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-05 02:38 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-11-05 02:31 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\VSRevoGroup
2007-11-05 02:22 <DIR> d-------- C:\Program Files\VS Revo Group
2007-11-04 17:44 <DIR> d-------- C:\Program Files\Zilla Data Nuker
2007-11-04 17:16 <DIR> d-------- C:\WINDOWS\Drivers
2007-11-04 17:16 89,057 --a------ C:\WINDOWS\system32\tppun.exe
2007-11-04 14:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-04 13:49 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-11-04 13:49 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-03 17:13 <DIR> d-------- C:\Program Files\KONAMI
2007-11-02 15:43 <DIR> d-------- C:\Photoshop pojext
2007-11-02 02:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-11-02 02:46 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-02 01:58 <DIR> dr-h----- C:\Documents and Settings\Salaman Jenkins\Application Data\SecuROM
2007-11-02 01:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-02 01:24 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-01 03:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-31 15:11 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-10-31 15:11 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-10-31 15:11 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-10-28 23:45 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-28 18:05 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-28 18:05 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-28 18:05 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-28 18:05 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-28 17:34 <DIR> d-------- C:\Program Files\ShellExView
2007-10-28 17:34 39,424 --a------ C:\WINDOWS\zipinst.exe
2007-10-27 23:43 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Thunderbird
2007-10-25 00:37 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\wsInspector
2007-10-25 00:35 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-10-20 01:02 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Waves Preferences
2007-10-20 01:02 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Waves
2007-10-20 01:01 <DIR> d-------- C:\Program Files\Waves
2007-10-15 13:00 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-15 13:00 <DIR> d-------- C:\Program Files\CCleaner
2007-10-14 14:30 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\mIRC
2007-10-14 01:17 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\REAPER
2007-10-13 17:46 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-13 16:03 <DIR> d-------- C:\Downloads
2007-10-13 16:03 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\GetRightToGo
2007-10-12 17:48 <DIR> d-------- C:\Soundshit
2007-10-11 03:42 <DIR> d-------- C:\Program Files\AusLogics System Information
2007-10-11 03:42 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Auslogics
2007-10-10 21:41 <DIR> d-------- C:\Program Files\12Voip.com
2007-10-10 14:55 <DIR> d-------- C:\Program Files\FlashFXP
2007-10-10 14:15 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\FlashFXP
2007-10-10 01:17 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Subversion
2007-10-10 01:14 <DIR> d-------- C:\Program Files\TortoiseSVN
2007-10-09 18:37 <DIR> d-------- C:\Bdienst
2007-10-08 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-05 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-10-05 22:50 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-10-05 22:50 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-10-05 22:40 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Comodo
2007-10-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-05 22:37 <DIR> d-------- C:\Program Files\Comodo
2007-10-05 22:06 <DIR> d-------- C:\Program Files\WordWeb
2007-10-05 22:06 1,042,304 --a------ C:\WINDOWS\wweb32.dll
2007-10-05 14:36 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-05 14:36 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-05 14:36 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-05 14:36 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-05 14:36 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-05 14:36 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-05 14:36 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-05 14:36 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-05 14:27 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\SiteAdvisor
2007-10-05 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-05 07:11 <DIR> d-------- C:\Documents and Settings\Salaman Jenkins\Application Data\Desktop Mechanic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-05 01:38 --------- d-----w C:\Documents and Settings\Salaman Jenkins\Application Data\Apple Computer
2007-11-05 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-05 01:34 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-05 01:34 --------- d-----w C:\Documents and Settings\Salaman Jenkins\Application Data\uTorrent
2007-11-05 01:09 --------- d-----w C:\Program Files\Apple Software Update
2007-11-02 01:44 --------- d-----w C:\Program Files\ATI Technologies
2007-11-02 00:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 00:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-28 17:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-26 01:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-20 02:24 --------- d-----w C:\Program Files\Google
2007-10-14 00:22 --------- d-----w C:\Program Files\Arturia
2007-10-10 20:49 --------- d-----w C:\Documents and Settings\Salaman Jenkins\Application Data\12Voip
2007-10-10 20:38 --------- d-----w C:\Program Files\Skype
2007-10-10 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-04 15:14 --------- d-----w C:\Program Files\ATITool
2007-10-04 07:52 --------- d-----w C:\Program Files\Bluetack
2007-10-04 07:18 --------- d-----w C:\Program Files\Audacity
2007-10-03 14:16 --------- d-----w C:\Program Files\Common Files\iZotope
2007-10-03 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\iZotope
2007-10-03 14:03 --------- d-----w C:\Program Files\iZotope
2007-10-01 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-30 00:17 --------- d-----w C:\Documents and Settings\Salaman Jenkins\Application Data\FrostWire
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-26 21:29 --------- d-----w C:\Program Files\ccxgui
2007-09-16 11:52 --------- d-----w C:\Program Files\eMedia Piano and Keyboard Method
2007-09-16 11:44 --------- d-----w C:\Program Files\Elaborate Bytes
2007-09-16 10:21 --------- d-----w C:\Program Files\Creative Professional
2007-09-16 09:58 --------- d-----w C:\Program Files\Common Files\Creative Professional
2007-09-16 09:57 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-09-16 09:57 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2007-09-16 09:57 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-09-16 09:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2007-09-16 09:40 --------- d-----w C:\Program Files\Common Files\Skype
2007-09-13 12:35 --------- d-----w C:\Program Files\Demo Builder
2007-09-10 23:11 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-10 23:11 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-10 15:37 --------- d-----w C:\Documents and Settings\Salaman Jenkins\Application Data\Ahead
2007-09-10 15:35 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-10 15:34 --------- d-----w C:\Program Files\Nero
2007-09-06 09:57 --------- d-----w C:\Documents and Settings\Salaman Jenkins\Application Data\Media Player Classic
2007-09-06 09:56 --------- d-----w C:\Program Files\Real Alternative
2007-09-06 09:56 --------- d-----w C:\Program Files\Media Player Classic
2007-08-24 22:27 56,899 ----a-w C:\WINDOWS\system32\x264-uninstall.exe
2007-08-22 03:08 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-08-22 01:36 163,426 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 21:36 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-08-08 21:51 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-08-08 21:51 233,472 ----a-w C:\WINDOWS\system32\wrap_oal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-10-22 10:00 C:\WINDOWS\CTHELPER.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-05 22:37]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 18:49]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-10-22 09:46 C:\WINDOWS\MIDIDEF.EXE]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-09-28 09:05]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-14 13:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]

C:\Documents and Settings\Salaman Jenkins\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-10-05 22:06:46]

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 10:50:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-11-05 10:50:59
C:\ComboFix2.txt ... 2007-11-05 10:40
.
--- E O F ---

En dit is de log van Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:56:31 AM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Salaman Jenkins\My Documents\mozilla downloads\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


Ik heb die registry waarde verwijderd met Hijackthis en alle instructies opgevolgd....

Bedankt voor je hulp en ik hoop dat je hier wat mee kunt....

Cheers,

David :bow:

Ik zie verder dacht ik niks verkeerds.

Sorry dat ik niet eerder kon reageren, maar bedankt voor jullie hulp! Ik denk dat ik weet wat het probleem is....

Ik had deze vraag ook op een ander forum gepost, en daar kreeg ik het advies om de externe harde schijf te verwijderen. Dat heb ik gedaan via het "Remove Hardware" icoon, en daarna heb ik het advies gekregen om de instellingen van de externe schijf te wijzigen.

Ik hoop dat er geen verdere problemen ontstaan, maar ja je weet het maar nooit met die gekke computers van tegenwoordig.

Bedankt,

David :bow: