Zou iemanbd dit mee willen analyseren?
Problemen die ik ondervind:
- Popups
- Veel foutmeldingen
- Instabiele programma's
- Traagheid
- Veel virusmeldingen die niet verwijderd kunnen worden
- ....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:59, on 27-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
D:\WINDOWS\explorer.exe
D:\Program Files\BearShare\BearShare.exe
D:\Documents and Settings\Andy\Bureaublad\HiJackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [7c99d45c] rundll32.exe "D:\WINDOWS\system32\fdbkgpbw.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - D:\WINDOWS\system32\gmqaswlu.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Andy/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 6369 bytes

Hallo sNap--,

We zijn je logje aan het bestuderen, en zullen zo snel mogelijk het resultaat laten weten.

Recep :D

Hallo sNap--,

1. * Leeg de Cache and Cookies in IE:
Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
Ga naar Extra > Opties.
Klik Privacy in het menu.
Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten.* Leeg andere Temporary files + Prullenbak
Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden'en 'prullenbak'staan aangevinkt.
Klik daarna op OK.2. Ga naar Start -> Configuratiescherm -> Software en verwijder daar de volgende programma's:
- Megaupload Toolbar
- SpyHunter Security Suite (SpyHunter - spyware remover of somewhat dubious repute; see note (http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note))

3. Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan (indien aanwezig!):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [7c99d45c] rundll32.exe "D:\WINDOWS\system32\fdbkgpbw.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

O23 - Service: DomainService - Unknown owner - D:\WINDOWS\system32\gmqaswlu.exe (file missing)

Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Er zal een vraag komen over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

4. Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) en sla het op je bureaublad op.

Open Combofix.exe en volg de instructies, aanvaard de disclaimer door '1' in te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.

Succes,
Recep :D

Bedankt voor je hulp!
hier het logje van Combofix:


ComboFix 08-01-28.2 - Andy 2008-01-28 18:36:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.148 [GMT 1:00]
Se ejecuta desde: D:\Documents and Settings\Andy\Bureaublad\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\awtqrro.dll
D:\WINDOWS\system32\awvvs.dll
D:\WINDOWS\system32\elmrjuos.dll
D:\WINDOWS\msettings.ini
D:\WINDOWS\system32\awtqrro.dll
D:\WINDOWS\system32\awvvs.dll
D:\WINDOWS\system32\elmrjuos.dll
D:\WINDOWS\system32\elmrjuos.dllbox
D:\WINDOWS\system32\gmrcriyu.dll
D:\WINDOWS\system32\ioaoeept.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mpirjddv.dll
D:\WINDOWS\system32\njsmpjit.ini
D:\WINDOWS\system32\snuuiugm.dll
D:\WINDOWS\system32\svvwa.ini
D:\WINDOWS\system32\svvwa.ini2
D:\WINDOWS\system32\vddjripm.ini
D:\WINDOWS\system32\wbpgkbdf.ini
D:\WINDOWS\system32\wkplgxkt.dll
D:\WINDOWS\system32\xidymjhv.ini
D:\WINDOWS\system32\xlvfajly.ini
D:\WINDOWS\system32\xtkjnjff.dll
D:\WINDOWS\system32\ylmuavmt.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))
.

2008-01-28 17:08 . 2008-01-28 17:08 147,520 --------- D:\WINDOWS\system32\yljafvlx.dll
2008-01-27 15:30 . 2008-01-27 16:02 <DIR> d-------- D:\Program Files\SpyNoMore
2008-01-27 15:30 . 2008-01-27 15:30 1,152 --a------ D:\WINDOWS\system32\windrv.sys
2008-01-27 15:16 . 2008-01-27 15:18 <DIR> d-------- D:\Program Files\SpywareBlaster
2008-01-27 15:04 . 2008-01-27 15:04 <DIR> d-------- D:\Program Files\Enigma Software Group
2008-01-27 13:46 . 2008-01-27 13:46 <DIR> d-------- D:\Program Files\SystemRequirementsLab
2008-01-27 13:46 . 2008-01-27 13:46 <DIR> d-------- D:\Documents and Settings\Andy\Application Data\SystemRequirementsLab
2008-01-27 12:58 . 2008-01-27 12:58 147,520 --------- D:\WINDOWS\system32\fdbkgpbw.dll
2008-01-26 17:44 . 2008-01-28 17:49 <DIR> dr-h----- D:\Documents and Settings\Andy\Onlangs geopend
2008-01-25 22:36 . 2008-01-25 22:36 <DIR> d-------- D:\Program Files\DNA
2008-01-25 22:36 . 2008-01-28 18:32 <DIR> d-------- D:\Documents and Settings\Andy\Application Data\DNA
2008-01-20 15:18 . 2008-01-20 15:18 <DIR> d-------- D:\Program Files\MIKSOFT
2008-01-14 18:55 . 2008-01-20 15:49 <DIR> d-------- D:\Program Files\3GP Player
2008-01-13 16:19 . 2008-01-13 16:19 <DIR> d-------- D:\WINDOWS\Sun
2008-01-13 16:18 . 2008-01-13 16:18 <DIR> d-------- D:\Program Files\Java
2008-01-13 16:18 . 2007-09-24 23:31 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-01-13 16:17 . 2008-01-13 16:17 <DIR> d-------- D:\Program Files\Common Files\Java
2007-12-28 17:34 . 2007-12-28 17:41 <DIR> d-------- D:\Documents and Settings\Andy\Application Data\gtk-2.0

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-27 20:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 16:51 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-01-26 12:55 --------- d-----w D:\Documents and Settings\Andy\Application Data\BitTorrent
2008-01-25 21:37 --------- d-----w D:\Program Files\BitTorrent
2008-01-25 21:30 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-19 22:19 --------- d-----w D:\Program Files\SpeedFan
2008-01-11 16:21 --------- d-----w D:\Program Files\mIRC
2008-01-10 17:04 --------- d-----w D:\Program Files\Steam
2008-01-06 19:41 71,336 ----a-w D:\Documents and Settings\Andy\Application Data\GDIPFONTCACHEV1.DAT
2007-12-27 14:26 --------- d-----w D:\Program Files\Free Screen Recorder
2007-12-27 13:46 --------- d-----w D:\Program Files\BlueSprite
2007-12-27 13:45 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 13:45 --------- d-----w D:\Program Files\Blaze Media Pro
2007-12-27 13:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-12-22 22:03 --------- d-----w D:\Program Files\coolpro2
2007-12-19 17:59 --------- d-----w D:\Program Files\GIMP-2.0
2007-12-17 13:38 --------- d-----w D:\Documents and Settings\Andy\Application Data\Sony
2007-12-17 12:19 --------- d-----w D:\Documents and Settings\Andy\Application Data\Publish Providers
2007-12-17 12:19 --------- d-----w D:\Documents and Settings\Andy\Application Data\NetMedia Providers
2007-12-17 12:18 --------- d-----w D:\Program Files\Sony
2007-12-17 12:15 --------- d-----w D:\Program Files\Sony Setup
2007-12-06 16:45 --------- d-----w D:\Documents and Settings\Andy\Application Data\Winamp
2007-12-06 16:34 --------- d-----w D:\Program Files\Winamp
2007-12-02 22:10 --------- d-----w D:\Program Files\VstPlugins
2007-12-02 22:09 --------- d-----w D:\Program Files\rgcaudio
2007-12-02 14:42 --------- d-----w D:\Program Files\MSN Messenger
2007-12-01 23:30 --------- d-----w D:\Program Files\NCH Swift Sound
2007-12-01 23:30 --------- d-----w D:\Documents and Settings\Andy\Application Data\NCH Swift Sound
2007-12-01 23:30 --------- d-----w D:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-28 14:12 --------- d-----w D:\Program Files\Google
2007-11-28 14:11 --------- d-----w D:\Program Files\Yahoo!
2007-11-18 12:11 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-03-09 08:12 27,648 --sha-w D:\WINDOWS\system32\AVSredirect.dll
.

<pre>
----a-w 2,356,664 2006-09-29 11:46:02 D:\Documents and Settings\Andy\Bureaublad\School\school2k7\Nieuwe map\G\AntsColonies .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446624E1-B767-4443-AA6E-0F355CAFD21B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B997AAB-9C65-4711-8A02-DBBE6BA377FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7F6F66F-4C9C-4C75-8041-DF99DB5E1170}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-12-02 15:42 5674352]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"BitTorrent DNA"="D:\Program Files\DNA\btdna.exe" [2008-01-25 22:36 290112]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 14:29 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 D:\WINDOWS\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 D:\WINDOWS\KHALMNPR.Exe]
"KAVPersonal50"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2005-08-04 14:40 139367]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2007-08-14 01:18 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 D:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SNM"="D:\Program Files\SpyNoMore\SNM.exe" [2007-11-15 12:02 1212368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-09 18:52:10 692224]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrro]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\elmrjuos]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 D:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2007-06-13 13:18 4177920 D:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 18:18 1266936 d:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 D:\Program Files\Winamp\winampa.exe

R1 Klmc;Klmc;D:\WINDOWS\system32\drivers\klmc.sys [2005-08-04 14:40]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-25 23:00:00 D:\WINDOWS\Tasks\At1.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At10.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At11.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At12.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-26 11:00:00 D:\WINDOWS\Tasks\At13.job"
- D:\WINDOWS\system32\P2e8k36c.exe

"2008-01-27 12:00:00 D:\WINDOWS\Tasks\At14.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-27 13:00:00 D:\WINDOWS\Tasks\At15.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-27 14:00:00 D:\WINDOWS\Tasks\At16.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-27 15:00:00 D:\WINDOWS\Tasks\At17.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-28 16:00:00 D:\WINDOWS\Tasks\At18.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-28 17:00:00 D:\WINDOWS\Tasks\At19.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-06 00:00:00 D:\WINDOWS\Tasks\At2.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-26 18:00:00 D:\WINDOWS\Tasks\At20.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-26 19:00:03 D:\WINDOWS\Tasks\At21.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-25 20:00:00 D:\WINDOWS\Tasks\At22.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-27 21:00:00 D:\WINDOWS\Tasks\At23.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2008-01-25 22:00:00 D:\WINDOWS\Tasks\At24.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-14 00:01:00 D:\WINDOWS\Tasks\At3.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At4.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At5.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At6.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At7.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At8.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-08-13 23:23:24 D:\WINDOWS\Tasks\At9.job"
- D:\WINDOWS\system32\P2e8k36c.exe
"2007-07-14 01:30:00 D:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- D:\Program Files\RegistrySmart\RegistrySmart.ex
- D:\Program Files\RegistrySmart
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 18:41:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 2462

************************************************** ************************
.
Voltooingstijd: 2008-01-28 18:44:09
ComboFix-quarantined-files.txt 2008-01-28 17:43:55




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:44, on 28-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\SpyNoMore\SNM.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\WINDOWS\explorer.exe
D:\WINDOWS\System32\imapi.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Andy\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - (no file)
O2 - BHO: (no name) - {4B997AAB-9C65-4711-8A02-DBBE6BA377FB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {F7F6F66F-4C9C-4C75-8041-DF99DB5E1170} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SNM] D:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll
O20 - Winlogon Notify: awtqrro - D:\WINDOWS\
O20 - Winlogon Notify: elmrjuos - D:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/Andy/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 6395 bytes


greetings ;)

Hallo sNap--,

1. Ik zie dat je TeaTimer van Spybot op de achtergrond hebt draaien, deze kan in de weg zitten met het fixen van HijackThis-regels. Zet daarom de TeaTimer eventjes uit, dit doe je op de volgende manier:
1. Start Spybot Search and Destroy.
2. Ga naar 'Mode' > selecteer Advanced Mode
3. Ga naar 'Tools' en klik op het Resident-icoon in de lijst
4. Haal het vinkje weg bij Resident TeaTimer en klik OK

5. Download nu ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je bureaublad. (rechtsklikken -> opslaan als..)
6. Open nu ResetTeaTimer.bat vanaf je bureaublad.2. Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG


3. Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan (indien aanwezig!):

O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - (no file)
O2 - BHO: (no name) - {4B997AAB-9C65-4711-8A02-DBBE6BA377FB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {F7F6F66F-4C9C-4C75-8041-DF99DB5E1170} - (no file)

O20 - Winlogon Notify: awtqrro - D:\WINDOWS\
O20 - Winlogon Notify: elmrjuos - D:\WINDOWS\

Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Er zal een vraag komen over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

4. Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) en sla deze op je bureaublad op.
Open vervolgens een nieuw kladblok bestand.

Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
Sla het vervolgens op je bureaublad op als CFScript.txt.


File::
D:\WINDOWS\system32\yljafvlx.dll
D:\WINDOWS\system32\fdbkgpbw.dll
D:\WINDOWS\tasks\At1.job
D:\WINDOWS\tasks\At2.job
D:\WINDOWS\tasks\At3.job
D:\WINDOWS\tasks\At4.job
D:\WINDOWS\tasks\At5.job
D:\WINDOWS\tasks\At6.job
D:\WINDOWS\tasks\At7.job
D:\WINDOWS\tasks\At8.job
D:\WINDOWS\tasks\At9.job
D:\WINDOWS\tasks\At10.job
D:\WINDOWS\tasks\At11.job
D:\WINDOWS\tasks\At12.job
D:\WINDOWS\tasks\At13.job
D:\WINDOWS\tasks\At14.job
D:\WINDOWS\tasks\At15.job
D:\WINDOWS\tasks\At16.job
D:\WINDOWS\tasks\At17.job
D:\WINDOWS\tasks\At18.job
D:\WINDOWS\tasks\At19.job
D:\WINDOWS\tasks\At20.job
D:\WINDOWS\tasks\At21.job
D:\WINDOWS\tasks\At22.job
D:\WINDOWS\tasks\At23.job
D:\WINDOWS\tasks\At24.job
D:\WINDOWS\system32\P2e8k36c.exe
D:\WINDOWS\system32\awvvs.dll

Renv::
D:\Documents and Settings\Andy\Bureaublad\School\school2k7\Nieuwe map\G\AntsColonies .exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrro]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\elmrjuos]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446624E1-B767-4443-AA6E-0F355CAFD21B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B997AAB-9C65-4711-8A02-DBBE6BA377FB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7F6F66F-4C9C-4C75-8041-DF99DB5E1170}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Succes,
Recep :D