PDA

Volledige versie bekijken : spyware denk ik


seb
8 April 2008, 07:50
Ik heb hem al laten scannen met avast en spybot S&D maar pc blijf wat aan de trage kant

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:54, on 8/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\svchost.exe
D:\Seb\mijn documenten\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = T'internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [b058d6da] rundll32.exe "C:\WINDOWS\system32\blklblum.dll",b
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6753 bytes
Recep
8 April 2008, 16:43
Hallo Seb,

Ik ga even voor je kijken :D

Recep
Recep
8 April 2008, 18:40
Hallo Seb,

1. Zet Windows Defender even uit.
Windows Defender kan de fix verstoren, daarom zetten we hem tijdelijk uit.
Open Windows Defender,
Klik op Tools.
Klik op General Settings.
Scroll naar Real Time Protection Options
Haal het vinkje weg bij Turn on Real Time Protection (recommended)
Klik Save
Sluit Windows DefenderAls we klaar zijn kan je de Windows Defender weer aanzetten.

2. Volg deze (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) instructies om ComboFix te downloaden:
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Plaats deze log in je volgende post, samen met een vers HijackThis logje.Succes,
Recep :D
seb
8 April 2008, 19:19
ComboFix 08-04-07.5 - Sonja 2008-04-08 19:03:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.562 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Sonja\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sonja\Bureaubladblackbird.jpg
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\awtqnlkL.dll
C:\WINDOWS\system32\blklblum.dll
C:\WINDOWS\system32\byXRihih.dll
C:\WINDOWS\system32\jqflkmfx.dll
C:\WINDOWS\system32\Lklnqtwa.ini
C:\WINDOWS\system32\Lklnqtwa.ini2
C:\WINDOWS\system32\mulblklb.ini
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\xfmklfqj.ini
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
G:\Autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))
.
2008-04-08 16:57 . 2008-04-08 16:57 3,648 --a------ C:\WINDOWS\system32\yiafjmpe.dll
2008-04-07 18:16 . 2008-04-07 11:07 188,416 --a------ C:\WINDOWS\qdnkewfa.dll
2008-04-07 18:16 . 2008-04-07 11:07 155,648 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-07 18:13 . 2008-04-07 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gjunkdin
2008-04-07 18:13 . 2008-04-07 18:13 94,208 --a------ C:\WINDOWS\system32\cbgnmvqf.exe
2008-04-07 16:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-06 19:43 . 2008-04-06 19:43 <DIR> d-------- C:\Program Files\VST
2008-04-06 17:03 . 2008-04-08 18:36 <DIR> dr-h----- C:\Documents and Settings\Sonja\Onlangs geopend
2008-04-06 16:48 . 2008-04-06 17:07 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-04-03 18:23 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 18:23 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 11:28 . 2008-03-31 11:28 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-18 19:28 . 2008-03-18 19:28 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-18 17:50 . 2008-03-18 17:54 <DIR> d-------- C:\Program Files\everest ultimate
2008-03-18 17:44 . 2008-03-18 17:44 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-18 17:40 . 2008-03-18 17:40 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-17 14:19 . 2008-03-17 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-17 14:11 . 2008-01-09 13:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-17 14:10 . 2008-03-17 14:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-17 13:32 . 2008-03-17 13:32 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-16 20:04 . 2008-03-16 20:04 <DIR> d-------- C:\Documents and Settings\Sonja\Application Data\Logitech
2008-03-16 20:04 . 2008-01-09 13:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-03-16 20:04 . 2008-01-09 13:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-03-16 20:04 . 2008-01-09 13:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-03-16 20:04 . 2008-01-09 13:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-03-16 20:03 . 2008-03-17 14:11 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-16 20:03 . 2008-03-16 20:03 <DIR> d-------- C:\Documents and Settings\Sonja\Application Data\InstallShield
2008-03-16 20:03 . 2008-03-16 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-16 20:01 . 2008-03-16 20:03 <DIR> d-------- C:\Program Files\Logitech
2008-03-16 20:01 . 2008-03-16 20:01 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-11 17:30 . 2008-04-06 17:00 <DIR> d-------- C:\WINDOWS\system32\Audi A5 Screensaver 2 dir
2008-03-11 17:30 . 2008-04-06 17:00 <DIR> d-------- C:\WINDOWS\system32\Audi A5 Screensaver 1 dir
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-08 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 17:43 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-06 17:43 --------- d-----w C:\Program Files\Acoustica Mixcraft 3
2008-04-06 16:29 --------- d-----w C:\Documents and Settings\Sonja\Application Data\LimeWire
2008-04-06 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 13:50 --------- d-----w C:\Documents and Settings\Sonja\Application Data\uTorrent
2008-04-04 07:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-31 16:59 --------- d-----w C:\Program Files\Winamp
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-19 13:21 --------- d-----w C:\Documents and Settings\Sonja\Application Data\Toshiba
2008-03-17 17:47 --------- d-----w C:\Program Files\Java
2008-03-12 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-04 19:52 --------- d-----w C:\Program Files\Nokia
2008-03-04 19:52 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-04 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-04 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-29 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-02-29 18:53 --------- d-----w C:\Documents and Settings\Sonja\Application Data\X-Setup Pro
2008-02-26 20:35 --------- d-----w C:\Program Files\Network LookOut Administrator Pro
2008-02-26 17:48 --------- d-----w C:\Program Files\Google
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-24 17:12 --------- d-----w C:\Program Files\iTunes
2008-02-24 17:11 --------- d-----w C:\Program Files\iPod
2008-02-24 17:10 --------- d-----w C:\Program Files\QuickTime
2008-02-24 17:06 --------- d-----w C:\Program Files\Safari
2008-02-21 16:39 --------- d-----w C:\Documents and Settings\Sonja\Application Data\CyberLink
2008-02-20 12:30 --------- d-----w C:\Program Files\LimeWire
2008-02-19 16:29 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-19 16:29 253,952 ------w C:\WINDOWS\Setup1.exe
2008-02-13 15:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoGen
2008-02-07 09:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 14:05 22,328 ----a-w C:\Documents and Settings\Sonja\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-29 19:45 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-04-24 09:20 1448960 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 09:59 16206848 C:\WINDOWS\RTHDCPL.EXE]
"RAM Idle Professional"="C:\Program Files\TweakNow PowerPack\RAM_XP.exe" [2004-07-04 11:59 406016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-17 15:18:32 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"MaxRecentDocs"= 9 (0x9)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRihih]
byXRihih.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a------ 2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Soft\\Raven\\SOF PLATINUM\\SoF.exe"=
"D:\\Soft\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"D:\\Soft\\Age of Mythology\\aomx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Soft\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"H:\\Soft\\NFS Hot Pursuit 3\\NFS3.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Soft\\Flatout 2\\FlatOut2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Soft\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"42544:TCP"= 42544:TCP:utorrent
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIM ount.sys [2004-07-29 04:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 12:37]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm 3gld.sys [2006-02-24 16:37]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-08-09 13:31]
R3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 12:19]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\Sonja\LOCALS~1\Temp\Rar$EX01.04 7\AIRCRA~1.1\bin\PEEK5.SYS []
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-08 05:31:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 19:09:30
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-04-08 19:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 17:11:12
Pre-Run: 45,514,944,512 bytes beschikbaar
Post-Run: 45,511,790,592 bytes beschikbaar
.
2008-04-06 13:24:33 --- E O F ---

en de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:52, on 8/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
D:\Seb\mijn documenten\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: byXRihih - byXRihih.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7168 bytes
Recep
8 April 2008, 20:10
Hallo Seb,

Open een nieuw kladblok bestand.

Kopieer en plak daarin de onderstaande blauwe dikgedrukte tekst.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

File::
C:\WINDOWS\system32\yiafjmpe.dll
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\vnbptxlf.dll
C:\WINDOWS\system32\cbgnmvqf.exe
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\byXRihih.dll

DirLook::
C:\Documents and Settings\All Users\Application Data\gjunkdin
C:\WINDOWS\system32\Audi A5 Screensaver 2 dir

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRihih]Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Hoe is het met je problemen?

Succes,
Recep :D
seb
8 April 2008, 20:26
PC gaat al trug veel sneller:)bedankt:good:

ComboFix 08-04-07.5 - Sonja 2008-04-08 20:18:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.522 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Sonja\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sonja\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\byXRihih.dll
C:\WINDOWS\system32\cbgnmvqf.exe
C:\WINDOWS\system32\yiafjmpe.dll
C:\WINDOWS\vnbptxlf.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\cbgnmvqf.exe
C:\WINDOWS\system32\yiafjmpe.dll
C:\WINDOWS\vnbptxlf.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))
.
2008-04-07 18:13 . 2008-04-07 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gjunkdin
2008-04-07 16:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-06 19:43 . 2008-04-06 19:43 <DIR> d-------- C:\Program Files\VST
2008-04-06 17:03 . 2008-04-08 20:16 <DIR> dr-h----- C:\Documents and Settings\Sonja\Onlangs geopend
2008-04-06 16:48 . 2008-04-06 17:07 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-04-03 18:23 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 18:23 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 11:28 . 2008-03-31 11:28 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-18 19:28 . 2008-03-18 19:28 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-18 17:50 . 2008-03-18 17:54 <DIR> d-------- C:\Program Files\everest ultimate
2008-03-18 17:44 . 2008-03-18 17:44 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-18 17:40 . 2008-03-18 17:40 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-17 14:19 . 2008-03-17 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-17 14:11 . 2008-01-09 13:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-17 14:10 . 2008-03-17 14:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-17 13:32 . 2008-03-17 13:32 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-16 20:04 . 2008-03-16 20:04 <DIR> d-------- C:\Documents and Settings\Sonja\Application Data\Logitech
2008-03-16 20:04 . 2008-01-09 13:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-03-16 20:04 . 2008-01-09 13:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-03-16 20:04 . 2008-01-09 13:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-03-16 20:04 . 2008-01-09 13:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-03-16 20:03 . 2008-03-17 14:11 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-16 20:03 . 2008-03-16 20:03 <DIR> d-------- C:\Documents and Settings\Sonja\Application Data\InstallShield
2008-03-16 20:03 . 2008-03-16 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-16 20:01 . 2008-03-16 20:03 <DIR> d-------- C:\Program Files\Logitech
2008-03-11 17:30 . 2008-04-06 17:00 <DIR> d-------- C:\WINDOWS\system32\Audi A5 Screensaver 2 dir
2008-03-11 17:30 . 2008-04-06 17:00 <DIR> d-------- C:\WINDOWS\system32\Audi A5 Screensaver 1 dir
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-08 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 17:43 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-06 17:43 --------- d-----w C:\Program Files\Acoustica Mixcraft 3
2008-04-06 16:29 --------- d-----w C:\Documents and Settings\Sonja\Application Data\LimeWire
2008-04-06 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 13:50 --------- d-----w C:\Documents and Settings\Sonja\Application Data\uTorrent
2008-04-04 07:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-04 07:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-31 16:59 --------- d-----w C:\Program Files\Winamp
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-19 13:21 --------- d-----w C:\Documents and Settings\Sonja\Application Data\Toshiba
2008-03-17 17:47 --------- d-----w C:\Program Files\Java
2008-03-12 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-04 19:52 --------- d-----w C:\Program Files\Nokia
2008-03-04 19:52 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-04 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-04 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-29 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-02-29 18:53 --------- d-----w C:\Documents and Settings\Sonja\Application Data\X-Setup Pro
2008-02-26 20:35 --------- d-----w C:\Program Files\Network LookOut Administrator Pro
2008-02-26 17:48 --------- d-----w C:\Program Files\Google
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 17:12 --------- d-----w C:\Program Files\iTunes
2008-02-24 17:11 --------- d-----w C:\Program Files\iPod
2008-02-24 17:10 --------- d-----w C:\Program Files\QuickTime
2008-02-24 17:06 --------- d-----w C:\Program Files\Safari
2008-02-21 16:39 --------- d-----w C:\Documents and Settings\Sonja\Application Data\CyberLink
2008-02-20 12:30 --------- d-----w C:\Program Files\LimeWire
2008-02-19 16:29 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-13 15:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoGen
2008-02-07 09:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-18 17:19 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-11 14:05 22,328 ----a-w C:\Documents and Settings\Sonja\Application Data\PnkBstrK.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.
---- Directory of C:\Documents and Settings\All Users\Application Data\gjunkdin ----
2008-04-07 18:13 33792 --a------ C:\Documents and Settings\All Users\Application Data\gjunkdin\ezydizwr.exe
---- Directory of C:\WINDOWS\system32\Audi A5 Screensaver 2 dir ----

((((((((((((((((((((((((((((( snapshot@2008-04-08_19.10.59.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 05:33:12 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-08 17:13:18 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-08 05:33:12 82,396 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-04-08 17:13:18 82,396 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-04-08 05:33:12 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-08 17:13:18 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-08 05:33:12 468,898 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-04-08 17:13:18 468,898 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-29 19:45 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-04-24 09:20 1448960 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 09:59 16206848 C:\WINDOWS\RTHDCPL.EXE]
"RAM Idle Professional"="C:\Program Files\TweakNow PowerPack\RAM_XP.exe" [2004-07-04 11:59 406016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-17 15:18:32 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"MaxRecentDocs"= 9 (0x9)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a------ 2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Soft\\Raven\\SOF PLATINUM\\SoF.exe"=
"D:\\Soft\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"D:\\Soft\\Age of Mythology\\aomx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Soft\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"H:\\Soft\\NFS Hot Pursuit 3\\NFS3.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Soft\\Flatout 2\\FlatOut2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Soft\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"42544:TCP"= 42544:TCP:utorrent
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIM ount.sys [2004-07-29 04:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 12:37]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm 3gld.sys [2006-02-24 16:37]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-08-09 13:31]
R3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 12:19]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\Sonja\LOCALS~1\Temp\Rar$EX01.04 7\AIRCRA~1.1\bin\PEEK5.SYS []
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-08 17:12:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 20:22:01
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-04-08 20:23:13
ComboFix-quarantined-files.txt 2008-04-08 18:23:11
ComboFix2.txt 2008-04-08 17:11:16
Pre-Run: 45,467,082,752 bytes beschikbaar
Post-Run: 45,454,467,072 bytes beschikbaar
.
2008-04-06 13:24:33 --- E O F ---

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:10, on 8/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Seb\mijn documenten\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goegel.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7107 bytes
Recep
8 April 2008, 21:32
Hallo Seb,

Nog even opruimen :D

Open een nieuw kladblok bestand.

Kopieer en plak daarin de onderstaande blauwe dikgedrukte tekst.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
Folder::
C:\Documents and Settings\All Users\Application Data\gjunkdin
C:\WINDOWS\system32\Audi A5 Screensaver 2 dir
C:\WINDOWS\system32\Audi A5 Screensaver 1 dir
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Alles is okè nu?

Succes,
Recep :D
seb
8 April 2008, 21:52
volgens mij is alles nu weg:D

ComboFix 08-04-07.5 - Sonja 2008-04-08 21:46:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.542 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Sonja\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sonja\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\gjunkdin
C:\Documents and Settings\All Users\Application Data\gjunkdin\ezydizwr.exe
C:\WINDOWS\system32\Audi A5 Screensaver 1 dir
C:\WINDOWS\system32\Audi A5 Screensaver 2 dir
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))
.
2008-04-08 20:48 . 2008-04-08 20:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-07 16:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-06 19:43 . 2008-04-06 19:43 <DIR> d-------- C:\Program Files\VST
2008-04-06 17:03 . 2008-04-08 21:41 <DIR> dr-h----- C:\Documents and Settings\Sonja\Onlangs geopend
2008-04-06 16:48 . 2008-04-06 17:07 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-04-03 18:23 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 18:23 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 11:28 . 2008-03-31 11:28 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-18 19:28 . 2008-03-18 19:28 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-18 17:50 . 2008-03-18 17:54 <DIR> d-------- C:\Program Files\everest ultimate
2008-03-18 17:44 . 2008-03-18 17:44 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-18 17:40 . 2008-03-18 17:40 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-17 14:19 . 2008-03-17 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-17 14:11 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-17 14:10 . 2008-03-17 14:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-17 13:32 . 2008-03-17 13:32 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-16 20:04 . 2008-03-16 20:04 <DIR> d-------- C:\Documents and Settings\Sonja\Application Data\Logitech
2008-03-16 20:04 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-03-16 20:04 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-03-16 20:04 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-03-16 20:04 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-03-16 20:03 . 2008-03-17 14:11 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-16 20:03 . 2008-03-16 20:03 <DIR> d-------- C:\Documents and Settings\Sonja\Application Data\InstallShield
2008-03-16 20:03 . 2008-03-16 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-16 20:01 . 2008-03-16 20:03 <DIR> d-------- C:\Program Files\Logitech
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-08 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 17:43 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-06 17:43 --------- d-----w C:\Program Files\Acoustica Mixcraft 3
2008-04-06 16:29 --------- d-----w C:\Documents and Settings\Sonja\Application Data\LimeWire
2008-04-06 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 13:50 --------- d-----w C:\Documents and Settings\Sonja\Application Data\uTorrent
2008-04-04 07:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-04 07:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-31 16:59 --------- d-----w C:\Program Files\Winamp
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-19 13:21 --------- d-----w C:\Documents and Settings\Sonja\Application Data\Toshiba
2008-03-17 17:47 --------- d-----w C:\Program Files\Java
2008-03-12 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-04 19:52 --------- d-----w C:\Program Files\Nokia
2008-03-04 19:52 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-04 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-04 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-29 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-02-29 18:53 --------- d-----w C:\Documents and Settings\Sonja\Application Data\X-Setup Pro
2008-02-26 20:35 --------- d-----w C:\Program Files\Network LookOut Administrator Pro
2008-02-26 17:48 --------- d-----w C:\Program Files\Google
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 17:12 --------- d-----w C:\Program Files\iTunes
2008-02-24 17:11 --------- d-----w C:\Program Files\iPod
2008-02-24 17:10 --------- d-----w C:\Program Files\QuickTime
2008-02-24 17:06 --------- d-----w C:\Program Files\Safari
2008-02-21 16:39 --------- d-----w C:\Documents and Settings\Sonja\Application Data\CyberLink
2008-02-20 12:30 --------- d-----w C:\Program Files\LimeWire
2008-02-19 16:29 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-13 15:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoGen
2008-02-07 09:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-18 17:19 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-11 14:05 22,328 ----a-w C:\Documents and Settings\Sonja\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-08_19.10.59.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-08 18:48:22 10,134 ----a-r C:\WINDOWS\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
- 2008-03-17 13:18:06 10,134 ----a-r C:\WINDOWS\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
+ 2008-04-08 18:47:36 10,134 ----a-r C:\WINDOWS\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
- 2007-11-29 01:17:20 55,824 ----a-w C:\WINDOWS\KHALMNPR.Exe
+ 2007-11-29 00:17:20 55,824 ----a-w C:\WINDOWS\KHALMNPR.Exe
+ 2007-11-29 01:17:20 55,824 ----a-w C:\WINDOWS\LastGood\KHALMNPR.Exe
+ 2004-08-03 23:55:30 53,760 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\i8042prt.sys
+ 2004-08-03 23:57:18 25,216 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdclass.sys
+ 2007-11-29 01:17:28 20,240 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\L8042Kbd.sys
+ 2007-11-29 01:17:34 63,120 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\L8042mou.Sys
+ 2007-11-29 01:18:04 78,992 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\LMouKE.Sys
+ 2004-08-03 23:53:38 23,552 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\mouclass.sys
- 2004-08-03 23:55:30 53,760 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-03 22:55:30 53,760 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
- 2004-08-03 23:57:18 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-03 22:57:18 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-03 23:53:38 23,552 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
+ 2004-08-03 22:53:38 23,552 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
- 2004-08-03 23:55:30 53,760 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2004-08-03 22:55:30 53,760 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
- 2004-08-03 23:57:18 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-03 22:57:18 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2007-11-29 01:17:28 20,240 ----a-w C:\WINDOWS\system32\drivers\L8042Kbd.sys
+ 2007-11-29 00:17:28 20,240 ----a-w C:\WINDOWS\system32\drivers\L8042Kbd.sys
- 2007-11-29 01:17:34 63,120 ----a-w C:\WINDOWS\system32\drivers\L8042mou.Sys
+ 2007-11-29 00:17:34 63,120 ----a-w C:\WINDOWS\system32\drivers\L8042mou.Sys
- 2007-11-29 01:18:04 78,992 ----a-w C:\WINDOWS\system32\drivers\LMouKE.Sys
+ 2007-11-29 00:18:04 78,992 ----a-w C:\WINDOWS\system32\drivers\LMouKE.Sys
- 2004-08-03 23:53:38 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2004-08-03 22:53:38 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
- 2008-04-08 05:33:12 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-08 17:13:18 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-08 05:33:12 82,396 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-04-08 17:13:18 82,396 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-04-08 05:33:12 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-08 17:13:18 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-08 05:33:12 468,898 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-04-08 17:13:18 468,898 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2004-08-03 23:55:30 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFi les\i386\i8042prt.sys
+ 2004-08-03 23:57:18 25,216 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFi les\i386\kbdclass.sys
- 2004-08-03 23:55:30 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFi les\i386\i8042prt.sys
+ 2004-08-03 22:55:30 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFi les\i386\i8042prt.sys
+ 2004-08-03 23:53:38 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFi les\i386\mouclass.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-29 19:45 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-04-24 09:20 1448960 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 09:59 16206848 C:\WINDOWS\RTHDCPL.EXE]
"RAM Idle Professional"="C:\Program Files\TweakNow PowerPack\RAM_XP.exe" [2004-07-04 11:59 406016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-08 20:47:52 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"MaxRecentDocs"= 9 (0x9)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a------ 2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Soft\\Raven\\SOF PLATINUM\\SoF.exe"=
"D:\\Soft\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"D:\\Soft\\Age of Mythology\\aomx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Soft\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"H:\\Soft\\NFS Hot Pursuit 3\\NFS3.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Soft\\Flatout 2\\FlatOut2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Soft\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"42544:TCP"= 42544:TCP:utorrent
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIM ount.sys [2004-07-29 04:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 12:37]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm 3gld.sys [2006-02-24 16:37]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-08-09 13:31]
R3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 12:19]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\Sonja\LOCALS~1\Temp\Rar$EX01.04 7\AIRCRA~1.1\bin\PEEK5.SYS []
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-08 17:12:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 21:48:42
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-04-08 21:49:08
ComboFix-quarantined-files.txt 2008-04-08 19:48:59
ComboFix2.txt 2008-04-08 18:23:14
ComboFix3.txt 2008-04-08 17:11:16
Pre-Run: 45,416,570,880 bytes beschikbaar
Post-Run: 45,403,754,496 bytes beschikbaar
.
2008-04-06 13:24:33 --- E O F ---

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:19, on 8/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Seb\mijn documenten\HiJackThis\HiJackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7019 bytes
Recep
9 April 2008, 15:04
Hallo Seb,

Ik ben blij dat ik je kon helpen :D Doe even het volgende.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Recep :D
seb
9 April 2008, 17:36
is gebeurt:)