Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Ik word gepest!

None
12 antwoorden
  • Sinds korte tijd krijg ik bij iedere systeemopstart een melding van m'n Avast Antivirus dat 'Trojanen' mijn systeem proberen binnen te dringen.
    Deze 'pesters' kan ik in de kluis plaatsen of verwijderen en beide opties heb ik meer dan eens gekozen maar de 'kraan blijft gewoon open staan'.
    Het gaat o.a. om een bestand 'sdsdf.exe' in de Windows/System32-map, maar soms ook over bestanden onder andere namen in de tijdelijke internetbestanden-map.
    Gelijktijdig daarmee verschijnen tijdens het surfen ongewenste pestende sites op mijn scherm, veelal sites die mij willen verleiden beschermingsoftware te draaien (middels 'Free Scans') of aan te kopen… Over 'bescherming' gesproken!
    Ik hoop dat iemand bereid is mij te helpen hiervan af te komen.
    Iedere tip die daartoe kan leiden wordt zeer gewaardeerd!
    Bijvoorbaat hartelijk dank!
    Robert H. Vorwald.
  • Download:
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:d9e4d915ce]PC herstarten[/b:d9e4d915ce] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:d9e4d915ce]RVAXO-results.log[/b:d9e4d915ce] in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken.
    Als er een uninstaller actief wordt, deze zijn werk laten doen.
    PC herstarten en daarna nogmaals [b:d9e4d915ce]RemoveVideoActiveXObject.exe[/b:d9e4d915ce] dubbelklikken.
    Daarna een logje van HijackThis plaatsen


    Download [b:d9e4d915ce]hijackthissetup[/b:d9e4d915ce] naar je Bureaublad.[list:d9e4d915ce]Dubbelklikken op [b:d9e4d915ce]hijackthissetup.exe[/b:d9e4d915ce]
    Volg de instructies en klik op [b:d9e4d915ce]Install[/b:d9e4d915ce]
    Er zal een snelkoppeling verschijnen op je Bureaublad met de naam [i:d9e4d915ce]Hijack This[/i:d9e4d915ce]
    Dubbelklikken op de snelkoppeling om Hijackthis te starten.[/list:u:d9e4d915ce]

    plaats de logjes aub.
  • Hartelijk bedankt voor je reactie!
    Hieronder de logjes:
    Ik moet er eerlijkshalve bijvertellen dat ik per abuis het RemoveVideoActiveXobject-prog twee keer heb gedraaid voordat opnieuw werd geboot.
    Ik hoop dat dat geen roet in het eten gooit.
    Overigens heb ik IE op de standaardbeveiligingszettingen teruggezet voorzover hierin wijzigingen waren aangebracht.

    —————-RemoveVideoActiveXObject.exe first run————-

    Files found:

    C:\WINDOWS\system32\ilnmp.ini2
    C:\WINDOWS\system32\ilnmp.bak1
    C:\WINDOWS\system32\ilnmp.bak2
    C:\WINDOWS\system32\avp.exe

    Uninstallers Rogue scanners:


    Folders Found:


    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:


    Logfile of HijackThis v1.99.1
    Scan saved at 18:34:35, on 16-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\totalcmd\TOTALCMD.EXE
    c:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Boonty Games - Unknown owner - (no file)
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Ben zeer benieuwd naar je deskundige reactie!
  • Aub.


    Download [b:d41687b82e]Combofix[/b:d41687b82e] naar je Bureaublad.[list:d41687b82e]
    Dubbelklik op [b:d41687b82e]Combofix.exe[/b:d41687b82e]
    Volg de instructies, aanvaard de disclaimer door [b:d41687b82e]1[/b:d41687b82e] (continue) te typen.
    Tijdens het runnen van de fix, [b:d41687b82e]NIET[/b:d41687b82e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:d41687b82e]
    Wanneer de fix voltooid is en na herstart, zal de log [b:d41687b82e]combofix.txt[/b:d41687b82e] openen.
    [i:d41687b82e]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:d41687b82e]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:d41687b82e]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    O23 - Service: Boonty Games - Unknown owner - (no file)
    [/b:d41687b82e]
    Klik op 'Fix checked' om de items te verwijderen.
    start opnieuw op en plaats de logjes

    combofix
    Hijackthis.

    succes.
  • Beste Juisterr,

    Hieronder de nieuwe logs.
    Is het het dit stadium te vroeg om Windows Defender te installeren?
    Ik wil de procedure tot een gezond systeem natuurlijk niet ondermijnen, vandaar dat ik dit advies van 'een kennis' nog niet heb opgevolgd.
    Bijkomende info is dat mijn Skype niet meer werkt, maar die kan ik natuurlijk weer opnieuw installeren.
    Ook het surfen gaat erg straag… de HD van mijn systeem staat dan lang te 'rateleren', soms wel driekwart minuut.
    Ook de autoplayfunctie op mijn DVD(RW)-stations werkt niet meer.
    Is al eens eerder gebeurd, maar dat kon ik uiteindelijk zelf oplossen.
    Echter nu krijg alleen een bestandenoverzicht van verkenner en kan ik autoplay wel aanvinken via de eigenschappen van de drives of via TweakUI, maar zonder het geoogde resultaat.
    Ik weet natuurlijk niet of e.e.a. samenhangt met de plaaggeesten in mijn systeem maar ik dacht je deze info niet te moeten onthouden opdat je meer inzicht krijgt.

    Ben weer zeer benieuwd naar je reactie waarvoor mijn erkentelijkheid!
    Robert H. Vorwald

    Later toegevoegde tekst:
    Probleem met Skype inmiddels opgelost.
    Surfen gaat weer beter en sneller en ongewenste sites zijn niet meer opgepopt c.q. verschenen, evenals de trojans-meldingen door mijn virusscanner.
    Ik juich nog niet te vroeg want ik heb nog niet teveel tijd achter (of is het voor?) de computer gezeten en dan nog 's-nachts.
    Maar ik constateer hoe dan ook verbetering!
    Dit wilde ik je alsnog even laten weten.


    ComboFix 07-06-17 - C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    "Robert H. Vorwald" - 2007-06-17 17:47:01 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddcbcdb.dll
    C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\hggefff.dll
    C:\WINDOWS\system32\vturqqp.dll
    C:\WINDOWS\system32\xqgnpual.dll
    C:\WINDOWS\system32\yeibbbxf.dll
    C:\WINDOWS\system32\yfkeoosc.dll
    C:\WINDOWS\system32\ilnmp.bak2
    C:\WINDOWS\system32\ilnmp.ini
    C:\WINDOWS\system32\ilnmp.ini2
    C:\WINDOWS\system32\ilnmp.tmp
    C:\WINDOWS\system32\qtstv.ini
    C:\WINDOWS\system32\vycdd.ini
    C:\WINDOWS\system32\laupngqx.ini
    C:\WINDOWS\system32\fxbbbiey.ini
    C:\WINDOWS\system32\csooekfy.ini
    C:\WINDOWS\system32\ilnmp.bak2
    C:\WINDOWS\system32\ilnmp.ini
    C:\WINDOWS\system32\ilnmp.ini2
    C:\WINDOWS\system32\ilnmp.tmp
    C:\WINDOWS\system32\pmnli.dll
    C:\WINDOWS\system32\ljjjhgg.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1.\macromedia\Flash Player\#SharedObjects\LRUZPMMY\www.broadcaster.com
    C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Program Files\install.log
    C:\WINDOWS\gimmygames.dat
    C:\WINDOWS\winsysupd111.dat


    ((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


    2007-06-17 17:47 62,516 –a—— C:\WINDOWS\system32
    vxokpal.dll
    2007-06-17 17:46 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-17 02:02 125,972 –a—— C:\WINDOWS\system32\bidlumnl.dll
    2007-06-16 18:27 33,194 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-16 18:27 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-16 11:25 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-06-16 11:25 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-16 11:25 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-06-16 11:25 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-06-16 11:25 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-06-16 11:25 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-06-16 11:25 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-06-16 04:27 <DIR> d——– C:\DOCUME~1\LOCALS~1\Bureaublad
    2007-06-16 04:11 <DIR> d——– C:\Program Files\MZ U.T
    2007-06-14 15:02 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2007-06-14 13:58 9,961,472 –a—— C:\DOCUME~1\ROBERT~1.VOR
    tuser.dat
    2007-06-13 23:38 62,516 –a—— C:\WINDOWS\system32\yftnvkng.dll
    2007-06-13 23:04 <DIR> d——– C:\divx
    2007-06-12 14:41 8 -r-hs—- C:\WINDOWS\system32\C678E98593.sys
    2007-06-12 13:09 36,624 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-06-12 13:09 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-06-12 13:09 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-06-12 13:09 129,784 ——— C:\WINDOWS\system32\pxafs.dll
    2007-06-12 13:09 118,520 ——— C:\WINDOWS\system32\pxinsi64.exe
    2007-06-12 13:09 116,472 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2007-06-12 00:10 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DivX
    2007-06-11 18:47 <DIR> d——– C:\A Beautifull Mind
    2007-06-11 16:59 <DIR> d——– C:\It - Stephen King
    2007-06-05 03:41 <DIR> d——– C:\Program Files\AviSub
    2007-06-03 20:06 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DVDFab
    2007-06-03 16:51 <DIR> d——– C:\Lonely Hearts
    2007-06-02 13:38 <DIR> d——– C:\Program Files\Dnote Software
    2007-05-31 08:45 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-17 15:51:26 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-17 15:42:53 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Skype
    2007-06-17 09:51:08 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-06-17 00:24:47 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Azureus
    2007-06-16 23:19:14 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Sibelius Software
    2007-06-16 23:18:12 ——– d—–w C:\Program Files\Sibelius Software
    2007-06-16 17:54:09 ——– d—–w C:\Program Files\Hitman Pro
    2007-06-16 11:54:57 ——– d—–w C:\Program Files\SpywareBlaster
    2007-06-16 02:07:17 57,724 —-a-w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\wklnhst.dat
    2007-06-15 16:56:15 ——– d—–w C:\Program Files\Google
    2007-06-15 12:15:09 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
    2007-06-14 13:02:33 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-13 13:31:05 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Canon
    2007-06-12 23:53:27 ——– d—–w C:\Program Files\OpenOffice.org 2.1
    2007-06-12 23:49:36 ——– d—–w C:\Program Files\DivX
    2007-06-12 23:46:37 4,704 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-12 10:36:04 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Vso
    2007-06-11 20:31:51 ——– d—–w C:\Program Files\DVDFab Platinum 3
    2007-06-03 16:18:19 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Corel
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-13 00:24:45 97,474 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-13 00:24:45 503,678 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-11 23:41:17 ——– d—–w C:\Program Files\TomTom HOME
    2007-05-11 23:31:55 ——– d—–w C:\Program Files\Streamload
    2007-05-04 01:10:34 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\MAGIX
    2007-05-04 00:20:52 101,376 —-a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
    2007-05-04 00:20:41 ——– d—–w C:\Program Files\Common Files\MAGIX Shared
    2007-05-04 00:19:11 ——– d—–w C:\Program Files\MAGIX
    2007-04-30 15:46:10 745,600 —-a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 —-a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 13:16:12 ——– d—–w C:\Program Files\eMule
    2007-04-18 13:11:27 ——– d—–w C:\Program Files\Multi_Media
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-01-12 02:44:30 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59:06 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50:57 56 –sh–r C:\WINDOWS\system32\FA58369351.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {DA5A5F3E-D71B-476C-9BD3-14364565E842}=C:\WINDOWS\system32\bidlumnl.dll [2007-06-17 02:02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 15:31]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 12:35]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
    "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
    "NWEReboot"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]


    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-17 17:52:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-17 17:55:20 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-17 17:55

    — E O F —
    Logfile of HijackThis v1.99.1
    Scan saved at 19:29:59, on 17-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\totalcmd\TOTALCMD.EXE
    c:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {DA5A5F3E-D71B-476C-9BD3-14364565E842} - C:\WINDOWS\system32\bidlumnl.dll
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:a53590a21b][b:a53590a21b]
  • Hallo Juisterr,

    Hieronder de logfiles.

    Van ComboFix zijn twee logs afgedrukt.
    Eén met de sleepactie van het bestand 'ComboFix-Do.txt' en één met de sleepactie 'ComboFix-Do'.
    De laatste dus zonder de .txt-extentie want dat was mij niet helemaal duidelijk.

    Het bestand bidlumnl.dll heb ik niet aangetroffen in de opgegeven directory.

    ComboFix 07-06-17 - C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    "Robert H. Vorwald" - 2007-06-18 13:28:32 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix-Do.txt

    De HJT-logfile is aangemaakt na de tweede boot van ComboFix, dus hoop ik desondanks toch in de goede opgegeven volgorde te hebben gewerkt.


    ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


    2007-06-17 17:47 62,516 –a—— C:\WINDOWS\system32
    vxokpal.dll
    2007-06-17 17:46 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-16 18:27 33,194 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-16 18:27 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-16 11:25 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-06-16 11:25 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-16 11:25 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-06-16 11:25 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-06-16 11:25 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-06-16 11:25 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-06-16 11:25 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-06-16 04:27 <DIR> d——– C:\DOCUME~1\LOCALS~1\Bureaublad
    2007-06-16 04:11 <DIR> d——– C:\Program Files\MZ U.T
    2007-06-14 15:02 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2007-06-14 13:58 9,961,472 –a—— C:\DOCUME~1\ROBERT~1.VOR
    tuser.dat
    2007-06-13 23:38 62,516 –a—— C:\WINDOWS\system32\yftnvkng.dll
    2007-06-13 23:04 <DIR> d——– C:\divx
    2007-06-12 14:41 8 -r-hs—- C:\WINDOWS\system32\C678E98593.sys
    2007-06-12 13:09 36,624 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-06-12 13:09 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-06-12 13:09 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-06-12 13:09 129,784 ——— C:\WINDOWS\system32\pxafs.dll
    2007-06-12 13:09 118,520 ——— C:\WINDOWS\system32\pxinsi64.exe
    2007-06-12 13:09 116,472 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2007-06-12 00:10 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DivX
    2007-06-11 18:47 <DIR> d——– C:\A Beautifull Mind
    2007-06-11 16:59 <DIR> d——– C:\It - Stephen King
    2007-06-05 03:41 <DIR> d——– C:\Program Files\AviSub
    2007-06-03 20:06 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DVDFab
    2007-06-03 16:51 <DIR> d——– C:\Lonely Hearts
    2007-06-02 13:38 <DIR> d——– C:\Program Files\Dnote Software
    2007-05-31 08:45 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-18 11:16:54 57,654 —-a-w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\wklnhst.dat
    2007-06-18 10:57:25 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Skype
    2007-06-18 08:57:05 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-06-18 08:55:42 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-17 00:24:47 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Azureus
    2007-06-16 23:19:14 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Sibelius Software
    2007-06-16 23:18:12 ——– d—–w C:\Program Files\Sibelius Software
    2007-06-16 17:54:09 ——– d—–w C:\Program Files\Hitman Pro
    2007-06-16 11:54:57 ——– d—–w C:\Program Files\SpywareBlaster
    2007-06-15 16:56:15 ——– d—–w C:\Program Files\Google
    2007-06-15 12:15:09 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
    2007-06-14 13:02:33 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-13 13:31:05 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Canon
    2007-06-12 23:53:27 ——– d—–w C:\Program Files\OpenOffice.org 2.1
    2007-06-12 23:49:36 ——– d—–w C:\Program Files\DivX
    2007-06-12 23:46:37 4,704 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-12 10:36:04 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Vso
    2007-06-11 20:31:51 ——– d—–w C:\Program Files\DVDFab Platinum 3
    2007-06-03 16:18:19 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Corel
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-13 00:24:45 97,474 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-13 00:24:45 503,678 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-11 23:41:17 ——– d—–w C:\Program Files\TomTom HOME
    2007-05-11 23:31:55 ——– d—–w C:\Program Files\Streamload
    2007-05-04 01:10:34 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\MAGIX
    2007-05-04 00:20:52 101,376 —-a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
    2007-05-04 00:20:41 ——– d—–w C:\Program Files\Common Files\MAGIX Shared
    2007-05-04 00:19:11 ——– d—–w C:\Program Files\MAGIX
    2007-04-30 15:46:10 745,600 —-a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 —-a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 13:16:12 ——– d—–w C:\Program Files\eMule
    2007-04-18 13:11:27 ——– d—–w C:\Program Files\Multi_Media
    2007-01-12 02:44:30 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59:06 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50:57 56 –sh–r C:\WINDOWS\system32\FA58369351.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {DA5A5F3E-D71B-476C-9BD3-14364565E842}=C:\WINDOWS\system32\bidlumnl.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 15:31]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 12:35]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
    "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
    "NWEReboot"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]


    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-18 13:29:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-18 13:29:36
    C:\ComboFix-quarantined-files.txt … 2007-06-18 13:29
    C:\ComboFix2.txt … 2007-06-18 13:24
    C:\ComboFix3.txt … 2007-06-17 17:55

    — E O F —


    ComboFix 07-06-17 - C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    "Robert H. Vorwald" - 2007-06-18 13:21:03 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix-Do.txt.txt


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\bidlumnl.dll


    ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


    2007-06-17 17:47 62,516 –a—— C:\WINDOWS\system32
    vxokpal.dll
    2007-06-17 17:46 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-16 18:27 33,194 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-16 18:27 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-16 11:25 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-06-16 11:25 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-16 11:25 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-06-16 11:25 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-06-16 11:25 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-06-16 11:25 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-06-16 11:25 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-06-16 04:27 <DIR> d——– C:\DOCUME~1\LOCALS~1\Bureaublad
    2007-06-16 04:11 <DIR> d——– C:\Program Files\MZ U.T
    2007-06-14 15:02 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2007-06-14 13:58 9,961,472 –a—— C:\DOCUME~1\ROBERT~1.VOR
    tuser.dat
    2007-06-13 23:38 62,516 –a—— C:\WINDOWS\system32\yftnvkng.dll
    2007-06-13 23:04 <DIR> d——– C:\divx
    2007-06-12 14:41 8 -r-hs—- C:\WINDOWS\system32\C678E98593.sys
    2007-06-12 13:09 36,624 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-06-12 13:09 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-06-12 13:09 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-06-12 13:09 129,784 ——— C:\WINDOWS\system32\pxafs.dll
    2007-06-12 13:09 118,520 ——— C:\WINDOWS\system32\pxinsi64.exe
    2007-06-12 13:09 116,472 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2007-06-12 00:10 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DivX
    2007-06-11 18:47 <DIR> d——– C:\A Beautifull Mind
    2007-06-11 16:59 <DIR> d——– C:\It - Stephen King
    2007-06-05 03:41 <DIR> d——– C:\Program Files\AviSub
    2007-06-03 20:06 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DVDFab
    2007-06-03 16:51 <DIR> d——– C:\Lonely Hearts
    2007-06-02 13:38 <DIR> d——– C:\Program Files\Dnote Software
    2007-05-31 08:45 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-18 11:16:54 57,654 —-a-w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\wklnhst.dat
    2007-06-18 10:57:25 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Skype
    2007-06-18 08:57:05 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-06-18 08:55:42 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-17 00:24:47 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Azureus
    2007-06-16 23:19:14 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Sibelius Software
    2007-06-16 23:18:12 ——– d—–w C:\Program Files\Sibelius Software
    2007-06-16 17:54:09 ——– d—–w C:\Program Files\Hitman Pro
    2007-06-16 11:54:57 ——– d—–w C:\Program Files\SpywareBlaster
    2007-06-15 16:56:15 ——– d—–w C:\Program Files\Google
    2007-06-15 12:15:09 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
    2007-06-14 13:02:33 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-13 13:31:05 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Canon
    2007-06-12 23:53:27 ——– d—–w C:\Program Files\OpenOffice.org 2.1
    2007-06-12 23:49:36 ——– d—–w C:\Program Files\DivX
    2007-06-12 23:46:37 4,704 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-12 10:36:04 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Vso
    2007-06-11 20:31:51 ——– d—–w C:\Program Files\DVDFab Platinum 3
    2007-06-03 16:18:19 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Corel
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-13 00:24:45 97,474 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-13 00:24:45 503,678 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-11 23:41:17 ——– d—–w C:\Program Files\TomTom HOME
    2007-05-11 23:31:55 ——– d—–w C:\Program Files\Streamload
    2007-05-04 01:10:34 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\MAGIX
    2007-05-04 00:20:52 101,376 —-a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
    2007-05-04 00:20:41 ——– d—–w C:\Program Files\Common Files\MAGIX Shared
    2007-05-04 00:19:11 ——– d—–w C:\Program Files\MAGIX
    2007-04-30 15:46:10 745,600 —-a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 —-a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 13:16:12 ——– d—–w C:\Program Files\eMule
    2007-04-18 13:11:27 ——– d—–w C:\Program Files\Multi_Media
    2007-01-12 02:44:30 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59:06 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50:57 56 –sh–r C:\WINDOWS\system32\FA58369351.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {DA5A5F3E-D71B-476C-9BD3-14364565E842}=C:\WINDOWS\system32\bidlumnl.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 15:31]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 12:35]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
    "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
    "NWEReboot"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]


    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-18 13:23:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-18 13:24:08
    C:\ComboFix-quarantined-files.txt … 2007-06-18 13:24
    C:\ComboFix2.txt … 2007-06-17 17:55

    — E O F —


    Logfile of HijackThis v1.99.1
    Scan saved at 13:47:33, on 18-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\totalcmd\TOTALCMD.EXE
    c:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe





  • Download [b:59a68b3fe8]Dr.Web CureIt[/b:59a68b3fe8] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Dubbelklik [b:59a68b3fe8]drweb-cureit.exe[/b:59a68b3fe8] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:59a68b3fe8]Options[/b:59a68b3fe8] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:59a68b3fe8]groene pijl[/b:59a68b3fe8] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:59a68b3fe8]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:59a68b3fe8]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:59a68b3fe8]Move incurable[/b:59a68b3fe8] zoals je zal zien in volgende afbeelding:
    [img:59a68b3fe8]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:59a68b3fe8]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:59a68b3fe8]file[/b:59a68b3fe8] en kies [b:59a68b3fe8]save report list[/b:59a68b3fe8]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    [b:59a68b3fe8]Herstart[/b:59a68b3fe8] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

    Run HijackThis opnieuw en post een nieuwe log
  • Hallo Juisterr,

    Hieronder weer de nieuwe logfiles.
    In de eerste scan van DrWeb werden geen ongeregeldheden aangetroffen, maar in de tweede wel.


    bidlumnl.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Adware.Crew Incurable.Moved.
    ddcbcdb.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    ddcyv.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    hggefff.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    ljjjhgg.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    pmnli.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    vtstq.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    vturqqp.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    A0021654.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
    A0021658.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
    A0021659.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
    A0021660.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
    A0021883.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
    A0023778.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023779.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023780.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023781.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023782.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023789.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023790.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
    A0023998.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Adware.Crew Incurable.Moved.
    nvxokpal.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    yftnvkng.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.


    Logfile of HijackThis v1.99.1
    Scan saved at 21:26:24, on 18-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rsvp.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    c:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips
  • Beste Juisterr,

    Je laatste instructies heb ik opgevolgd.
    Na een dagje surfen heb ik geen vreemde ervaringen meer gehad!
    Het surfen gaat weer vlot en zonder ongevraagde siteverschijningen.
    Ook heeft mijn antivirusprog geen meldingen meer van Trojanen gegeven.
    Tijdens het gehele proces namen de klachten gradueel af.
    Ook heb ik je tips doorgenomen en verschillende progs gedownload en geïnstalleerd om zodoende mijn systeem zoveel mogelijk 'dicht te timmeren'.
    Zo heb ik o.a. AVG Anti-Spyware geïnstalleerd; kun je me aangeven of daarmee de installatie van Windows Defender overbodig is geworden?

    Ik heb nog een vraag: kan ik progs en de daardoor gemaakte logfiles gebruikt en aangemaakt tijdens het laatste proces nu verwijderen/deïnstellareren?
    Ik doel hiermee op RemoveVideoActiveXOject, ComboFix en DrWeb alsmede aangemaakte mappen C:\Avanger en C:\Qoobox en C:\Documents and Settings\Robert H. Vorwald\DoctorWeb.

    Heb je nog een aanwijzing voor me hoe ik de autoplayfunctie van mijn DVD-Rom en DVD-RW-drives weer terug kan krijgen?
    Deze is (kennelijk) tijdens het proces verloren gegaan.
    Nu krijg ik slechts een verkennervenster met de op de CD/DVD aanwezige mappen/bestanden.
    Ik kan de autoplayfunctie ook niet meer terugkrijgen/inschakelen via de eigenschappen van de drives of TweakUI.

    Heel, heel hartelijk dank (!!!) voor je bemoeienis, inspanningen en instructies om mijn problemen uit de wereld te helpen.
    Een vorige keer heb je me ook al zo goed geholpen en ook nu was ik er zonder jouw expertise beslist niet uitgekomen!
    Wat mij betreft ben je een hoofdparel aan de HCC-ketting!

    Met een hartelijke groet,
    Robert H. Vorwald.
  • Ik kan alleen nog adviseren om maar 1 actieve antivirusscanner te installeren. Dus dat wordt een keuze maken.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.