Vraag & Antwoord

Beveiliging & privacy

Ik word gepest!

Anoniem
None
12 antwoorden
 • Sinds korte tijd krijg ik bij iedere systeemopstart een melding van m'n Avast Antivirus dat 'Trojanen' mijn systeem proberen binnen te dringen.
  Deze 'pesters' kan ik in de kluis plaatsen of verwijderen en beide opties heb ik meer dan eens gekozen maar de 'kraan blijft gewoon open staan'.
  Het gaat o.a. om een bestand 'sdsdf.exe' in de Windows/System32-map, maar soms ook over bestanden onder andere namen in de tijdelijke internetbestanden-map.
  Gelijktijdig daarmee verschijnen tijdens het surfen ongewenste pestende sites op mijn scherm, veelal sites die mij willen verleiden beschermingsoftware te draaien (middels 'Free Scans') of aan te kopen… Over 'bescherming' gesproken!
  Ik hoop dat iemand bereid is mij te helpen hiervan af te komen.
  Iedere tip die daartoe kan leiden wordt zeer gewaardeerd!
  Bijvoorbaat hartelijk dank!
  Robert H. Vorwald.
 • Download:
  Sla het bestand op je bureaublad op, daarna dubbelklikken.
  Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

  Daarna de [b:d9e4d915ce]PC herstarten[/b:d9e4d915ce] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
  Post daarna het logje C:\[b:d9e4d915ce]RVAXO-results.log[/b:d9e4d915ce] in je volgende bericht tesamen met een nieuw logje van HijackThis.

  Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken.
  Als er een uninstaller actief wordt, deze zijn werk laten doen.
  PC herstarten en daarna nogmaals [b:d9e4d915ce]RemoveVideoActiveXObject.exe[/b:d9e4d915ce] dubbelklikken.
  Daarna een logje van HijackThis plaatsen


  Download [b:d9e4d915ce]hijackthissetup[/b:d9e4d915ce] naar je Bureaublad.[list:d9e4d915ce]Dubbelklikken op [b:d9e4d915ce]hijackthissetup.exe[/b:d9e4d915ce]
  Volg de instructies en klik op [b:d9e4d915ce]Install[/b:d9e4d915ce]
  Er zal een snelkoppeling verschijnen op je Bureaublad met de naam [i:d9e4d915ce]Hijack This[/i:d9e4d915ce]
  Dubbelklikken op de snelkoppeling om Hijackthis te starten.[/list:u:d9e4d915ce]

  plaats de logjes aub.
 • Hartelijk bedankt voor je reactie!
  Hieronder de logjes:
  Ik moet er eerlijkshalve bijvertellen dat ik per abuis het RemoveVideoActiveXobject-prog twee keer heb gedraaid voordat opnieuw werd geboot.
  Ik hoop dat dat geen roet in het eten gooit.
  Overigens heb ik IE op de standaardbeveiligingszettingen teruggezet voorzover hierin wijzigingen waren aangebracht.

  —————-RemoveVideoActiveXObject.exe first run————-

  Files found:

  C:\WINDOWS\system32\ilnmp.ini2
  C:\WINDOWS\system32\ilnmp.bak1
  C:\WINDOWS\system32\ilnmp.bak2
  C:\WINDOWS\system32\avp.exe

  Uninstallers Rogue scanners:


  Folders Found:


  ————–RemoveVideoActiveXObject.exe last run—————

  Files found:


  Uninstallers Rogue scanners:


  Folders Found:


  Logfile of HijackThis v1.99.1
  Scan saved at 18:34:35, on 16-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\totalcmd\TOTALCMD.EXE
  c:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Boonty Games - Unknown owner - (no file)
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

  Ben zeer benieuwd naar je deskundige reactie!
 • Aub.


  Download [b:d41687b82e]Combofix[/b:d41687b82e] naar je Bureaublad.[list:d41687b82e]
  Dubbelklik op [b:d41687b82e]Combofix.exe[/b:d41687b82e]
  Volg de instructies, aanvaard de disclaimer door [b:d41687b82e]1[/b:d41687b82e] (continue) te typen.
  Tijdens het runnen van de fix, [b:d41687b82e]NIET[/b:d41687b82e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:d41687b82e]
  Wanneer de fix voltooid is en na herstart, zal de log [b:d41687b82e]combofix.txt[/b:d41687b82e] openen.
  [i:d41687b82e]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:d41687b82e]

  Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:d41687b82e]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  O23 - Service: Boonty Games - Unknown owner - (no file)
  [/b:d41687b82e]
  Klik op 'Fix checked' om de items te verwijderen.
  start opnieuw op en plaats de logjes

  combofix
  Hijackthis.

  succes.
 • Beste Juisterr,

  Hieronder de nieuwe logs.
  Is het het dit stadium te vroeg om Windows Defender te installeren?
  Ik wil de procedure tot een gezond systeem natuurlijk niet ondermijnen, vandaar dat ik dit advies van 'een kennis' nog niet heb opgevolgd.
  Bijkomende info is dat mijn Skype niet meer werkt, maar die kan ik natuurlijk weer opnieuw installeren.
  Ook het surfen gaat erg straag… de HD van mijn systeem staat dan lang te 'rateleren', soms wel driekwart minuut.
  Ook de autoplayfunctie op mijn DVD(RW)-stations werkt niet meer.
  Is al eens eerder gebeurd, maar dat kon ik uiteindelijk zelf oplossen.
  Echter nu krijg alleen een bestandenoverzicht van verkenner en kan ik autoplay wel aanvinken via de eigenschappen van de drives of via TweakUI, maar zonder het geoogde resultaat.
  Ik weet natuurlijk niet of e.e.a. samenhangt met de plaaggeesten in mijn systeem maar ik dacht je deze info niet te moeten onthouden opdat je meer inzicht krijgt.

  Ben weer zeer benieuwd naar je reactie waarvoor mijn erkentelijkheid!
  Robert H. Vorwald

  Later toegevoegde tekst:
  Probleem met Skype inmiddels opgelost.
  Surfen gaat weer beter en sneller en ongewenste sites zijn niet meer opgepopt c.q. verschenen, evenals de trojans-meldingen door mijn virusscanner.
  Ik juich nog niet te vroeg want ik heb nog niet teveel tijd achter (of is het voor?) de computer gezeten en dan nog 's-nachts.
  Maar ik constateer hoe dan ook verbetering!
  Dit wilde ik je alsnog even laten weten.


  ComboFix 07-06-17 - C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  "Robert H. Vorwald" - 2007-06-17 17:47:01 - Service Pack 2 NTFS


  (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


  C:\WINDOWS\system32\vtstq.dll
  C:\WINDOWS\system32\ddcbcdb.dll
  C:\WINDOWS\system32\ddcyv.dll
  C:\WINDOWS\system32\hggefff.dll
  C:\WINDOWS\system32\vturqqp.dll
  C:\WINDOWS\system32\xqgnpual.dll
  C:\WINDOWS\system32\yeibbbxf.dll
  C:\WINDOWS\system32\yfkeoosc.dll
  C:\WINDOWS\system32\ilnmp.bak2
  C:\WINDOWS\system32\ilnmp.ini
  C:\WINDOWS\system32\ilnmp.ini2
  C:\WINDOWS\system32\ilnmp.tmp
  C:\WINDOWS\system32\qtstv.ini
  C:\WINDOWS\system32\vycdd.ini
  C:\WINDOWS\system32\laupngqx.ini
  C:\WINDOWS\system32\fxbbbiey.ini
  C:\WINDOWS\system32\csooekfy.ini
  C:\WINDOWS\system32\ilnmp.bak2
  C:\WINDOWS\system32\ilnmp.ini
  C:\WINDOWS\system32\ilnmp.ini2
  C:\WINDOWS\system32\ilnmp.tmp
  C:\WINDOWS\system32\pmnli.dll
  C:\WINDOWS\system32\ljjjhgg.dll


  * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


  C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1.\macromedia\Flash Player\#SharedObjects\LRUZPMMY\www.broadcaster.com
  C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
  C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
  C:\Program Files\install.log
  C:\WINDOWS\gimmygames.dat
  C:\WINDOWS\winsysupd111.dat


  ((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


  2007-06-17 17:47 62,516 –a—— C:\WINDOWS\system32\nvxokpal.dll
  2007-06-17 17:46 49,152 –a—— C:\WINDOWS\nircmd.exe
  2007-06-17 02:02 125,972 –a—— C:\WINDOWS\system32\bidlumnl.dll
  2007-06-16 18:27 33,194 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
  2007-06-16 18:27 <DIR> d——– C:\WINDOWS\system32\RVAXO
  2007-06-16 11:25 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-06-16 11:25 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-06-16 11:25 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-06-16 11:25 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-06-16 11:25 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
  2007-06-16 11:25 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-06-16 11:25 <DIR> d——– C:\Program Files\Spyware Doctor
  2007-06-16 04:27 <DIR> d——– C:\DOCUME~1\LOCALS~1\Bureaublad
  2007-06-16 04:11 <DIR> d——– C:\Program Files\MZ U.T
  2007-06-14 15:02 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2007-06-14 13:58 9,961,472 –a—— C:\DOCUME~1\ROBERT~1.VOR\ntuser.dat
  2007-06-13 23:38 62,516 –a—— C:\WINDOWS\system32\yftnvkng.dll
  2007-06-13 23:04 <DIR> d——– C:\divx
  2007-06-12 14:41 8 -r-hs—- C:\WINDOWS\system32\C678E98593.sys
  2007-06-12 13:09 36,624 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
  2007-06-12 13:09 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
  2007-06-12 13:09 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
  2007-06-12 13:09 129,784 ——— C:\WINDOWS\system32\pxafs.dll
  2007-06-12 13:09 118,520 ——— C:\WINDOWS\system32\pxinsi64.exe
  2007-06-12 13:09 116,472 ——— C:\WINDOWS\system32\pxcpyi64.exe
  2007-06-12 00:10 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DivX
  2007-06-11 18:47 <DIR> d——– C:\A Beautifull Mind
  2007-06-11 16:59 <DIR> d——– C:\It - Stephen King
  2007-06-05 03:41 <DIR> d——– C:\Program Files\AviSub
  2007-06-03 20:06 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DVDFab
  2007-06-03 16:51 <DIR> d——– C:\Lonely Hearts
  2007-06-02 13:38 <DIR> d——– C:\Program Files\Dnote Software
  2007-05-31 08:45 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
  2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
  2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
  2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
  2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-06-17 15:51:26 12 —-a-w C:\WINDOWS\bthservsdp.dat
  2007-06-17 15:42:53 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Skype
  2007-06-17 09:51:08 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2007-06-17 00:24:47 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Azureus
  2007-06-16 23:19:14 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Sibelius Software
  2007-06-16 23:18:12 ——– d—–w C:\Program Files\Sibelius Software
  2007-06-16 17:54:09 ——– d—–w C:\Program Files\Hitman Pro
  2007-06-16 11:54:57 ——– d—–w C:\Program Files\SpywareBlaster
  2007-06-16 02:07:17 57,724 —-a-w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\wklnhst.dat
  2007-06-15 16:56:15 ——– d—–w C:\Program Files\Google
  2007-06-15 12:15:09 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
  2007-06-14 13:02:33 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-06-13 13:31:05 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Canon
  2007-06-12 23:53:27 ——– d—–w C:\Program Files\OpenOffice.org 2.1
  2007-06-12 23:49:36 ——– d—–w C:\Program Files\DivX
  2007-06-12 23:46:37 4,704 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
  2007-06-12 10:36:04 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Vso
  2007-06-11 20:31:51 ——– d—–w C:\Program Files\DVDFab Platinum 3
  2007-06-03 16:18:19 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Corel
  2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-05-13 00:24:45 97,474 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-05-13 00:24:45 503,678 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-05-11 23:41:17 ——– d—–w C:\Program Files\TomTom HOME
  2007-05-11 23:31:55 ——– d—–w C:\Program Files\Streamload
  2007-05-04 01:10:34 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\MAGIX
  2007-05-04 00:20:52 101,376 —-a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
  2007-05-04 00:20:41 ——– d—–w C:\Program Files\Common Files\MAGIX Shared
  2007-05-04 00:19:11 ——– d—–w C:\Program Files\MAGIX
  2007-04-30 15:46:10 745,600 —-a-w C:\WINDOWS\system32\aswBoot.exe
  2007-04-30 15:41:55 85,952 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
  2007-04-30 15:41:42 94,552 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
  2007-04-30 15:39:41 23,416 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
  2007-04-30 15:38:51 43,176 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
  2007-04-30 15:37:23 26,888 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
  2007-04-30 15:35:28 95,872 —-a-w C:\WINDOWS\system32\AVASTSS.scr
  2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
  2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
  2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
  2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
  2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
  2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
  2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
  2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
  2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
  2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
  2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
  2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
  2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-18 13:16:12 ——– d—–w C:\Program Files\eMule
  2007-04-18 13:11:27 ——– d—–w C:\Program Files\Multi_Media
  2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
  2007-01-12 02:44:30 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59:06 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50:57 56 –sh–r C:\WINDOWS\system32\FA58369351.sys


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
  {DA5A5F3E-D71B-476C-9BD3-14364565E842}=C:\WINDOWS\system32\bidlumnl.dll [2007-06-17 02:02]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 15:31]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 12:35]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
  "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
  "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
  "NWEReboot"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoLowDiskSpaceChecks"=0 (0x0)

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  bthsvcs BthServ


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]


  **************************************************************************

  catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-06-17 17:52:40
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


  Completion time: 2007-06-17 17:55:20 - machine was rebooted
  C:\ComboFix-quarantined-files.txt … 2007-06-17 17:55

  — E O F —
  Logfile of HijackThis v1.99.1
  Scan saved at 19:29:59, on 17-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\totalcmd\TOTALCMD.EXE
  c:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: (no name) - {DA5A5F3E-D71B-476C-9BD3-14364565E842} - C:\WINDOWS\system32\bidlumnl.dll
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:a53590a21b][b:a53590a21b]
 • Hallo Juisterr,

  Hieronder de logfiles.

  Van ComboFix zijn twee logs afgedrukt.
  Eén met de sleepactie van het bestand 'ComboFix-Do.txt' en één met de sleepactie 'ComboFix-Do'.
  De laatste dus zonder de .txt-extentie want dat was mij niet helemaal duidelijk.

  Het bestand bidlumnl.dll heb ik niet aangetroffen in de opgegeven directory.

  ComboFix 07-06-17 - C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  "Robert H. Vorwald" - 2007-06-18 13:28:32 - Service Pack 2 NTFS
  Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix-Do.txt

  De HJT-logfile is aangemaakt na de tweede boot van ComboFix, dus hoop ik desondanks toch in de goede opgegeven volgorde te hebben gewerkt.


  ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


  2007-06-17 17:47 62,516 –a—— C:\WINDOWS\system32\nvxokpal.dll
  2007-06-17 17:46 49,152 –a—— C:\WINDOWS\nircmd.exe
  2007-06-16 18:27 33,194 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
  2007-06-16 18:27 <DIR> d——– C:\WINDOWS\system32\RVAXO
  2007-06-16 11:25 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-06-16 11:25 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-06-16 11:25 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-06-16 11:25 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-06-16 11:25 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
  2007-06-16 11:25 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-06-16 11:25 <DIR> d——– C:\Program Files\Spyware Doctor
  2007-06-16 04:27 <DIR> d——– C:\DOCUME~1\LOCALS~1\Bureaublad
  2007-06-16 04:11 <DIR> d——– C:\Program Files\MZ U.T
  2007-06-14 15:02 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2007-06-14 13:58 9,961,472 –a—— C:\DOCUME~1\ROBERT~1.VOR\ntuser.dat
  2007-06-13 23:38 62,516 –a—— C:\WINDOWS\system32\yftnvkng.dll
  2007-06-13 23:04 <DIR> d——– C:\divx
  2007-06-12 14:41 8 -r-hs—- C:\WINDOWS\system32\C678E98593.sys
  2007-06-12 13:09 36,624 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
  2007-06-12 13:09 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
  2007-06-12 13:09 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
  2007-06-12 13:09 129,784 ——— C:\WINDOWS\system32\pxafs.dll
  2007-06-12 13:09 118,520 ——— C:\WINDOWS\system32\pxinsi64.exe
  2007-06-12 13:09 116,472 ——— C:\WINDOWS\system32\pxcpyi64.exe
  2007-06-12 00:10 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DivX
  2007-06-11 18:47 <DIR> d——– C:\A Beautifull Mind
  2007-06-11 16:59 <DIR> d——– C:\It - Stephen King
  2007-06-05 03:41 <DIR> d——– C:\Program Files\AviSub
  2007-06-03 20:06 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DVDFab
  2007-06-03 16:51 <DIR> d——– C:\Lonely Hearts
  2007-06-02 13:38 <DIR> d——– C:\Program Files\Dnote Software
  2007-05-31 08:45 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
  2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
  2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
  2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
  2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-06-18 11:16:54 57,654 —-a-w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\wklnhst.dat
  2007-06-18 10:57:25 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Skype
  2007-06-18 08:57:05 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2007-06-18 08:55:42 12 —-a-w C:\WINDOWS\bthservsdp.dat
  2007-06-17 00:24:47 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Azureus
  2007-06-16 23:19:14 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Sibelius Software
  2007-06-16 23:18:12 ——– d—–w C:\Program Files\Sibelius Software
  2007-06-16 17:54:09 ——– d—–w C:\Program Files\Hitman Pro
  2007-06-16 11:54:57 ——– d—–w C:\Program Files\SpywareBlaster
  2007-06-15 16:56:15 ——– d—–w C:\Program Files\Google
  2007-06-15 12:15:09 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
  2007-06-14 13:02:33 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-06-13 13:31:05 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Canon
  2007-06-12 23:53:27 ——– d—–w C:\Program Files\OpenOffice.org 2.1
  2007-06-12 23:49:36 ——– d—–w C:\Program Files\DivX
  2007-06-12 23:46:37 4,704 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
  2007-06-12 10:36:04 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Vso
  2007-06-11 20:31:51 ——– d—–w C:\Program Files\DVDFab Platinum 3
  2007-06-03 16:18:19 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Corel
  2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-05-13 00:24:45 97,474 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-05-13 00:24:45 503,678 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-05-11 23:41:17 ——– d—–w C:\Program Files\TomTom HOME
  2007-05-11 23:31:55 ——– d—–w C:\Program Files\Streamload
  2007-05-04 01:10:34 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\MAGIX
  2007-05-04 00:20:52 101,376 —-a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
  2007-05-04 00:20:41 ——– d—–w C:\Program Files\Common Files\MAGIX Shared
  2007-05-04 00:19:11 ——– d—–w C:\Program Files\MAGIX
  2007-04-30 15:46:10 745,600 —-a-w C:\WINDOWS\system32\aswBoot.exe
  2007-04-30 15:41:55 85,952 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
  2007-04-30 15:41:42 94,552 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
  2007-04-30 15:39:41 23,416 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
  2007-04-30 15:38:51 43,176 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
  2007-04-30 15:37:23 26,888 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
  2007-04-30 15:35:28 95,872 —-a-w C:\WINDOWS\system32\AVASTSS.scr
  2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
  2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
  2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
  2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
  2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
  2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
  2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
  2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
  2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
  2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
  2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
  2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
  2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-18 13:16:12 ——– d—–w C:\Program Files\eMule
  2007-04-18 13:11:27 ——– d—–w C:\Program Files\Multi_Media
  2007-01-12 02:44:30 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59:06 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50:57 56 –sh–r C:\WINDOWS\system32\FA58369351.sys


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
  {DA5A5F3E-D71B-476C-9BD3-14364565E842}=C:\WINDOWS\system32\bidlumnl.dll []

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 15:31]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 12:35]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
  "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
  "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
  "NWEReboot"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoLowDiskSpaceChecks"=0 (0x0)

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  bthsvcs BthServ


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]


  **************************************************************************

  catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-06-18 13:29:09
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


  Completion time: 2007-06-18 13:29:36
  C:\ComboFix-quarantined-files.txt … 2007-06-18 13:29
  C:\ComboFix2.txt … 2007-06-18 13:24
  C:\ComboFix3.txt … 2007-06-17 17:55

  — E O F —


  ComboFix 07-06-17 - C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  "Robert H. Vorwald" - 2007-06-18 13:21:03 - Service Pack 2 NTFS
  Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix-Do.txt.txt


  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


  C:\WINDOWS\system32\bidlumnl.dll


  ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


  2007-06-17 17:47 62,516 –a—— C:\WINDOWS\system32\nvxokpal.dll
  2007-06-17 17:46 49,152 –a—— C:\WINDOWS\nircmd.exe
  2007-06-16 18:27 33,194 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
  2007-06-16 18:27 <DIR> d——– C:\WINDOWS\system32\RVAXO
  2007-06-16 11:25 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-06-16 11:25 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-06-16 11:25 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-06-16 11:25 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-06-16 11:25 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
  2007-06-16 11:25 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-06-16 11:25 <DIR> d——– C:\Program Files\Spyware Doctor
  2007-06-16 04:27 <DIR> d——– C:\DOCUME~1\LOCALS~1\Bureaublad
  2007-06-16 04:11 <DIR> d——– C:\Program Files\MZ U.T
  2007-06-14 15:02 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2007-06-14 13:58 9,961,472 –a—— C:\DOCUME~1\ROBERT~1.VOR\ntuser.dat
  2007-06-13 23:38 62,516 –a—— C:\WINDOWS\system32\yftnvkng.dll
  2007-06-13 23:04 <DIR> d——– C:\divx
  2007-06-12 14:41 8 -r-hs—- C:\WINDOWS\system32\C678E98593.sys
  2007-06-12 13:09 36,624 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
  2007-06-12 13:09 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
  2007-06-12 13:09 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
  2007-06-12 13:09 129,784 ——— C:\WINDOWS\system32\pxafs.dll
  2007-06-12 13:09 118,520 ——— C:\WINDOWS\system32\pxinsi64.exe
  2007-06-12 13:09 116,472 ——— C:\WINDOWS\system32\pxcpyi64.exe
  2007-06-12 00:10 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DivX
  2007-06-11 18:47 <DIR> d——– C:\A Beautifull Mind
  2007-06-11 16:59 <DIR> d——– C:\It - Stephen King
  2007-06-05 03:41 <DIR> d——– C:\Program Files\AviSub
  2007-06-03 20:06 <DIR> d——– C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\DVDFab
  2007-06-03 16:51 <DIR> d——– C:\Lonely Hearts
  2007-06-02 13:38 <DIR> d——– C:\Program Files\Dnote Software
  2007-05-31 08:45 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
  2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
  2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
  2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
  2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-06-18 11:16:54 57,654 —-a-w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\wklnhst.dat
  2007-06-18 10:57:25 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Skype
  2007-06-18 08:57:05 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2007-06-18 08:55:42 12 —-a-w C:\WINDOWS\bthservsdp.dat
  2007-06-17 00:24:47 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Azureus
  2007-06-16 23:19:14 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Sibelius Software
  2007-06-16 23:18:12 ——– d—–w C:\Program Files\Sibelius Software
  2007-06-16 17:54:09 ——– d—–w C:\Program Files\Hitman Pro
  2007-06-16 11:54:57 ——– d—–w C:\Program Files\SpywareBlaster
  2007-06-15 16:56:15 ——– d—–w C:\Program Files\Google
  2007-06-15 12:15:09 2,864 —-a-w C:\WINDOWS\system32\winsock.dll
  2007-06-14 13:02:33 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-06-13 13:31:05 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Canon
  2007-06-12 23:53:27 ——– d—–w C:\Program Files\OpenOffice.org 2.1
  2007-06-12 23:49:36 ——– d—–w C:\Program Files\DivX
  2007-06-12 23:46:37 4,704 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
  2007-06-12 10:36:04 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Vso
  2007-06-11 20:31:51 ——– d—–w C:\Program Files\DVDFab Platinum 3
  2007-06-03 16:18:19 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\Corel
  2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-05-13 00:24:45 97,474 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-05-13 00:24:45 503,678 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-05-11 23:41:17 ——– d—–w C:\Program Files\TomTom HOME
  2007-05-11 23:31:55 ——– d—–w C:\Program Files\Streamload
  2007-05-04 01:10:34 ——– d—–w C:\DOCUME~1\ROBERT~1.VOR\APPLIC~1\MAGIX
  2007-05-04 00:20:52 101,376 —-a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
  2007-05-04 00:20:41 ——– d—–w C:\Program Files\Common Files\MAGIX Shared
  2007-05-04 00:19:11 ——– d—–w C:\Program Files\MAGIX
  2007-04-30 15:46:10 745,600 —-a-w C:\WINDOWS\system32\aswBoot.exe
  2007-04-30 15:41:55 85,952 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
  2007-04-30 15:41:42 94,552 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
  2007-04-30 15:39:41 23,416 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
  2007-04-30 15:38:51 43,176 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
  2007-04-30 15:37:23 26,888 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
  2007-04-30 15:35:28 95,872 —-a-w C:\WINDOWS\system32\AVASTSS.scr
  2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
  2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
  2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
  2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
  2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
  2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
  2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
  2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
  2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
  2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
  2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
  2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
  2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-18 13:16:12 ——– d—–w C:\Program Files\eMule
  2007-04-18 13:11:27 ——– d—–w C:\Program Files\Multi_Media
  2007-01-12 02:44:30 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59:06 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50:57 56 –sh–r C:\WINDOWS\system32\FA58369351.sys


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
  {DA5A5F3E-D71B-476C-9BD3-14364565E842}=C:\WINDOWS\system32\bidlumnl.dll []

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 15:31]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 12:35]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
  "Dit"="Dit.exe" [2004-07-20 19:18 C:\WINDOWS\Dit.exe]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
  "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
  "NWEReboot"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoLowDiskSpaceChecks"=0 (0x0)

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  bthsvcs BthServ


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]


  **************************************************************************

  catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-06-18 13:23:37
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


  Completion time: 2007-06-18 13:24:08
  C:\ComboFix-quarantined-files.txt … 2007-06-18 13:24
  C:\ComboFix2.txt … 2007-06-17 17:55

  — E O F —


  Logfile of HijackThis v1.99.1
  Scan saved at 13:47:33, on 18-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\totalcmd\TOTALCMD.EXE
  c:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 • Download [b:59a68b3fe8]Dr.Web CureIt[/b:59a68b3fe8] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  Dubbelklik [b:59a68b3fe8]drweb-cureit.exe[/b:59a68b3fe8] en sta het toe om de express scan te starten.
  Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  Eenmaal de korte scan is beeïndigd, Klik [b:59a68b3fe8]Options[/b:59a68b3fe8] > Change Settings
  Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  Klik daarna de [b:59a68b3fe8]groene pijl[/b:59a68b3fe8] rechts om de scan te starten.
  Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:59a68b3fe8]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:59a68b3fe8]
  Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:59a68b3fe8]Move incurable[/b:59a68b3fe8] zoals je zal zien in volgende afbeelding:
  [img:59a68b3fe8]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:59a68b3fe8]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:59a68b3fe8]file[/b:59a68b3fe8] en kies [b:59a68b3fe8]save report list[/b:59a68b3fe8]. Bewaar de log op je bureaublad.
  Sluit daarna Dr.Web Cureit.

  [b:59a68b3fe8]Herstart[/b:59a68b3fe8] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

  Run HijackThis opnieuw en post een nieuwe log
 • Hallo Juisterr,

  Hieronder weer de nieuwe logfiles.
  In de eerste scan van DrWeb werden geen ongeregeldheden aangetroffen, maar in de tweede wel.


  bidlumnl.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Adware.Crew Incurable.Moved.
  ddcbcdb.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  ddcyv.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  hggefff.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  ljjjhgg.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  pmnli.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  vtstq.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  vturqqp.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  A0021654.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
  A0021658.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
  A0021659.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
  A0021660.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
  A0021883.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP120 Trojan.Virtumod Deleted.
  A0023778.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023779.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023780.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023781.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023782.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023789.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023790.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Trojan.Virtumod Deleted.
  A0023998.dll C:\System Volume Information\_restore{76E2313C-25EF-4F51-B448-633F82C47A5B}\RP126 Adware.Crew Incurable.Moved.
  nvxokpal.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
  yftnvkng.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.


  Logfile of HijackThis v1.99.1
  Scan saved at 21:26:24, on 18-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\system32\rsvp.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Dit.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\totalcmd\TOTALCMD.EXE
  C:\WINDOWS\system32\wuauclt.exe
  c:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 • Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


  - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
  - Zet een vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Windows vraagt of je dat zeker weet.
  - Klik "Ja".
  - Klik "OK".
  - Start de pc opnieuw op.
  - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
  - Klik "Ja".
  - Verwijder het vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Klik "OK".
  - Start de pc opnieuw op
  - Er is nu een nieuw schoon herstel punt aangemaakt

  Hier nog wat tips. tips
 • Beste Juisterr,

  Je laatste instructies heb ik opgevolgd.
  Na een dagje surfen heb ik geen vreemde ervaringen meer gehad!
  Het surfen gaat weer vlot en zonder ongevraagde siteverschijningen.
  Ook heeft mijn antivirusprog geen meldingen meer van Trojanen gegeven.
  Tijdens het gehele proces namen de klachten gradueel af.
  Ook heb ik je tips doorgenomen en verschillende progs gedownload en geïnstalleerd om zodoende mijn systeem zoveel mogelijk 'dicht te timmeren'.
  Zo heb ik o.a. AVG Anti-Spyware geïnstalleerd; kun je me aangeven of daarmee de installatie van Windows Defender overbodig is geworden?

  Ik heb nog een vraag: kan ik progs en de daardoor gemaakte logfiles gebruikt en aangemaakt tijdens het laatste proces nu verwijderen/deïnstellareren?
  Ik doel hiermee op RemoveVideoActiveXOject, ComboFix en DrWeb alsmede aangemaakte mappen C:\Avanger en C:\Qoobox en C:\Documents and Settings\Robert H. Vorwald\DoctorWeb.

  Heb je nog een aanwijzing voor me hoe ik de autoplayfunctie van mijn DVD-Rom en DVD-RW-drives weer terug kan krijgen?
  Deze is (kennelijk) tijdens het proces verloren gegaan.
  Nu krijg ik slechts een verkennervenster met de op de CD/DVD aanwezige mappen/bestanden.
  Ik kan de autoplayfunctie ook niet meer terugkrijgen/inschakelen via de eigenschappen van de drives of TweakUI.

  Heel, heel hartelijk dank (!!!) voor je bemoeienis, inspanningen en instructies om mijn problemen uit de wereld te helpen.
  Een vorige keer heb je me ook al zo goed geholpen en ook nu was ik er zonder jouw expertise beslist niet uitgekomen!
  Wat mij betreft ben je een hoofdparel aan de HCC-ketting!

  Met een hartelijke groet,
  Robert H. Vorwald.
 • Ik kan alleen nog adviseren om maar 1 actieve antivirusscanner te installeren. Dus dat wordt een keuze maken.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.