Ik heb iets op mijn systeem, wat er niet hoort. Probeert ook via explorer.exe contact te maken met een vage site.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:27, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\total commander\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HiJackThis.exe

O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

–
End of file - 4849 bytes

Het gaat iig om deze file: jjjhgf.dll

OOO gerben toch.


Download [b:d3d0f65bde]Combofix[/b:d3d0f65bde] naar je Bureaublad.[list:d3d0f65bde]
Dubbelklik op [b:d3d0f65bde]Combofix.exe[/b:d3d0f65bde]
Volg de instructies, aanvaard de disclaimer door [b:d3d0f65bde]1[/b:d3d0f65bde] (continue) te typen gevolgd door [b:d3d0f65bde]ENTER[/b:d3d0f65bde].
Tijdens het runnen van de fix, [b:d3d0f65bde]NIET[/b:d3d0f65bde] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:d3d0f65bde]
Wanneer de fix voltooid is en na herstart, zal de log [b:d3d0f65bde]combofix.txt[/b:d3d0f65bde] openen.
[i:d3d0f65bde]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:d3d0f65bde]

Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:d3d0f65bde]
O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll
O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll
[/b:d3d0f65bde]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Hijackthis kan ze niet verwijdern, had ik al geprobeerd. Killbox evenmin. Virustotal meent virtumonde te herkennen, o.a. door f-secure. Hun removal tool herkent het ook, maar verwijdert het niet. Vundofix evenmin.

ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 13:38:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.348 [GMT 1:00]
Running from: L:\trojan\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
2007-11-10 03:54 36,864 ——— C:\WINDOWS\system32\ljjjhgf.dll
2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
2007-11-08 19:56 <DIR> d——– C:\WINDOWS\nview
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 12:38 ——— d—–w c:\program files\\PeerGuardian2
2007-11-10 12:01 ——— d—–w c:\program files\\Hijack This
2007-11-10 11:57 ——— d—–w c:\program files\\Mozilla Firefox
2007-11-10 11:48 ——— d—–w c:\program files\\Common Files
2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
2007-11-10 03:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
2007-11-08 03:07 ——— d—–w c:\program files\\Opera
2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 21:02 ——— d—–w c:\program files\\Spybot - Search & Destroy
2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32\nvapi.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcod.dll
2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32\nvgames.dll
2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32\nvwss.dll
2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}]
2007-11-10 03:54 36864 ——— C:\WINDOWS\system32\ljjjhgf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
"nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}"= C:\WINDOWS\system32\ljjjhgf.dll [2007-11-10 03:54 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhgf]
ljjjhgf.dll 2007-11-10 03:54 36864 C:\WINDOWS\system32\ljjjhgf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 13:38:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 13:39:25
.
— E O F —

Hijackthis log ná combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:52, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\total commander\TOTALCMD.EXE
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HiJackThis.exe

O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

–
End of file - 4961 bytes

Nogmaals geprobeerd met die tool van f-secure, lukt in tweede instantie wel. Het bestand is iig weg, en er is geen andere bijgekomen in hijackthis. Of jij moet nog iets zien?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:28, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\total commander\TOTALCMD.EXE
C:\Program Files\Hijack This\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

–
End of file - 3983 bytes

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:012df8e898][b:012df8e898]

O ja Gerben, ze zijn niet meer te zien, waarschijnlijk verborgen nu.

Geen O2 en O20 gevonden en dat wijst doorgaans op vundo.
Voer de bovenstaande fix uit, ze kunnen daarmee de tool updaten en dan word het wel verwijderd.

Geen zipfile te zien. Twee keer gedaan voor de zekerheid. Na die fix van f-secure stond er overigens wel een ljjjhgf.dll.bak op de schijf. Bij herhaling van de fix vindt ie niets (de vorige keer dus wel).


ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 18:47:39.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.746 [GMT 1:00]
Running from: G:\downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gerben Hoekstra\Desktop\cfscript.txt
.

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-10 16:34 <DIR> d——– C:\tmp
2007-11-10 14:00 <DIR> d——– c:\Program Files\Unlocker
2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
2007-11-08 19:56 <DIR> d——– C:\WINDOWS\nview
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 17:46 ——— d—–w c:\program files\\PeerGuardian2
2007-11-10 17:42 ——— d—–w c:\program files\\Mozilla Firefox
2007-11-10 15:47 ——— d—–w c:\program files\\Hijack This
2007-11-10 15:38 ——— d—–w c:\program files\\Spybot - Search & Destroy
2007-11-10 15:32 ——— d—–w c:\program files\\Unlocker
2007-11-10 14:20 ——— d—–w c:\program files\\Common Files
2007-11-10 13:18 3,888 —-a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-11-10 13:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
2007-11-08 03:07 ——— d—–w c:\program files\\Opera
2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32\nvapi.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcod.dll
2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32\nvgames.dll
2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32\nvwss.dll
2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
"nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 18:48:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 18:48:19
C:\ComboFix2.txt … 2007-11-10 18:42
.
— E O F —




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:04, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\total commander\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HiJackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

–
End of file - 4232 bytes

tja tja tja, hmmm

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:0f0847ed45]Combofix /U[/b:0f0847ed45], kies optie [b:0f0847ed45]2[/b:0f0847ed45] en Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.



En probeer deze opnieuw te downloaden.

Download [b:0f0847ed45] naar je Bureaublad.[list:0f0847ed45]
Dubbelklik op [b:0f0847ed45]Combofix.exe[/b:0f0847ed45]
Volg de instructies, aanvaard de disclaimer door [b:0f0847ed45]1[/b:0f0847ed45] (continue) te typen gevolgd door [b:0f0847ed45]ENTER[/b:0f0847ed45].
Tijdens het runnen van de fix, [b:0f0847ed45]NIET[/b:0f0847ed45] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0f0847ed45]
Wanneer de fix voltooid is en na herstart, zal de log [b:0f0847ed45]combofix.txt[/b:0f0847ed45] openen.
[i:0f0847ed45]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:0f0847ed45]

OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 22:14:59.8 - NTFSx86
Running from: G:\downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-10 19:15 <DIR> d——– C:\Program Files\Common Files\Java
2007-11-10 19:15 <DIR> d——– c:\Program Files\Java
2007-11-10 16:34 <DIR> d——– C:\tmp
2007-11-10 14:00 <DIR> d——– c:\Program Files\Unlocker
2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
2007-11-08 19:56 <DIR> d——– C:\WINDOWS\nview
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 21:15 ——— d—–w c:\program files\\PeerGuardian2
2007-11-10 21:06 ——— d—–w c:\program files\\Mozilla Firefox
2007-11-10 18:15 ——— d—–w c:\program files\\Java
2007-11-10 18:15 ——— d—–w c:\program files\\Common Files
2007-11-10 17:52 ——— d—–w c:\program files\\Hijack This
2007-11-10 15:38 ——— d—–w c:\program files\\Spybot - Search & Destroy
2007-11-10 15:32 ——— d—–w c:\program files\\Unlocker
2007-11-10 13:18 3,888 —-a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-11-10 13:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
2007-11-08 03:07 ——— d—–w c:\program files\\Opera
2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32\nvapi.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcod.dll
2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32\nvgames.dll
2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32\nvwss.dll
2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
"nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]
"SunJavaUpdateSched"="C:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 22:15:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 22:16:28
C:\ComboFix2.txt … 2007-11-10 18:48
C:\ComboFix3.txt … 2007-11-10 18:42
.
— E O F —

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
[b:a0bb3a6950]

U kan klagen over deze infectie en de makers ervan op onderstaande site.

http://www.malwarecomplaints.info/viewtopic.php?t=2157

[b:734ae725bc]

Voorzover ik zo kan zien geen problemen.

ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-11 13:58:18.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.725 [GMT 1:00]
Running from: C:\Documents and Settings\Gerben Hoekstra\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Gerben Hoekstra\Desktop\cfscript.txt
.

((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-11 00:59 <DIR> d——– c:\Program Files\Lightsmark 2007
2007-11-10 19:15 <DIR> d——– C:\Program Files\Common Files\Java
2007-11-10 19:15 <DIR> d——– c:\Program Files\Java
2007-11-10 16:34 <DIR> d——– C:\tmp
2007-11-10 14:00 <DIR> d——– c:\Program Files\Unlocker
2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
2007-11-08 19:56 <DIR> d——– C:\WINDOWS\nview
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-05 21:18 56 –a—— C:\WINDOWS\UninstallLightsmark2007.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 12:58 ——— d—–w c:\program files\\PeerGuardian2
2007-11-11 12:36 ——— d—–w c:\program files\\Mozilla Firefox
2007-11-11 00:00 ——— d—–w c:\program files\\Lightsmark 2007
2007-11-10 18:15 ——— d—–w c:\program files\\Java
2007-11-10 18:15 ——— d—–w c:\program files\\Common Files
2007-11-10 17:52 ——— d—–w c:\program files\\Hijack This
2007-11-10 15:38 ——— d—–w c:\program files\\Spybot - Search & Destroy
2007-11-10 15:32 ——— d—–w c:\program files\\Unlocker
2007-11-10 13:18 3,888 —-a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-11-10 13:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
2007-11-08 03:07 ——— d—–w c:\program files\\Opera
2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32\nvapi.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32\nvcod.dll
2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32\nvgames.dll
2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32\nvwss.dll
2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
"nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]
"SunJavaUpdateSched"="C:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 13:58:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 13:59:09
.
— E O F —

Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:76cc1810ac]Combofix /U[/b:76cc1810ac], kies optie [b:76cc1810ac]2[/b:76cc1810ac] en Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.


nog een klacht ingediend >?