Mededeling

**Marckie** · 24-12-07, 13:02

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).

Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
(gebruik wel deze versie van hijackthis: http://www.trendsecure.com/portal/en...HJTInstall.exe )

**pareltje_6** · 24-12-07, 15:17

Essa voce precisa VER

Hallo,

Hier is mijn 2e scan met combofix

ComboFix 07-12-21.4 - pareltje 2007-12-24 15:08:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1410 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\pareltje\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))
.

2007-12-24 14:56 . 2007-12-24 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 11:07 . 2007-12-24 11:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-24 11:07 . 2007-12-24 11:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 11:07 . 2007-12-24 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-24 10:49 . 2007-12-24 10:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-19 14:45 . 2007-12-19 14:45 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\IsolatedStorage
2007-12-19 14:35 . 2007-12-19 14:35 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-19 12:34 . 2007-12-19 12:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-19 12:32 . 2007-12-19 12:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-19 12:32 . 2007-12-24 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-19 12:13 . 2002-03-05 10:34 32,768 --a------ C:\WINDOWS\system32\Remove4006.exe
2007-12-19 12:13 . 2001-06-07 17:56 18,120 --a------ C:\WINDOWS\system32\drivers\TR12388.sys
2007-12-19 12:13 . 2002-01-16 14:36 11,540 --a------ C:\WINDOWS\TR12388.ini
2007-12-19 12:13 . 2002-02-26 10:55 8,192 --a------ C:\WINDOWS\system32\drivers\Artec48.usb
2007-12-19 12:13 . 2002-02-25 09:43 2,650 --a------ C:\WINDOWS\Ausba4.ini
2007-12-19 12:13 . 2007-12-24 15:04 1,134 --a------ C:\WINDOWS\ScnPanel.ini
2007-12-19 12:13 . 2001-06-22 15:57 766 --a------ C:\WINDOWS\Uninstall.ico
2007-12-19 12:12 . 2007-12-19 12:12 <DIR> d-------- C:\Program Files\Trust
2007-12-19 12:12 . 2002-03-04 21:41 167,936 --------- C:\WINDOWS\Ausba4.dll
2007-12-19 12:12 . 2002-03-04 21:43 167,936 --------- C:\WINDOWS\A4.dll
2007-12-19 12:12 . 2001-10-18 05:01 45,056 --------- C:\WINDOWS\Getkey.dll
2007-12-19 12:12 . 2002-01-05 22:57 7,168 --------- C:\WINDOWS\system32\48UMicro.dll
2007-12-19 12:12 . 2002-06-27 21:42 1,739 --------- C:\WINDOWS\TRUST151.ini
2007-12-19 11:56 . 2007-12-19 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-12-19 11:54 . 2007-12-19 11:54 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-19 11:54 . 2007-12-19 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-19 11:53 . 2007-12-19 11:54 <DIR> d-------- C:\Program Files\Common Files\HP
2007-12-19 11:52 . 2007-12-19 11:52 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-19 11:50 . 2007-12-19 11:50 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-19 11:49 . 2005-06-01 17:01 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-12-19 11:49 . 2004-09-29 06:11 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-19 11:49 . 2005-05-05 08:51 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll
2007-12-19 11:49 . 2004-09-29 06:11 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-19 11:47 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-19 11:47 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-19 11:47 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-19 11:47 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-19 11:47 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-19 11:47 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-19 11:47 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-19 11:45 . 2007-12-19 11:52 <DIR> d-------- C:\Program Files\HP
2007-12-19 11:43 . 2007-12-19 11:58 81,013 --a------ C:\WINDOWS\HPHins08.dat
2007-12-19 11:43 . 2005-06-01 17:23 4,011 --------- C:\WINDOWS\hphmdl08.dat
2007-12-19 11:42 . 2007-12-19 11:42 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\HP
2007-12-19 01:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-19 01:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-19 00:26 . 2007-12-19 00:27 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-19 00:09 . 2007-12-19 09:59 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-19 00:09 . 2007-12-19 00:21 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-19 00:09 . 2007-12-19 00:21 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-19 00:09 . 2007-12-19 00:21 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-19 00:09 . 2007-12-19 00:21 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-19 00:08 . 2007-12-19 14:34 <DIR> d-------- C:\Program Files\Symantec
2007-12-19 00:08 . 2007-12-24 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 00:07 . 2007-12-24 15:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-19 00:03 . 2007-12-19 00:03 395 --a------ C:\WINDOWS\ODBC.INI
2007-12-19 00:01 . 2007-12-19 00:01 <DIR> dr-h----- C:\MSOCache
2007-12-18 23:58 . 2007-12-18 23:58 <DIR> d-------- C:\Program Files\byLight
2007-12-18 23:58 . 2007-12-18 23:58 33 --a------ C:\WINDOWS\iltwain.ini
2007-12-18 23:56 . 2007-12-19 00:20 <DIR> d-------- C:\Program Files\ColorPic 4.1
2007-12-18 23:56 . 2007-12-18 23:56 134,146 --a------ C:\WINDOWS\ColorPic Uninstaller.exe
2007-12-18 23:53 . 2007-12-18 23:53 <DIR> d-------- C:\Program Files\TigerColor
2007-12-18 23:53 . 2007-12-18 23:55 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\ColorImpact3
2007-12-18 23:53 . 2007-12-18 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 23:50 . 2007-12-18 23:50 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\Ulead Systems
2007-12-18 23:45 . 2007-12-18 23:45 <DIR> d-------- C:\Program Files\Ulead Systems
2007-12-18 23:45 . 2007-12-18 23:45 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-12-18 23:45 . 2007-12-18 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-18 23:45 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-18 23:45 . 2006-07-22 19:37 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2007-12-18 23:39 . 2007-12-18 23:39 <DIR> d-------- C:\Program Files\iColorFolder
2007-12-18 23:36 . 2007-12-18 23:36 <DIR> d-------- C:\Program Files\WoLoSoft
2007-12-18 23:35 . 2007-12-24 10:49 113 --a------ C:\WINDOWS\mgutil_reg.ini
2007-12-18 23:35 . 2007-12-18 23:35 44 --a------ C:\WINDOWS\mgutil_win.ini
2007-12-18 23:34 . 2007-12-18 23:34 <DIR> d-------- C:\Program Files\Mgutil
2007-12-18 23:34 . 2007-12-18 23:34 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2007-12-18 23:25 . 2007-12-19 00:14 <DIR> d-------- C:\Program Files\XstreamRadio 3.02
2007-12-18 23:19 . 2006-05-26 13:21 32,768 --a------ C:\WINDOWS\system32\plugin.dll
2007-12-18 23:19 . 2007-12-19 12:46 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-18 23:18 . 2007-12-18 23:18 <DIR> d-------- C:\Program Files\filter
2007-12-18 23:18 . 1999-07-27 17:03 481,552 --a------ C:\WINDOWS\system\dxtmsft3.dll
2007-12-18 23:18 . 2001-08-18 06:36 337,920 --a------ C:\WINDOWS\system\dxtmsft.dll
2007-12-18 23:18 . 2000-08-20 02:29 268,048 --a------ C:\WINDOWS\system\Dxtmeta2.dll
2007-12-18 23:07 . 2007-12-18 23:14 <DIR> d-------- C:\Documents and Settings\pareltje\Contacts
2007-12-18 23:04 . 2007-12-18 23:06 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-18 22:24 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-18 22:13 . 2007-12-18 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-18 22:12 . 2004-08-04 01:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-12-18 22:12 . 2004-08-04 01:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-18 22:12 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-12-18 22:12 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-12-18 22:12 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-12-18 22:12 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-12-18 22:12 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-18 22:12 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-12-18 22:11 . 2007-12-18 22:13 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-12-18 21:19 . 2007-12-18 22:25 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-18 20:51 . 2007-12-18 21:02 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-18 20:48 . 2007-12-24 15:00 45,056 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-18 20:42 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 14:03 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-18 17:55 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 C:\WINDOWS\RTHDCPL.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2004-08-25 22:27]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [2002-11-14 12:34]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 17:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2006-03-02 13:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-18 20:32:38]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-18 20:31:27]
ScanPanel.lnk - C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe [2007-12-19 12:12:59]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-12-18 23:32:57]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 04:13]

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 23:14:08 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - pareltje.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 15:10:04
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-24 15:10:35
.
2007-12-24 09:53:23 --- E O F ---

En dit is de nieuwe HijackThis scan

ComboFix 07-12-21.4 - pareltje 2007-12-24 15:08:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1410 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\pareltje\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))
.

2007-12-24 14:56 . 2007-12-24 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 11:07 . 2007-12-24 11:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-24 11:07 . 2007-12-24 11:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 11:07 . 2007-12-24 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-24 10:49 . 2007-12-24 10:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-19 14:45 . 2007-12-19 14:45 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\IsolatedStorage
2007-12-19 14:35 . 2007-12-19 14:35 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-19 12:34 . 2007-12-19 12:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-19 12:32 . 2007-12-19 12:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-19 12:32 . 2007-12-24 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-19 12:13 . 2002-03-05 10:34 32,768 --a------ C:\WINDOWS\system32\Remove4006.exe
2007-12-19 12:13 . 2001-06-07 17:56 18,120 --a------ C:\WINDOWS\system32\drivers\TR12388.sys
2007-12-19 12:13 . 2002-01-16 14:36 11,540 --a------ C:\WINDOWS\TR12388.ini
2007-12-19 12:13 . 2002-02-26 10:55 8,192 --a------ C:\WINDOWS\system32\drivers\Artec48.usb
2007-12-19 12:13 . 2002-02-25 09:43 2,650 --a------ C:\WINDOWS\Ausba4.ini
2007-12-19 12:13 . 2007-12-24 15:04 1,134 --a------ C:\WINDOWS\ScnPanel.ini
2007-12-19 12:13 . 2001-06-22 15:57 766 --a------ C:\WINDOWS\Uninstall.ico
2007-12-19 12:12 . 2007-12-19 12:12 <DIR> d-------- C:\Program Files\Trust
2007-12-19 12:12 . 2002-03-04 21:41 167,936 --------- C:\WINDOWS\Ausba4.dll
2007-12-19 12:12 . 2002-03-04 21:43 167,936 --------- C:\WINDOWS\A4.dll
2007-12-19 12:12 . 2001-10-18 05:01 45,056 --------- C:\WINDOWS\Getkey.dll
2007-12-19 12:12 . 2002-01-05 22:57 7,168 --------- C:\WINDOWS\system32\48UMicro.dll
2007-12-19 12:12 . 2002-06-27 21:42 1,739 --------- C:\WINDOWS\TRUST151.ini
2007-12-19 11:56 . 2007-12-19 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-12-19 11:54 . 2007-12-19 11:54 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-19 11:54 . 2007-12-19 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-19 11:53 . 2007-12-19 11:54 <DIR> d-------- C:\Program Files\Common Files\HP
2007-12-19 11:52 . 2007-12-19 11:52 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-19 11:50 . 2007-12-19 11:50 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-19 11:49 . 2005-06-01 17:01 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-12-19 11:49 . 2004-09-29 06:11 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-19 11:49 . 2005-05-05 08:51 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll
2007-12-19 11:49 . 2004-09-29 06:11 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-19 11:47 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-19 11:47 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-19 11:47 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-19 11:47 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-19 11:47 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-19 11:47 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-19 11:47 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-19 11:45 . 2007-12-19 11:52 <DIR> d-------- C:\Program Files\HP
2007-12-19 11:43 . 2007-12-19 11:58 81,013 --a------ C:\WINDOWS\HPHins08.dat
2007-12-19 11:43 . 2005-06-01 17:23 4,011 --------- C:\WINDOWS\hphmdl08.dat
2007-12-19 11:42 . 2007-12-19 11:42 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\HP
2007-12-19 01:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-19 01:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-19 00:26 . 2007-12-19 00:27 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-19 00:09 . 2007-12-19 09:59 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-19 00:09 . 2007-12-19 00:21 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-19 00:09 . 2007-12-19 00:21 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-19 00:09 . 2007-12-19 00:21 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-19 00:09 . 2007-12-19 00:21 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-19 00:08 . 2007-12-19 14:34 <DIR> d-------- C:\Program Files\Symantec
2007-12-19 00:08 . 2007-12-24 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 00:07 . 2007-12-24 15:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-19 00:03 . 2007-12-19 00:03 395 --a------ C:\WINDOWS\ODBC.INI
2007-12-19 00:01 . 2007-12-19 00:01 <DIR> dr-h----- C:\MSOCache
2007-12-18 23:58 . 2007-12-18 23:58 <DIR> d-------- C:\Program Files\byLight
2007-12-18 23:58 . 2007-12-18 23:58 33 --a------ C:\WINDOWS\iltwain.ini
2007-12-18 23:56 . 2007-12-19 00:20 <DIR> d-------- C:\Program Files\ColorPic 4.1
2007-12-18 23:56 . 2007-12-18 23:56 134,146 --a------ C:\WINDOWS\ColorPic Uninstaller.exe
2007-12-18 23:53 . 2007-12-18 23:53 <DIR> d-------- C:\Program Files\TigerColor
2007-12-18 23:53 . 2007-12-18 23:55 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\ColorImpact3
2007-12-18 23:53 . 2007-12-18 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 23:50 . 2007-12-18 23:50 <DIR> d-------- C:\Documents and Settings\pareltje\Application Data\Ulead Systems
2007-12-18 23:45 . 2007-12-18 23:45 <DIR> d-------- C:\Program Files\Ulead Systems
2007-12-18 23:45 . 2007-12-18 23:45 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-12-18 23:45 . 2007-12-18 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-18 23:45 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-18 23:45 . 2006-07-22 19:37 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2007-12-18 23:39 . 2007-12-18 23:39 <DIR> d-------- C:\Program Files\iColorFolder
2007-12-18 23:36 . 2007-12-18 23:36 <DIR> d-------- C:\Program Files\WoLoSoft
2007-12-18 23:35 . 2007-12-24 10:49 113 --a------ C:\WINDOWS\mgutil_reg.ini
2007-12-18 23:35 . 2007-12-18 23:35 44 --a------ C:\WINDOWS\mgutil_win.ini
2007-12-18 23:34 . 2007-12-18 23:34 <DIR> d-------- C:\Program Files\Mgutil
2007-12-18 23:34 . 2007-12-18 23:34 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2007-12-18 23:25 . 2007-12-19 00:14 <DIR> d-------- C:\Program Files\XstreamRadio 3.02
2007-12-18 23:19 . 2006-05-26 13:21 32,768 --a------ C:\WINDOWS\system32\plugin.dll
2007-12-18 23:19 . 2007-12-19 12:46 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-18 23:18 . 2007-12-18 23:18 <DIR> d-------- C:\Program Files\filter
2007-12-18 23:18 . 1999-07-27 17:03 481,552 --a------ C:\WINDOWS\system\dxtmsft3.dll
2007-12-18 23:18 . 2001-08-18 06:36 337,920 --a------ C:\WINDOWS\system\dxtmsft.dll
2007-12-18 23:18 . 2000-08-20 02:29 268,048 --a------ C:\WINDOWS\system\Dxtmeta2.dll
2007-12-18 23:07 . 2007-12-18 23:14 <DIR> d-------- C:\Documents and Settings\pareltje\Contacts
2007-12-18 23:04 . 2007-12-18 23:06 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-18 22:24 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-18 22:13 . 2007-12-18 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-18 22:12 . 2004-08-04 01:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-12-18 22:12 . 2004-08-04 01:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-18 22:12 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-12-18 22:12 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-12-18 22:12 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-12-18 22:12 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-12-18 22:12 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-18 22:12 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-12-18 22:11 . 2007-12-18 22:13 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-12-18 21:19 . 2007-12-18 22:25 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-18 20:51 . 2007-12-18 21:02 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-18 20:48 . 2007-12-24 15:00 45,056 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-18 20:42 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 14:03 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-18 17:55 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 C:\WINDOWS\RTHDCPL.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2004-08-25 22:27]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [2002-11-14 12:34]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 17:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2006-03-02 13:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-18 20:32:38]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-18 20:31:27]
ScanPanel.lnk - C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe [2007-12-19 12:12:59]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-12-18 23:32:57]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 04:13]

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 23:14:08 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - pareltje.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 15:10:04
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-24 15:10:35
.
2007-12-24 09:53:23 --- E O F ---

Met vriendelijke groet
pareltje_6

**pareltje_6** · 26-12-07, 12:11

Bedankt voor de snelle hulp.
Ik denk dat het is opgelost. Ik heb geen rare emailberichten meer ontvangen.
vriendelijke groet,
pareltje_6

**Crash** · 26-12-07, 12:13

Twee topic's samengevoegd.

**Marckie** · 26-12-07, 16:03

Mooi zo.

De status van deze thread zet ik op opgelost.
Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Mededeling

Essa voce precisa VER

Essa voce precisa VER

Comment

Comment

Comment

Comment

Comment