Mededeling

**Marckie** · 25-12-07, 17:54

Dag koen_vdm,

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: (no name) - {5EFD62FD-1A26-4499-9D2D-DAF2975A60B7} - c:\windows\system32\catsrvutk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C3706D56-3883-40E5-A6CC-26D48C00DCD0} - C:\WINDOWS\system32\acledits.dll
O4 - HKLM\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O4 - HKCU\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O20 - Winlogon Notify: glpvsvbt - C:\WINDOWS\SYSTEM32\catsrvutk.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**koen_vdm** · 25-12-07, 20:08

Hallo,

Al bedankt voor de hulp, krijg nog steeds de zelfde meldingen.

Combofix log:
ComboFix 07-12-21.4 - Papa 2007-12-25 20:54:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1408 [GMT 1:00]
Gestart vanuit: C:\HJT\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))
.

2007-12-25 20:41 . 2007-12-25 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 20:38 . 2007-12-25 20:38 <DIR> d-------- C:\WINDOWS\7VSJHF63TJH8KXAN
2007-12-25 13:34 . 2007-12-25 20:53 <DIR> d-------- C:\HJT
2007-12-18 11:14 . 2007-12-18 11:14 <DIR> d-------- C:\WINDOWS\Sun
2007-12-18 11:14 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-18 11:13 . 2007-12-18 11:14 <DIR> d-------- C:\Program Files\Java
2007-12-18 11:13 . 2007-12-18 11:13 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-15 21:26 . 2007-12-15 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-15 21:24 . 2007-12-15 21:24 <DIR> d-------- C:\Program Files\SlySoft
2007-12-15 21:24 . 2007-12-15 21:26 24 ---hs---- C:\WINDOWS\SFE49D86B.tmp
2007-12-10 23:02 . 2007-12-10 23:02 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-10 23:02 . 2007-12-10 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-10 18:27 . 2007-12-10 18:27 256 --a------ C:\WINDOWS\adaway.lic
2007-12-10 17:50 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-10 17:50 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-10 17:50 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-10 11:39 . 2007-12-25 13:23 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\SUPERAntiSpyware.com
2007-12-10 11:01 . 2007-12-25 13:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-10 11:01 . 2007-12-10 11:01 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\SUPERAntiSpyware.com
2007-12-10 11:01 . 2007-12-10 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-10 10:15 . 2007-12-10 10:15 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Uniblue
2007-12-10 09:06 . 2007-12-10 09:06 741,632 --a------ C:\WINDOWS\system32\rgricfsl.dat
2007-12-10 09:06 . 2007-12-10 09:06 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-10 09:06 . 2007-12-10 09:06 119,552 --a------ C:\WINDOWS\system32\woszgjly.dat
2007-12-10 09:06 . 2007-12-10 09:06 42,240 --a------ C:\WINDOWS\system32\epgetimq.dat
2007-12-10 09:06 . 2007-12-10 09:06 36,096 --a------ C:\WINDOWS\system32\qhbfgnce.dat
2007-12-10 09:06 . 2007-12-10 09:06 35,072 --a------ C:\WINDOWS\system32\jzlgodrn.dat
2007-12-10 09:00 . 2005-07-26 05:42 84,992 --a------ C:\WINDOWS\system32\catsrvutk.dll.bak
2007-12-10 09:00 . 2006-03-02 13:00 84,992 --a------ C:\WINDOWS\system32\acledits.dll
2007-12-10 09:00 . 2007-12-10 09:21 83,456 --a------ C:\WINDOWS\system32\catsrvutk.dll
2007-12-10 09:00 . 19,456 C:\WINDOWS\system32\drivers\smcmyfua.dat
2007-12-10 09:00 . 2004-08-11 21:30 17,408 --a------ C:\WINDOWS\system32\wi6cm96mn9.exe
2007-12-10 08:59 . 2007-12-15 21:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 08:59 . 2007-12-10 08:59 21,504 --a------ C:\WINDOWS\system32\~.exe
2007-12-10 08:59 . 2007-12-10 08:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-09 21:29 . 2007-12-09 21:29 <DIR> d-------- C:\Program Files\1200CP
2007-12-09 21:28 . 2007-12-09 21:28 86,400 --a------ C:\WINDOWS\~GLC0003.TMP
2007-12-09 21:23 . 2007-12-09 21:23 86,400 --a------ C:\WINDOWS\~GLC0002.TMP
2007-12-09 21:17 . 2007-12-09 21:17 86,400 --a------ C:\WINDOWS\~GLC0001.TMP
2007-12-09 21:13 . 2007-12-09 21:13 86,400 --a------ C:\WINDOWS\~GLC0000.TMP
2007-12-09 21:13 . 2007-12-09 21:13 0 --a------ C:\WINDOWS\WATCH.INI
2007-12-08 21:20 . 2007-12-08 21:20 <DIR> d-------- C:\Program Files\1200CP_old
2007-12-08 21:16 . 2002-08-30 23:44 212,992 -ra------ C:\WINDOWS\system32\NmUninst.exe
2007-12-08 21:16 . 2001-09-06 21:26 177,664 --a------ C:\WINDOWS\system32\LXSYSUI.DLL
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\ee64d9274ac0ba997f7d71bd5601b7
2007-12-03 19:25 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-12-03 19:23 . 2007-12-03 19:25 <DIR> d-------- C:\Program Files\Creative
2007-12-02 17:34 . 2007-12-02 17:34 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2007-12-02 17:25 . 2007-12-02 17:25 <DIR> d-------- C:\Program Files\Boilsoft AVI Converter
2007-12-02 17:25 . 2007-12-02 17:25 67 --a------ C:\WINDOWS\AVIConverter.INI
2007-12-02 17:10 . 2007-12-03 21:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-02 16:49 . 2007-12-05 20:20 <DIR> d-------- C:\Program Files\eMule0.48a
2007-12-02 16:45 . 2007-12-02 16:45 <DIR> d-------- C:\Program Files\AVI MPEG Splitter
2007-12-01 21:04 . 2007-12-25 20:39 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\skypePM
2007-12-01 21:04 . 2007-12-01 21:04 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Program Files\Skype
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-01 21:02 . 2007-12-25 20:49 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Skype
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-01 20:38 . 2007-12-01 20:38 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Media Player Classic
2007-12-01 19:55 . 2007-12-01 19:57 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-12-01 19:44 . 2007-12-01 19:44 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\CyberLink
2007-11-30 22:24 . 2007-12-07 23:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-30 16:23 . 2007-11-30 16:23 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-11-29 21:51 . 2007-11-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-29 21:49 . 2007-11-29 21:49 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Talkback
2007-11-29 21:49 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-29 21:49 . 2007-11-29 21:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-29 21:39 . 2007-11-29 21:39 41 --a------ C:\WINDOWS\system32\blue.SITENAME
2007-11-29 21:36 . 2007-11-29 21:36 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Pinnacle Systems
2007-11-29 21:36 . 2007-11-29 21:40 455 --a------ C:\WINDOWS\VFO.VST
2007-11-29 21:34 . 2007-11-29 21:34 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-29 21:34 . 2007-11-29 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-29 21:34 . 2004-07-02 16:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-11-29 21:34 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-11-29 21:34 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-29 21:34 . 2007-12-02 17:43 1,208 --a------ C:\WINDOWS\VFO.INI
2007-11-29 21:32 . 2007-11-29 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-11-29 21:01 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-11-29 21:01 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-11-29 21:01 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-11-29 21:01 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-11-29 21:01 . 2004-08-04 01:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-11-29 21:01 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-11-29 21:01 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-11-29 21:01 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-11-29 21:01 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-11-29 21:01 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-11-29 21:00 . 2007-11-29 22:36 <DIR> d-------- C:\Program Files\DivX
2007-11-29 20:58 . 2007-11-29 20:58 <DIR> d-------- C:\WINDOWS\Cache
2007-11-29 20:58 . 2007-11-29 20:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-29 20:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-29 20:58 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 13:12 --------- d-----w C:\Documents and Settings\Mama\Application Data\AVG7
2007-12-25 08:56 --------- d-----w C:\Documents and Settings\Papa\Application Data\AVG7
2007-12-15 20:23 --------- d-----w C:\Program Files\CyberLink
2007-12-15 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-10 22:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-03 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 20:49 --------- d-----w C:\Program Files\Google
2007-11-23 19:04 --------- d-----w C:\Documents and Settings\Papa\Application Data\AdobeUM
2007-11-23 14:22 --------- d-----w C:\Program Files\Windows Live
2007-11-23 14:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-23 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-23 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-23 12:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-23 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-18 14:03 --------- d-----w C:\Documents and Settings\Mama\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft Works
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-11 18:55 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-11 18:49 --------- d-----w C:\Program Files\Foxconn
2007-11-11 18:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-11 12:37 --------- d-----w C:\Program Files\TVTool
2007-11-11 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-11 09:44 --------- d-----w C:\Documents and Settings\Papa\Application Data\Apple Computer
2007-11-11 09:38 --------- d-----w C:\Program Files\QuickTime
2007-11-11 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-05 08:58 --------- d-----w C:\Program Files\SigmaTel
2007-11-05 08:57 --------- d-----w C:\Program Files\Intel
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Papa\Application Data\InstallShield
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Matti\Application Data\InstallShield
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Mama\Application Data\InstallShield
2007-11-05 08:54 --------- d-----w C:\Program Files\Intel Desktop Board
2007-11-05 08:53 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-05 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-11-05 08:36 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-12-25_20.48.57.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-25 19:57:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_788.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EFD62FD-1A26-4499-9D2D-DAF2975A60B7}]
2007-12-10 09:21 83456 --a------ c:\windows\system32\catsrvutk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3706D56-3883-40E5-A6CC-26D48C00DCD0}]
2006-03-02 13:00 84992 --a------ C:\WINDOWS\system32\acledits.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 13:30]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 09:42]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe"

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-30 07:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 23:05 C:\WINDOWS\system32\nwiz.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00]
"SigmatelSysTrayApp"="sttray.exe" [2007-06-08 03:56 C:\WINDOWS\sttray.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-11 10:38]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:19]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 17:06]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-06-08 09:40]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 09:40]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 09:35]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-23 13:38]

C:\Documents and Settings\Papa\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Watch.lnk - C:\WINDOWS\twain_32\CIS600X\WATCH.exe [2007-12-08 21:20:24]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 21:49:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\glpvsvbt]
catsrvutk.dll 2007-12-10 09:21 83456 C:\WINDOWS\system32\catsrvutk.dll

R0 eszrdxam;eszrdxam;C:\WINDOWS\system32\drivers\smcmyfua.dat

R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 19:33]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]
R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 10:50]
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 05:07]
S2 ggxpfzwv;IP Traffic Filter Helper;C:\WINDOWS\System32\svchost.exe -k netsvcs

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys

S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ggxpfzwv

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 20:58:37
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-25 20:59:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-25 20:49
.
2007-12-21 18:30:02 --- E O F ---

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:06:56, on 25/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\sttray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5EFD62FD-1A26-4499-9D2D-DAF2975A60B7} - c:\windows\system32\catsrvutk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C3706D56-3883-40E5-A6CC-26D48C00DCD0} - C:\WINDOWS\system32\acledits.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: glpvsvbt - C:\WINDOWS\SYSTEM32\catsrvutk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

**Marckie** · 25-12-07, 21:21

Open een kladblokbestand.
Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Rootkit::
c:\windows\system32\catsrvutk.dll
C:\WINDOWS\system32\acledits.dll
C:\WINDOWS\system32\drivers\smcmyfua.dat

Driver::
eszrdxam

NetSvc::
ggxpfzwv

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.
Maak een nieuwe hijackthislog en post deze ook.

**koen_vdm** · 25-12-07, 22:16

Hey Marckie,

Het lijkt opgelost, bedankt!

Hieronder de logs:

Combofix:

ComboFix 07-12-21.4 - Papa 2007-12-25 22:57:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1429 [GMT 1:00]
Gestart vanuit: C:\HJT\ComboFix.exe
Command switches used :: C:\HJT\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\acledits.dll
c:\windows\system32\catsrvutk.dll
C:\WINDOWS\system32\drivers\smcmyfua.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ESZRDXAM
-------\eszrdxam

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))
.

2007-12-25 20:41 . 2007-12-25 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 20:38 . 2007-12-25 20:38 <DIR> d-------- C:\WINDOWS\7VSJHF63TJH8KXAN
2007-12-25 13:34 . 2007-12-25 22:57 <DIR> d-------- C:\HJT
2007-12-18 11:14 . 2007-12-18 11:14 <DIR> d-------- C:\WINDOWS\Sun
2007-12-18 11:14 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-18 11:13 . 2007-12-18 11:14 <DIR> d-------- C:\Program Files\Java
2007-12-18 11:13 . 2007-12-18 11:13 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-15 21:26 . 2007-12-15 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-15 21:24 . 2007-12-15 21:24 <DIR> d-------- C:\Program Files\SlySoft
2007-12-15 21:24 . 2007-12-15 21:26 24 ---hs---- C:\WINDOWS\SFE49D86B.tmp
2007-12-10 23:02 . 2007-12-10 23:02 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-10 23:02 . 2007-12-10 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-10 18:27 . 2007-12-10 18:27 256 --a------ C:\WINDOWS\adaway.lic
2007-12-10 17:50 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-10 17:50 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-10 17:50 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-10 11:39 . 2007-12-25 13:23 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\SUPERAntiSpyware.com
2007-12-10 11:01 . 2007-12-25 13:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-10 11:01 . 2007-12-10 11:01 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\SUPERAntiSpyware.com
2007-12-10 11:01 . 2007-12-10 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-10 10:15 . 2007-12-10 10:15 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Uniblue
2007-12-10 09:06 . 2007-12-10 09:06 741,632 --a------ C:\WINDOWS\system32\rgricfsl.dat
2007-12-10 09:06 . 2007-12-10 09:06 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-10 09:06 . 2007-12-10 09:06 119,552 --a------ C:\WINDOWS\system32\woszgjly.dat
2007-12-10 09:06 . 2007-12-10 09:06 42,240 --a------ C:\WINDOWS\system32\epgetimq.dat
2007-12-10 09:06 . 2007-12-10 09:06 36,096 --a------ C:\WINDOWS\system32\qhbfgnce.dat
2007-12-10 09:06 . 2007-12-10 09:06 35,072 --a------ C:\WINDOWS\system32\jzlgodrn.dat
2007-12-10 09:00 . 2005-07-26 05:42 84,992 --a------ C:\WINDOWS\system32\catsrvutk.dll.bak
2007-12-10 09:00 . 2004-08-11 21:30 17,408 --a------ C:\WINDOWS\system32\wi6cm96mn9.exe
2007-12-10 08:59 . 2007-12-15 21:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 08:59 . 2007-12-10 08:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-09 21:29 . 2007-12-09 21:29 <DIR> d-------- C:\Program Files\1200CP
2007-12-09 21:28 . 2007-12-09 21:28 86,400 --a------ C:\WINDOWS\~GLC0003.TMP
2007-12-09 21:23 . 2007-12-09 21:23 86,400 --a------ C:\WINDOWS\~GLC0002.TMP
2007-12-09 21:17 . 2007-12-09 21:17 86,400 --a------ C:\WINDOWS\~GLC0001.TMP
2007-12-09 21:13 . 2007-12-09 21:13 86,400 --a------ C:\WINDOWS\~GLC0000.TMP
2007-12-09 21:13 . 2007-12-09 21:13 0 --a------ C:\WINDOWS\WATCH.INI
2007-12-08 21:20 . 2007-12-08 21:20 <DIR> d-------- C:\Program Files\1200CP_old
2007-12-08 21:16 . 2002-08-30 23:44 212,992 -ra------ C:\WINDOWS\system32\NmUninst.exe
2007-12-08 21:16 . 2001-09-06 21:26 177,664 --a------ C:\WINDOWS\system32\LXSYSUI.DLL
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\ee64d9274ac0ba997f7d71bd5601b7
2007-12-03 19:25 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-12-03 19:23 . 2007-12-03 19:25 <DIR> d-------- C:\Program Files\Creative
2007-12-02 17:34 . 2007-12-02 17:34 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2007-12-02 17:25 . 2007-12-02 17:25 <DIR> d-------- C:\Program Files\Boilsoft AVI Converter
2007-12-02 17:25 . 2007-12-02 17:25 67 --a------ C:\WINDOWS\AVIConverter.INI
2007-12-02 17:10 . 2007-12-03 21:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-02 16:49 . 2007-12-05 20:20 <DIR> d-------- C:\Program Files\eMule0.48a
2007-12-02 16:45 . 2007-12-02 16:45 <DIR> d-------- C:\Program Files\AVI MPEG Splitter
2007-12-01 21:04 . 2007-12-25 20:39 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\skypePM
2007-12-01 21:04 . 2007-12-01 21:04 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Program Files\Skype
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-01 21:02 . 2007-12-25 22:58 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Skype
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-01 20:38 . 2007-12-01 20:38 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Media Player Classic
2007-12-01 19:55 . 2007-12-01 19:57 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-12-01 19:44 . 2007-12-01 19:44 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\CyberLink
2007-11-30 22:24 . 2007-12-07 23:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-30 16:23 . 2007-11-30 16:23 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-11-29 21:51 . 2007-11-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-29 21:49 . 2007-11-29 21:49 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Talkback
2007-11-29 21:49 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-29 21:49 . 2007-11-29 21:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-29 21:39 . 2007-11-29 21:39 41 --a------ C:\WINDOWS\system32\blue.SITENAME
2007-11-29 21:36 . 2007-11-29 21:36 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Pinnacle Systems
2007-11-29 21:36 . 2007-11-29 21:40 455 --a------ C:\WINDOWS\VFO.VST
2007-11-29 21:34 . 2007-11-29 21:34 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-29 21:34 . 2007-11-29 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-29 21:34 . 2004-07-02 16:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-11-29 21:34 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-11-29 21:34 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-29 21:34 . 2007-12-02 17:43 1,208 --a------ C:\WINDOWS\VFO.INI
2007-11-29 21:32 . 2007-11-29 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-11-29 21:01 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-11-29 21:01 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-11-29 21:01 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-11-29 21:01 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-11-29 21:01 . 2004-08-04 01:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-11-29 21:01 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-11-29 21:01 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-11-29 21:01 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-11-29 21:01 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-11-29 21:01 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-11-29 21:00 . 2007-11-29 22:36 <DIR> d-------- C:\Program Files\DivX
2007-11-29 20:58 . 2007-11-29 20:58 <DIR> d-------- C:\WINDOWS\Cache
2007-11-29 20:58 . 2007-11-29 20:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-29 20:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-29 20:58 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-11-29 20:58 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-11-29 20:55 . 2007-11-29 20:56 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-11-29 20:55 . 2007-11-29 21:35 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-29 20:54 . 2007-11-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 13:12 --------- d-----w C:\Documents and Settings\Mama\Application Data\AVG7
2007-12-25 08:56 --------- d-----w C:\Documents and Settings\Papa\Application Data\AVG7
2007-12-15 20:23 --------- d-----w C:\Program Files\CyberLink
2007-12-15 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-10 22:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-03 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 20:49 --------- d-----w C:\Program Files\Google
2007-11-23 19:04 --------- d-----w C:\Documents and Settings\Papa\Application Data\AdobeUM
2007-11-23 14:22 --------- d-----w C:\Program Files\Windows Live
2007-11-23 14:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-23 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-23 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-23 12:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-23 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-18 14:03 --------- d-----w C:\Documents and Settings\Mama\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft Works
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-11 18:55 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-11 18:49 --------- d-----w C:\Program Files\Foxconn
2007-11-11 18:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-11 12:37 --------- d-----w C:\Program Files\TVTool
2007-11-11 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-11 09:44 --------- d-----w C:\Documents and Settings\Papa\Application Data\Apple Computer
2007-11-11 09:38 --------- d-----w C:\Program Files\QuickTime
2007-11-11 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-05 08:58 --------- d-----w C:\Program Files\SigmaTel
2007-11-05 08:57 --------- d-----w C:\Program Files\Intel
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Papa\Application Data\InstallShield
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Matti\Application Data\InstallShield
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Mama\Application Data\InstallShield
2007-11-05 08:54 --------- d-----w C:\Program Files\Intel Desktop Board
2007-11-05 08:53 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-05 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-11-05 08:36 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-12-25_20.48.57.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-12-25 22:00:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EFD62FD-1A26-4499-9D2D-DAF2975A60B7}]
c:\windows\system32\catsrvutk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3706D56-3883-40E5-A6CC-26D48C00DCD0}]
C:\WINDOWS\system32\acledits.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 13:30]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 09:42]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe"

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-30 07:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 23:05 C:\WINDOWS\system32\nwiz.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00]
"SigmatelSysTrayApp"="sttray.exe" [2007-06-08 03:56 C:\WINDOWS\sttray.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-11 10:38]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:19]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 17:06]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-06-08 09:40]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 09:40]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 09:35]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-23 13:38]

C:\Documents and Settings\Papa\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Watch.lnk - C:\WINDOWS\twain_32\CIS600X\WATCH.exe [2007-12-08 21:20:24]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 21:49:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\glpvsvbt]
catsrvutk.dll

R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 19:33]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]
R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 10:50]
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 05:07]
S2 ggxpfzwv;IP Traffic Filter Helper;C:\WINDOWS\System32\svchost.exe -k netsvcs

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys

S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 23:12:47
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-25 23:13:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-25 20:59
C:\ComboFix3.txt ... 2007-12-25 20:49
.
2007-12-21 18:30:02 --- E O F ---

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:15:37, on 25/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\sttray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5EFD62FD-1A26-4499-9D2D-DAF2975A60B7} - c:\windows\system32\catsrvutk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C3706D56-3883-40E5-A6CC-26D48C00DCD0} - C:\WINDOWS\system32\acledits.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: glpvsvbt - catsrvutk.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

**Marckie** · 26-12-07, 15:29

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: (no name) - {5EFD62FD-1A26-4499-9D2D-DAF2975A60B7} - c:\windows\system32\catsrvutk.dll (file missing)
O2 - BHO: (no name) - {C3706D56-3883-40E5-A6CC-26D48C00DCD0} - C:\WINDOWS\system32\acledits.dll (file missing)
O20 - Winlogon Notify: glpvsvbt - catsrvutk.dll (file missing)

Klik daarna op "Fix checked" en sluit HijackThis af.

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\WINDOWS\system32\woszgjly.dat
C:\WINDOWS\system32\epgetimq.dat
C:\WINDOWS\system32\qhbfgnce.dat
C:\WINDOWS\system32\jzlgodrn.dat
C:\WINDOWS\system32\catsrvutk.dll.bak
C:\WINDOWS\system32\wi6cm96mn9.exe

Driver::
ggxpfzwv

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.
Start HijackThis opnieuw, maak een nieuwe log en post deze.

**koen_vdm** · 26-12-07, 19:38

ComboFix 07-12-21.4 - Papa 2007-12-26 20:31:29.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1370 [GMT 1:00]
Gestart vanuit: C:\HJT\ComboFix.exe
Command switches used :: C:\HJT\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\system32\catsrvutk.dll.bak
C:\WINDOWS\system32\epgetimq.dat
C:\WINDOWS\system32\jzlgodrn.dat
C:\WINDOWS\system32\qhbfgnce.dat
C:\WINDOWS\system32\wi6cm96mn9.exe
C:\WINDOWS\system32\woszgjly.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\catsrvutk.dll.bak
C:\WINDOWS\system32\epgetimq.dat
C:\WINDOWS\system32\jzlgodrn.dat
C:\WINDOWS\system32\qhbfgnce.dat
C:\WINDOWS\system32\wi6cm96mn9.exe
C:\WINDOWS\system32\woszgjly.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_GGXPFZWV
-------\ggxpfzwv

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
.

2007-12-25 20:41 . 2007-12-25 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 20:38 . 2007-12-25 20:38 <DIR> d-------- C:\WINDOWS\7VSJHF63TJH8KXAN
2007-12-25 13:34 . 2007-12-26 20:31 <DIR> d-------- C:\HJT
2007-12-18 11:14 . 2007-12-18 11:14 <DIR> d-------- C:\WINDOWS\Sun
2007-12-18 11:14 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-18 11:13 . 2007-12-18 11:14 <DIR> d-------- C:\Program Files\Java
2007-12-18 11:13 . 2007-12-18 11:13 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-15 21:26 . 2007-12-15 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-15 21:24 . 2007-12-15 21:24 <DIR> d-------- C:\Program Files\SlySoft
2007-12-15 21:24 . 2007-12-15 21:26 24 ---hs---- C:\WINDOWS\SFE49D86B.tmp
2007-12-10 23:02 . 2007-12-10 23:02 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-10 23:02 . 2007-12-10 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-10 18:27 . 2007-12-10 18:27 256 --a------ C:\WINDOWS\adaway.lic
2007-12-10 17:50 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-10 17:50 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-10 17:50 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-10 17:50 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-10 11:39 . 2007-12-25 13:23 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\SUPERAntiSpyware.com
2007-12-10 11:01 . 2007-12-25 13:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-10 11:01 . 2007-12-10 11:01 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\SUPERAntiSpyware.com
2007-12-10 11:01 . 2007-12-10 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-10 10:15 . 2007-12-10 10:15 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Uniblue
2007-12-10 09:06 . 2007-12-10 09:06 741,632 --a------ C:\WINDOWS\system32\rgricfsl.dat
2007-12-10 09:06 . 2007-12-10 09:06 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-10 08:59 . 2007-12-15 21:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 08:59 . 2007-12-10 08:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-09 21:29 . 2007-12-09 21:29 <DIR> d-------- C:\Program Files\1200CP
2007-12-09 21:28 . 2007-12-09 21:28 86,400 --a------ C:\WINDOWS\~GLC0003.TMP
2007-12-09 21:23 . 2007-12-09 21:23 86,400 --a------ C:\WINDOWS\~GLC0002.TMP
2007-12-09 21:17 . 2007-12-09 21:17 86,400 --a------ C:\WINDOWS\~GLC0001.TMP
2007-12-09 21:13 . 2007-12-09 21:13 86,400 --a------ C:\WINDOWS\~GLC0000.TMP
2007-12-09 21:13 . 2007-12-09 21:13 0 --a------ C:\WINDOWS\WATCH.INI
2007-12-08 21:20 . 2007-12-08 21:20 <DIR> d-------- C:\Program Files\1200CP_old
2007-12-08 21:16 . 2002-08-30 23:44 212,992 -ra------ C:\WINDOWS\system32\NmUninst.exe
2007-12-08 21:16 . 2001-09-06 21:26 177,664 --a------ C:\WINDOWS\system32\LXSYSUI.DLL
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\ee64d9274ac0ba997f7d71bd5601b7
2007-12-03 19:25 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-12-03 19:23 . 2007-12-03 19:25 <DIR> d-------- C:\Program Files\Creative
2007-12-02 17:34 . 2007-12-02 17:34 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2007-12-02 17:25 . 2007-12-02 17:25 <DIR> d-------- C:\Program Files\Boilsoft AVI Converter
2007-12-02 17:25 . 2007-12-02 17:25 67 --a------ C:\WINDOWS\AVIConverter.INI
2007-12-02 17:10 . 2007-12-03 21:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-02 16:49 . 2007-12-05 20:20 <DIR> d-------- C:\Program Files\eMule0.48a
2007-12-02 16:45 . 2007-12-02 16:45 <DIR> d-------- C:\Program Files\AVI MPEG Splitter
2007-12-01 21:04 . 2007-12-26 20:25 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\skypePM
2007-12-01 21:04 . 2007-12-01 21:04 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Program Files\Skype
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-01 21:02 . 2007-12-26 20:26 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Skype
2007-12-01 21:02 . 2007-12-01 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-01 20:38 . 2007-12-01 20:38 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Media Player Classic
2007-12-01 19:55 . 2007-12-01 19:57 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-12-01 19:44 . 2007-12-01 19:44 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\CyberLink
2007-11-30 22:24 . 2007-12-07 23:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-30 16:23 . 2007-11-30 16:23 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-11-29 21:51 . 2007-11-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-29 21:49 . 2007-11-29 21:49 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Talkback
2007-11-29 21:49 . 2007-12-26 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-29 21:49 . 2007-11-29 21:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-29 21:39 . 2007-11-29 21:39 41 --a------ C:\WINDOWS\system32\blue.SITENAME
2007-11-29 21:36 . 2007-11-29 21:36 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\Pinnacle Systems
2007-11-29 21:36 . 2007-11-29 21:40 455 --a------ C:\WINDOWS\VFO.VST
2007-11-29 21:34 . 2007-11-29 21:34 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-29 21:34 . 2007-11-29 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-29 21:34 . 2004-07-02 16:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-11-29 21:34 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-11-29 21:34 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-29 21:34 . 2007-12-02 17:43 1,208 --a------ C:\WINDOWS\VFO.INI
2007-11-29 21:32 . 2007-11-29 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-11-29 21:01 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-11-29 21:01 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-11-29 21:01 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-11-29 21:01 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-11-29 21:01 . 2004-08-04 01:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-11-29 21:01 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-11-29 21:01 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-11-29 21:01 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-11-29 21:01 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-11-29 21:01 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-11-29 21:00 . 2007-11-29 22:36 <DIR> d-------- C:\Program Files\DivX
2007-11-29 20:58 . 2007-11-29 20:58 <DIR> d-------- C:\WINDOWS\Cache
2007-11-29 20:58 . 2007-11-29 20:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-29 20:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-29 20:58 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-11-29 20:58 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-11-29 20:55 . 2007-11-29 20:56 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-11-29 20:55 . 2007-11-29 21:35 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-29 20:54 . 2007-11-29 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-28 18:22 . 2007-11-28 18:22 <DIR> d-------- C:\Documents and Settings\Matti\Application Data\MyRo
2007-11-28 18:22 . 2007-12-18 09:28 <DIR> d-------- C:\Documents and Settings\Matti\Application Data\AVG7
2007-11-28 18:12 . 2007-11-28 18:12 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\MyRo
2007-11-28 17:56 . 2007-11-28 17:56 <DIR> d-------- C:\Program Files\Puntenboek
2007-11-28 17:56 . 2007-11-28 17:56 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\MyRo

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 19:24 --------- d-----w C:\Documents and Settings\Papa\Application Data\AVG7
2007-12-26 08:41 --------- d-----w C:\Documents and Settings\Mama\Application Data\AVG7
2007-12-15 20:23 --------- d-----w C:\Program Files\CyberLink
2007-12-15 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-10 22:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-03 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 20:49 --------- d-----w C:\Program Files\Google
2007-11-23 19:04 --------- d-----w C:\Documents and Settings\Papa\Application Data\AdobeUM
2007-11-23 14:22 --------- d-----w C:\Program Files\Windows Live
2007-11-23 14:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-23 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-23 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-23 12:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-23 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-18 14:03 --------- d-----w C:\Documents and Settings\Mama\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft Works
2007-11-11 18:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-11 18:55 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-11 18:49 --------- d-----w C:\Program Files\Foxconn
2007-11-11 18:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-11 12:37 --------- d-----w C:\Program Files\TVTool
2007-11-11 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-11 09:44 --------- d-----w C:\Documents and Settings\Papa\Application Data\Apple Computer
2007-11-11 09:38 --------- d-----w C:\Program Files\QuickTime
2007-11-11 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-05 08:58 --------- d-----w C:\Program Files\SigmaTel
2007-11-05 08:57 --------- d-----w C:\Program Files\Intel
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Papa\Application Data\InstallShield
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Matti\Application Data\InstallShield
2007-11-05 08:57 --------- d-----w C:\Documents and Settings\Mama\Application Data\InstallShield
2007-11-05 08:54 --------- d-----w C:\Program Files\Intel Desktop Board
2007-11-05 08:53 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-05 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-11-05 08:36 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-12-25_20.48.57.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-12-26 19:33:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 13:30]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 09:42]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe"

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-30 07:28]
"wi6cm96mn9"="C:\WINDOWS\system32\wi6cm96mn9.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 23:05 C:\WINDOWS\system32\nwiz.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00]
"SigmatelSysTrayApp"="sttray.exe" [2007-06-08 03:56 C:\WINDOWS\sttray.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-11 10:38]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:19]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 17:06]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-06-08 09:40]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 09:40]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 09:35]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"wi6cm96mn9"="C:\WINDOWS\system32\wi6cm96mn9.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-23 13:38]

C:\Documents and Settings\Papa\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Watch.lnk - C:\WINDOWS\twain_32\CIS600X\WATCH.exe [2007-12-08 21:20:24]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 21:49:06]

R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 19:33]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]
R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 10:50]
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 05:07]
S3 FXDrv32;FXDrv32;E:\FXDrv32.sys

S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 20:34:16
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-26 20:34:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-25 23:13
C:\ComboFix3.txt ... 2007-12-25 20:59
.
2007-12-21 18:30:02 --- E O F ---

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 20:37:45, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\sttray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

**Marckie** · 26-12-07, 21:21

Oorspronkelijk geplaatst door Marckie

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe

Doe dit even.

**koen_vdm** · 27-12-07, 07:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:39, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\sttray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8529 bytes

**Marckie** · 27-12-07, 16:54

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O4 - HKLM\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe
O4 - HKCU\..\Run: [wi6cm96mn9] C:\WINDOWS\system32\wi6cm96mn9.exe

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.

Start HijackThis opnieuw, maak een nieuwe log en post deze.

**koen_vdm** · 27-12-07, 20:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:09, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8453 bytes

**Marckie** · 27-12-07, 20:53

Ziet er goed uit nu.
Zijn er nog problemen?

**koen_vdm** · 28-12-07, 08:15

Ziet er heel goed uit. Geen problemen meer. Enorm bedankt!!!

Wat raad je aan om te installeren om me realtime te beschermen? Ik heb nu AVG en Windows firewall.

**Marckie** · 28-12-07, 15:43

Mooi.
Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.

Update je antivirusprogramma en laat de volledige computer controleren op aanwezigheid van malware.

Meld of er nog problemen optreden.

**koen_vdm** · 29-12-07, 19:25

Geen meldingen meer. Bedankt!!!

Mededeling

Obfusbat.ABXY en acledits.dll

Obfusbat.ABXY en acledits.dll

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment