Mededeling

**Marckie** · 27-04-08, 19:57

Hallo,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - C:\windows\system32\byXOfgDw.dll
O2 - BHO: {41fbf772-7dcf-70b9-fa34-00f77cf6331c} - {c1336fc7-7f00-43af-9b07-fcd7277fbf14} - C:\windows\system32\lflajxxi.dll
O2 - BHO: (no name) - {FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2} - C:\windows\system32\opnkiGvT.dll
O4 - HKLM\..\Run: [f061b3fa] rundll32.exe "C:\windows\system32\pfbracgq.dll",b
O4 - HKLM\..\Run: [BMf3528066] Rundll32.exe "C:\windows\system32\uxhedhpt.dll",s
O20 - Winlogon Notify: byXOfgDw - C:\windows\SYSTEM32\byXOfgDw.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**thaGenius32** · 27-04-08, 20:59

Gedaan wat je zei.. Na het herstarten van de pc kwam dezelfde melding weer van genoemd virus.

Hier de log.

ComboFix 08-04-26.5 - Administrator 2008-04-27 20:12:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.608 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Mijn documenten\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\pskt.ini
C:\windows\system32\byXOfgDw.dll
C:\windows\system32\dllcache\spoolsv.exe
C:\windows\system32\khfGASJB.dll
C:\windows\system32\lflajxxi.dll
C:\windows\system32\pfbracgq.dll
C:\WINDOWS\system32\qgcarbfp.ini
C:\WINDOWS\system32\TvGiknpo.ini
C:\WINDOWS\system32\TvGiknpo.ini2
C:\windows\system32\uxhedhpt.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
.

2008-04-27 19:05 . 2008-04-27 19:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 12:32 . 2008-04-27 20:04 109,756 --a------ C:\WINDOWS\BMf3528066.xml
2008-04-26 22:19 . 2008-04-27 18:11 <DIR> d--hs---- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-26 20:58 . 2008-04-26 20:58 20 --a------ C:\WINDOWS\SIERRA.INI
2008-04-26 20:50 . 2008-04-26 20:50 283,136 --a------ C:\WINDOWS\system32\opnkiGvT.dll
2008-04-26 20:46 . 2008-04-26 20:46 <DIR> d-------- C:\Program Files\Play+Smile
2008-04-26 20:46 . 2005-04-14 16:33 3,638 --ah----- C:\WINDOWS\ps.ico
2008-04-25 21:15 . 2008-04-25 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ascentive
2008-04-25 21:14 . 1998-06-24 01:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-25 21:14 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-04-25 20:19 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-04-25 20:19 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-04-25 20:19 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-04-25 20:19 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx
2008-04-24 10:20 . 2008-04-24 10:20 15,636 --a------ C:\pittbull.jpg
2008-04-21 17:54 . 2008-04-21 17:54 0 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT_TU_65193.LOG
2008-04-21 17:53 . 2008-04-21 17:53 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_34490.LOG
2008-04-21 17:52 . 2008-04-21 17:52 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_55043.LOG
2008-04-21 15:02 . 2008-04-21 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-21 14:54 . 2008-04-21 14:57 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-19 23:51 . 2008-04-19 23:52 21,406 --a------ C:\kapitein kaas.jpg
2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-14 09:27 . 2008-04-14 09:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-04-14 09:11 . 2008-04-14 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-14 09:03 . 2008-04-14 09:02 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-14 08:54 . 2008-04-14 08:54 <DIR> d-------- C:\Program Files\Google
2008-04-14 07:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-14 07:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 18:25 . 2008-04-11 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-08 12:19 . 2008-04-08 12:20 <DIR> d-------- C:\Program Files\QuickTime
2008-04-08 10:32 . 2008-04-08 10:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-08 10:32 . 2008-04-14 09:02 505,128 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-08 10:25 . 2008-04-08 10:25 0 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT_TU_64503.LOG
2008-04-08 10:23 . 2008-04-08 10:23 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_56824.LOG
2008-04-08 10:22 . 2008-04-08 10:22 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_88742.LOG
2008-04-05 12:26 . 2008-04-16 22:07 <DIR> d-------- C:\Casino
2008-04-05 11:21 . 2008-04-21 14:40 10 --a------ C:\WINDOWS\WININIT.INI
2008-04-05 11:13 . 2008-04-05 11:13 64,194 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-05 11:12 . 2008-04-05 11:12 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-05 11:00 . 2008-04-05 11:13 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-05 10:59 . 2008-04-05 10:59 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-04-04 23:17 . 2008-04-26 23:00 <DIR> d-------- C:\Incomplete
2008-04-04 23:15 . 2008-04-20 11:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-04 23:12 . 2008-04-04 23:13 <DIR> d-------- C:\Program Files\LimeWire
2008-04-04 13:30 . 2008-04-04 13:30 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2008-04-04 09:25 . 2008-04-04 09:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-03 21:39 . 2008-04-03 21:39 27,648 --a------ C:\Vissenfamilie.doc
2008-04-03 14:32 . 2008-04-03 14:32 215,144 --a------ C:\WINDOWS\patchw32.dll
2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-03 12:22 . 2008-04-03 12:22 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-03 12:22 . 2008-04-03 12:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-04-03 11:22 . 2008-04-03 11:22 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-03 11:22 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-02 10:51 . 2008-04-02 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-03-31 17:06 . 2008-04-16 22:52 <DIR> d-------- C:\Program Files\PartyGaming
2008-03-31 09:33 . 2008-03-31 14:52 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 07:19 . 2008-03-29 07:19 9,801,728 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-03-29 06:40 . 2008-03-29 06:40 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 06:05 . 2008-03-29 06:05 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 05:56 . 2008-03-29 05:56 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 05:56 . 2008-03-29 05:56 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 05:55 . 2008-03-29 05:55 126,976 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 05:55 . 2008-03-29 05:55 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 05:55 . 2008-03-29 05:55 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 05:54 . 2008-03-29 05:54 536,576 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 05:52 . 2008-03-29 05:52 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 05:39 . 2008-03-29 05:39 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-03-29 05:36 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-03-29 05:24 . 2008-03-29 05:24 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 05:23 . 2008-03-29 05:23 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
2008-03-29 05:21 . 2008-03-29 05:21 393,216 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-03-29 05:19 . 2008-03-29 05:19 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-03-29 05:18 . 2008-03-29 05:18 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 18:48 7,963,680 --sha-w C:\windows\system32\drivers\fidbox.dat
2008-04-27 18:43 111,860 --sha-w C:\windows\system32\drivers\fidbox.idx
2008-04-27 17:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-26 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 19:15 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-04-21 15:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 15:20 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-16 20:15 --------- d-----w C:\Program Files\Uniblue
2008-04-16 20:15 --------- d-----w C:\Program Files\Magic Video Converter
2008-04-03 10:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 06:21 2,873,856 ----a-w C:\windows\system32\drivers\ati2mtag.sys
2008-03-25 10:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-21 07:50 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-03-21 07:34 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-21 07:28 717,296 ----a-w C:\windows\system32\drivers\sptd.sys
2008-03-21 07:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-03-20 08:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-03-18 20:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-03-18 16:11 --------- d-----w C:\Program Files\uTorrent
2008-03-16 10:37 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-14 16:52 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
2008-03-14 11:28 --------- d-----w C:\Program Files\Windows Defender
2008-03-13 22:11 75,248 ----a-w C:\windows\zllsputility.exe
2008-03-13 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-13 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-03-13 20:45 --------- d-----w C:\Program Files\Lavasoft
2008-03-13 20:32 --------- d-----w C:\Program Files\Zone Labs
2008-03-13 20:02 45,768 ----a-w C:\windows\system32\drivers\MiniIcpt.sys
2008-03-11 21:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-11 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-10 11:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-10 09:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2008-03-10 09:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-10 09:29 --------- d-----w C:\Program Files\Nero
2008-03-10 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-10 07:58 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-09 23:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2008-03-09 23:41 --------- d-----w C:\Program Files\VideoLAN
2008-03-08 23:55 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-08 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Earthsim
2008-03-08 17:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Earthsim
2008-03-07 22:21 --------- d-----w C:\Program Files\MSBuild
2008-03-07 22:16 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-07 22:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-07 21:57 --------- d-----w C:\Program Files\Java
2008-03-07 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-03-07 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-07 21:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-07 21:20 --------- d-----w C:\Program Files\CCleaner
2008-03-07 21:07 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-07 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-07 21:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-03-07 21:00 --------- d-----w C:\Program Files\inKline Global
2008-03-07 20:38 --------- d-----w C:\Program Files\HP
2008-03-07 20:21 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-07 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-07 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 17:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-03-07 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-07 17:29 --------- d-----w C:\Program Files\Intel
2008-03-07 16:23 --------- d-----w C:\Program Files\microsoft frontpage
.

------- Sigcheck -------

2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\windows\explorer.exe
2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2}]
2008-04-26 20:50 283136 --a------ C:\windows\system32\opnkiGvT.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOfgDw]
byXOfgDw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PRONoMgr.exe"=c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 Prvflder;Prvflder;C:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 09:22]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\windows\System32\svchost.exe [2004-08-04 14:00]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 01:11]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\windows\System32\TuneUpDefragService.exe [2008-03-07 23:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a37220c-fb05-11dc-a24f-0007e9ab8b40}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-04-25 15:26:20 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-27 18:49:04 C:\windows\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-16 21:02:49 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 20:47:56
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\windows\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-27 20:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 18:50:27

Pre-Run: 145,644,371,968 bytes beschikbaar
Post-Run: 145,639,596,032 bytes beschikbaar

271 --- E O F --- 2008-04-23 18:31:52

**thaGenius32** · 27-04-08, 21:00

Sorry.. En de Hijack log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:26, on 27-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2} - C:\windows\system32\opnkiGvT.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204913394953
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208066918234
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: byXOfgDw - byXOfgDw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6557 bytes

**thaGenius32** · 27-04-08, 21:12

**** Update ******

Inmiddels heb ik genoemd virus kunnen verwijderen in mijn antivirusprogramma.

**Marckie** · 28-04-08, 19:38

Post een nieuwe hijackthislog.

**thaGenius32** · 28-04-08, 23:15

Hier de nieuwe log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:45, on 28-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204913394953
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208066918234
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5850 bytes

**Marckie** · 29-04-08, 17:22

Je logje ziet er goed uit.
Update je versie van Java.

Meldt of er nog problemen zijn.

**thaGenius32** · 29-04-08, 23:49

Hallo,

Ik ondervind geen problemen meer..
Bedankt daarvoor.

Je zegt dat ik mijn Java moet updaten maar als ik dat doe zie ik het volgende:

Gecontroleerde Java-versie
Gefeliciteerd!
U beschikt over de juiste Java-versie (Version 6 Update 5).

Dus zo te zien zit dit goed toch?

**Marckie** · 30-04-08, 17:32

Zie http://java.sun.com/javase/downloads/index.jsp

Deze moet je hebben: Java Runtime Environment (JRE) 6 Update 6

**thaGenius32** · 01-05-08, 15:28

Ok.. Bedankt Marckie voor alle hulp !!!!

**Marckie** · 01-05-08, 15:32

Graag gedaan hoor.

Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.

Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

De status van deze thread zet ik op opgelost.
Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Happy surfing again.

Mededeling

virus die niet verwijderd kan worden. OpnkiGvT

virus die niet verwijderd kan worden. OpnkiGvT

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment