Mededeling

Collapse
No announcement yet.

Norton Virus Scanner wil niet meer op Auto protect, Malware?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Norton Virus Scanner wil niet meer op Auto protect, Malware?

    Ik heb sinds gisteren met mijn norton virusscanner het probleem dat hij niet meer op auto protect wil, ik kan hem wel in schakelen door er op te klikken maar na op toepassen drukken vinkt hij zich zelf weer uit. Dus ik vermoed dat ik een of ander virus heb dat mn Scanner down legt. Hieronder een Hijackthis logje.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:33:38, on 22-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Project Lithium\prjLithium.exe
    C:\Program Files\ProxyWay\proxyway.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\PKR\pkrpal.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = microsoft internet explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
    O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [DisableKeyboard] Rundll32.exe Keyboard,Disable
    O4 - HKLM\..\Run: [DisableMouse] Rundll32.exe Mouse,Disable
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisemiddelhuis.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159688581031
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205335090796
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C61EC49C-1D96-4812-A284-FFF54EA2EEFB}: NameServer = 195.121.1.34,195.121.1.66
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 15801 bytes


    Help me plzz , bedankt alvast

  • #2
    Pcpitstop.com geeft Sockets de Trois trojan aan?

    ik deed dus die tests op www.pcpitstop.com en onder die tests kwam er een note dat Sockets de Trois trojan aanwezig was op mijn computer, maar mijn Norton virus scanner heeft het nooit op gemerkt, en sinds kort ligt mijn virusscanner zelfs down!, Ik zal nu nog eens een HijacktHis logje plaatsen, want ik vind dit maar een vreemde zaak

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:29:24, on 22-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Project Lithium\prjLithium.exe
    C:\Program Files\ProxyWay\proxyway.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\PKR\pkrpal.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = microsoft internet explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
    O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisemiddelhuis.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159688581031
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205335090796
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C61EC49C-1D96-4812-A284-FFF54EA2EEFB}: NameServer = 195.121.1.34,195.121.1.66
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 15763 bytes
    Last edited by bassie123; 22-05-08, 17:34. Reden: geen hijackfile bij geplaatsd xD

    Comment


    • #3
      Hoi,

      Ik ga even voor je kijken.
      Met vriendelijke groet,
      Blackbird

      Comment


      • #4
        Hoi,

        Volg deze instructies om ComboFix te downloaden.
        Voer de instructies op die pagina uit, inclusief het installeren van de XP Recovery Console.

        Indien je ComboFix al eerder hebt gebruikt, gelieve die versie te verwijderen en ComboFix opnieuw te downloaden via de bovenstaande link. ComboFix wordt namelijk bijna dagelijks geupdate.

        Als je tijdens of na het downloaden van ComboFix of tijdens het gebruik van ComboFix een melding krijgt van je antivirus-of een andere scanner, schakel dan deze scanner uit en download ComboFix opnieuw. Sommige scanners zien bepaalde componenten die ComboFix gebruikt als verdacht en gaan deze blokkeren of verwijderen.
        • Dubbelklik op ComboFix.exe om ComboFix te openen.
          Volg de instructies en aanvaard de disclaimer door op "Ja" te klikken.
          Klik tijdens het draaien van ComboFix NIET in het venster, dit kan je systeem doen vastlopen.

        Wanneer ComboFix klaar is en eventueel na herstart zal er een log (ComboFix.txt) openen.
        Post deze samen met een nieuw logje van HijackThis in je volgende reactie.[/
        Met vriendelijke groet,
        Blackbird

        Comment


        • #5
          Srry voor de late reactie, ik was dit hele weekend weg, hier onder mijn combofix + hijackthis logje

          ComboFix 08-05-24.1 - bas 2008-05-25 15:59:57.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.394 [GMT 2:00]
          Gestart vanuit: C:\Documents and Settings\bas\Bureaublad\ComboFix.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
          C:\WINDOWS\system32\MSINET.oca

          ----- BITS: Mogelijk geïnfecteerde sites -----

          hxxp://launcher.patcher.ncsoft.com
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))
          .

          2008-05-17 13:25 . 2008-05-17 14:26 <DIR> d-------- C:\RVAXO
          2008-05-17 13:20 . 2008-05-16 07:10 822,165 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-05-17 13:20 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-05-17 12:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2008-05-17 11:53 . 2008-05-17 11:53 <DIR> d-------- C:\Program Files\Trend Micro
          2008-05-04 18:05 . 2008-05-04 18:05 <DIR> d-------- C:\VundoFix Backups
          2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
          2008-04-28 21:24 . 2008-04-28 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
          2008-04-28 21:13 . 2008-04-28 21:13 <DIR> d-------- C:\Program Files\GALA-NET
          2008-04-28 21:13 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
          2008-04-26 14:44 . 2008-04-26 14:51 <DIR> d-------- C:\Program Files\Talisman

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-05-25 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-05-25 13:28 --------- d-----w C:\Program Files\Steam
          2008-05-23 13:36 11,170 ----a-w C:\Documents and Settings\bas\Application Data\wklnhst.dat
          2008-05-23 13:29 --------- d-----w C:\Documents and Settings\bas\Application Data\Xfire
          2008-05-22 12:41 --------- d-----w C:\Program Files\PKR
          2008-05-19 16:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-05-17 10:29 --------- d-----w C:\Program Files\Java
          2008-05-15 12:58 --------- d-----w C:\Program Files\Xfire
          2008-05-03 16:36 --------- d-----w C:\Documents and Settings\bas\Application Data\BitTorrent
          2008-04-30 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
          2008-04-29 15:47 --------- d-----w C:\Program Files\Norton 360
          2008-04-28 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-04-27 16:07 --------- d-----w C:\Program Files\VstPlugins
          2008-04-26 12:16 --------- d-----w C:\Program Files\AV VCS 3.0
          2008-04-24 11:29 --------- d-----w C:\Program Files\Disney
          2008-04-24 09:37 --------- d-----w C:\Program Files\Project Lithium
          2008-04-19 21:23 --------- d-----w C:\Program Files\PIC Corporation
          2008-04-19 18:01 --------- d-----w C:\Documents and Settings\bas\Application Data\mIRC
          2008-04-19 17:46 --------- d-----w C:\Program Files\mIRC
          2008-04-16 17:47 1,378 ----a-w C:\Documents and Settings\Gast\Application Data\wklnhst.dat
          2008-04-15 18:31 --------- d-----w C:\Program Files\MSN Messenger
          2008-04-15 13:21 --------- d-----w C:\Program Files\ToXiC
          2008-04-12 11:31 --------- d-----w C:\Program Files\rgcaudio
          2008-04-12 11:23 --------- d-----w C:\Program Files\LimeWire
          2008-04-10 17:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-04-09 16:41 304,160 ----a-w C:\StiImg.dat
          2008-04-08 16:36 --------- d-----w C:\Documents and Settings\bas\Application Data\HLSW
          2008-04-07 16:31 --------- d-s---w C:\Program Files\HLSW
          2008-04-06 17:22 --------- d-----w C:\Documents and Settings\bas\Application Data\Ventrilo
          2008-04-04 17:39 --------- d-----w C:\Program Files\Ventrilo
          2008-04-04 17:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-03-31 14:35 75,792 ----a-w C:\Documents and Settings\bas\Application Data\GDIPFONTCACHEV1.DAT
          2008-03-28 15:20 --------- d-----w C:\Documents and Settings\bas\Application Data\teamspeak2
          2008-03-26 15:33 --------- d-----w C:\Documents and Settings\Gast\Application Data\DAEMON Tools
          2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
          2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
          2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
          2008-03-07 15:56 247,866 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7203.exe
          2008-02-02 16:52 134 ----a-w C:\Documents and Settings\bas\lolli.bat
          2008-02-02 12:33 159 ----a-w C:\Documents and Settings\bas\whahahehhe.vbs
          2008-02-02 11:46 19 ----a-w C:\Documents and Settings\bas\.bat
          2007-08-16 22:01 40,674 ----a-w C:\Program Files\zzzzzzzzzz-DeaD-Soundfix.pk3
          2007-04-24 18:21 28 ----a-w C:\Program Files\realmlist.wtf
          2006-11-03 13:56 560 -c--a-w C:\Program Files\Global.sw
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
          "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:03 67128]
          "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 01:11 43008]
          "PlayNC Launcher"="C:\program files\ncsoft\launcher\NCLauncher.exe" [2008-05-01 17:22 38128]
          "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
          "Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:40 1271032]
          "PrjLithium"="C:\Program Files\Project Lithium\prjLithium.exe" [2004-06-10 02:13 227840]
          "ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [2006-05-07 19:16 905216]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Cmaudio"="cmicnfg.cpl" [2003-09-12 20:07 2244608 C:\WINDOWS\CMICNFG.CPL]
          "CHotkey"="mHotkey.exe" [2003-06-27 15:39 506368 C:\WINDOWS\mHotkey.exe]
          "ledpointer"="CNYHKey.exe" [2003-06-27 09:36 5798912 C:\WINDOWS\CNYHKey.exe]
          "Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
          "PCMService"="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 15:23 61440]
          "PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 215552 C:\WINDOWS\system32\PRISMSTA.exe]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
          "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 01:11 50688]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-06 09:23 151597]
          "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe]
          "PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 17:27 295001]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:03 110592 C:\WINDOWS\system32\bthprops.cpl]
          "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
          "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
          "PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [2008-05-22 14:41 2273896]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:53 116072]
          "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-23 16:10 77824]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

          C:\Documents and Settings\bas\Menu Start\Programma's\Opstarten\
          Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
          Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]
          Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-04-30 02:58:44 2998608]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]
          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 19:03:20 67128]
          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-05 21:45:33 528384]
          SpeedTouch 120g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe [2004-09-23 19:36:28 303104]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "AllowLegacyWebView"= 1 (0x1)
          "AllowUnhashedWebView"= 1 (0x1)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
          "VIDC.XFR1"= xfcodec.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
          "AntiVirusDisableNotify"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "C:\\Program Files\\Messenger\\msmsgs.exe"=
          "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
          "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
          "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "C:\\Program Files\\Xfire\\Xfire.exe"=
          "C:\\Program Files\\uTorrent\\uTorrent.exe"=
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\MSN Messenger\\livecall.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "9842:TCP"= 9842:TCP:*isabled:SolidNetworkManager
          "9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager

          R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
          R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 18:29]
          R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11]
          R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]
          R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]
          R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-07 16:36]
          S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\elise\Mijn documenten\Etc\VCdRom.sys
          S3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 11:01]
          S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 18:27]
          S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 18:41]
          S3 gAGP440p;gAGP440p;C:\DOCUME~1\bas\LOCALS~1\Temp\gAGP440p.sys
          S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys
          S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
          S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-10-05 11:30]
          S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
          \Shell\AutoRun\command - F:\autorun.exe

          *Newly Created Service* - CATCHME
          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-05-13 15:13:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-05-25 16:04:07
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...


          **************************************************************************
          .
          Voltooingstijd: 2008-05-25 16:07:31
          ComboFix-quarantined-files.txt 2008-05-25 14:06:27

          Pre-Run: 10,357,997,568 bytes beschikbaar
          Post-Run: 10,450,599,936 bytes beschikbaar

          186 --- E O F --- 2008-05-17 11:17:13




          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 16:09:36, on 25-5-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\System32\PAStiSvc.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\mHotkey.exe
          C:\WINDOWS\CNYHKey.exe
          C:\WINDOWS\Dit.exe
          C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
          C:\WINDOWS\system32\PRISMSTA.EXE
          C:\WINDOWS\DitExp.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\PKR\pkrpal.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Winamp\winampa.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          C:\Program Files\BitTorrent\bittorrent.exe
          C:\Program Files\DAEMON Tools Lite\daemon.exe
          C:\Program Files\ProxyWay\proxyway.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
          C:\Program Files\Xfire\Xfire.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\WINDOWS\system32\notepad.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
          O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
          O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
          O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
          O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
          O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
          O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
          O4 - HKCU\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe
          O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
          O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
          O4 - Global Startup: hp psc 1000 series.lnk = ?
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
          O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
          O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisemiddelhuis.spaces.live.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
          O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159688581031
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205335090796
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
          O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
          O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{C61EC49C-1D96-4812-A284-FFF54EA2EEFB}: NameServer = 195.121.1.34,195.121.1.66
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
          O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

          --
          End of file - 15515 bytes


          bedankt voor de reactie

          Comment


          • #6
            Hoi,

            1. Open een kladblokbestand.
            Kopieer de ondestaande code, en plak deze in het kladblokbestand.

            File::
            C:\Documents and Settings\bas\lolli.bat
            C:\Documents and Settings\bas\whahahehhe.vbs
            C:\Documents and Settings\bas\.bat
            C:\Program Files\zzzzzzzzzz-DeaD-Soundfix.pk3

            Driver::
            gAGP440p
            MusCDriverV32
            XDva081

            Sla het kladblokbestand op als CFScript.txt
            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

            ComboFix zal opnieuw starten.
            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
            Post de inhoud van de logfile.

            2. Start HijackThis opnieuw en kies voor Do a system scan only.
            Vink de volgende regels, indien aanwezig, aan:
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
            O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e4...p/RdxIE601.cab
            O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
            Sluit nu eerst alle vensters!
            Klik hierna onderin op Fix Checked.
            Sluit HijackThis hierna af.
            Start de computer opnieuw op.

            3. Ga naar www.virustotal.com
            Upload het volgende bestand: C:\Program Files\PKR\pkrpal.exe
            Wacht tot de resultaten verschijnen, en kopieer deze in je volgende reactie.

            Doe dit ook voor het volgende bestand: C:\Program Files\Project Lithium\prjLithium.exe.


            Maak nu een nieuwe HijackThislog, en post deze tesamen met de log van ComboFix en de logs van VirusTotal in je volgende reactie.
            Met vriendelijke groet,
            Blackbird

            Comment


            • #7
              ok, hierbij mijn logs,

              ComboFix 08-05-24.1 - bas 2008-05-26 15:41:47.2 - NTFSx86
              Gestart vanuit: C:\Documents and Settings\bas\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\bas\Bureaublad\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE ::
              C:\Documents and Settings\bas\.bat
              C:\Documents and Settings\bas\lolli.bat
              C:\Documents and Settings\bas\whahahehhe.vbs
              C:\Program Files\zzzzzzzzzz-DeaD-Soundfix.pk3
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
              C:\Documents and Settings\bas\.bat
              C:\Documents and Settings\bas\lolli.bat
              C:\Documents and Settings\bas\whahahehhe.vbs
              C:\Program Files\zzzzzzzzzz-DeaD-Soundfix.pk3

              ----- BITS: Mogelijk ge‹nfecteerde sites -----

              hxxp://launcher.patcher.ncsoft.com
              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              -------\Legacy_GAGP440P
              -------\Legacy_XDVA081
              -------\Service_gAGP440p
              -------\Service_MusCDriverV32
              -------\Service_XDva081


              (((((((((((((((((((( Bestanden Gemaakt van 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))
              .

              2008-05-25 20:41 . 2008-05-25 20:41 76,576 --a------ C:\Documents and Settings\Gast\Application Data\GDIPFONTCACHEV1.DAT
              2008-05-17 13:25 . 2008-05-17 14:26 <DIR> d-------- C:\RVAXO
              2008-05-17 13:20 . 2008-05-16 07:10 822,165 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-05-17 13:20 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
              2008-05-17 12:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
              2008-05-17 11:53 . 2008-05-17 11:53 <DIR> d-------- C:\Program Files\Trend Micro
              2008-05-04 18:05 . 2008-05-04 18:05 <DIR> d-------- C:\VundoFix Backups
              2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
              2008-04-28 21:24 . 2008-04-28 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
              2008-04-28 21:13 . 2008-04-28 21:13 <DIR> d-------- C:\Program Files\GALA-NET
              2008-04-28 21:13 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
              2008-04-26 14:44 . 2008-04-26 14:51 <DIR> d-------- C:\Program Files\Talisman

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-05-26 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
              2008-05-26 13:31 --------- d-----w C:\Program Files\PKR
              2008-05-26 13:29 --------- d-----w C:\Program Files\Steam
              2008-05-25 18:43 2,406 ----a-w C:\Documents and Settings\Gast\Application Data\wklnhst.dat
              2008-05-25 18:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
              2008-05-23 13:36 11,170 ----a-w C:\Documents and Settings\bas\Application Data\wklnhst.dat
              2008-05-23 13:29 --------- d-----w C:\Documents and Settings\bas\Application Data\Xfire
              2008-05-17 10:29 --------- d-----w C:\Program Files\Java
              2008-05-15 12:58 --------- d-----w C:\Program Files\Xfire
              2008-05-03 16:36 --------- d-----w C:\Documents and Settings\bas\Application Data\BitTorrent
              2008-04-30 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
              2008-04-29 15:47 --------- d-----w C:\Program Files\Norton 360
              2008-04-28 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-04-27 16:07 --------- d-----w C:\Program Files\VstPlugins
              2008-04-26 12:16 --------- d-----w C:\Program Files\AV VCS 3.0
              2008-04-24 11:29 --------- d-----w C:\Program Files\Disney
              2008-04-24 09:37 --------- d-----w C:\Program Files\Project Lithium
              2008-04-19 21:23 --------- d-----w C:\Program Files\PIC Corporation
              2008-04-19 18:01 --------- d-----w C:\Documents and Settings\bas\Application Data\mIRC
              2008-04-19 17:46 --------- d-----w C:\Program Files\mIRC
              2008-04-15 18:31 --------- d-----w C:\Program Files\MSN Messenger
              2008-04-15 13:21 --------- d-----w C:\Program Files\ToXiC
              2008-04-12 11:31 --------- d-----w C:\Program Files\rgcaudio
              2008-04-12 11:23 --------- d-----w C:\Program Files\LimeWire
              2008-04-10 17:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2008-04-09 16:41 304,160 ----a-w C:\StiImg.dat
              2008-04-08 16:36 --------- d-----w C:\Documents and Settings\bas\Application Data\HLSW
              2008-04-07 16:31 --------- d-s---w C:\Program Files\HLSW
              2008-04-06 17:22 --------- d-----w C:\Documents and Settings\bas\Application Data\Ventrilo
              2008-04-04 17:39 --------- d-----w C:\Program Files\Ventrilo
              2008-04-04 17:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
              2008-03-31 14:35 75,792 ----a-w C:\Documents and Settings\bas\Application Data\GDIPFONTCACHEV1.DAT
              2008-03-28 15:20 --------- d-----w C:\Documents and Settings\bas\Application Data\teamspeak2
              2008-03-26 15:33 --------- d-----w C:\Documents and Settings\Gast\Application Data\DAEMON Tools
              2008-03-07 15:56 247,866 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7203.exe
              2007-04-24 18:21 28 ----a-w C:\Program Files\realmlist.wtf
              2006-11-03 13:56 560 -c--a-w C:\Program Files\Global.sw
              .

              ((((((((((((((((((((((((((((( [email protected]_16.06.15,62 )))))))))))))))))))))))))))))))))))))))))
              .
              - 2008-05-25 13:24:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
              + 2008-05-26 13:49:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
              + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
              "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
              "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:03 67128]
              "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 01:11 43008]
              "PlayNC Launcher"="C:\program files\ncsoft\launcher\NCLauncher.exe" [2008-05-01 17:22 38128]
              "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
              "Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:40 1271032]
              "PrjLithium"="C:\Program Files\Project Lithium\prjLithium.exe" [2004-06-10 02:13 227840]
              "ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [2006-05-07 19:16 905216]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Cmaudio"="cmicnfg.cpl" [2003-09-12 20:07 2244608 C:\WINDOWS\CMICNFG.CPL]
              "CHotkey"="mHotkey.exe" [2003-06-27 15:39 506368 C:\WINDOWS\mHotkey.exe]
              "ledpointer"="CNYHKey.exe" [2003-06-27 09:36 5798912 C:\WINDOWS\CNYHKey.exe]
              "Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
              "PCMService"="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 15:23 61440]
              "PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 215552 C:\WINDOWS\system32\PRISMSTA.exe]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
              "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 01:11 50688]
              "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-06 09:23 151597]
              "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe]
              "PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 17:27 295001]
              "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:03 110592 C:\WINDOWS\system32\bthprops.cpl]
              "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
              "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
              "PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [2008-05-22 14:41 2273896]
              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:53 116072]
              "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-23 16:10 77824]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

              C:\Documents and Settings\bas\Menu Start\Programma's\Opstarten\
              Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
              Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]
              Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-04-30 02:58:44 2998608]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]
              hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
              Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 19:03:20 67128]
              Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-05 21:45:33 528384]
              SpeedTouch 120g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe [2004-09-23 19:36:28 303104]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "AllowLegacyWebView"= 1 (0x1)
              "AllowUnhashedWebView"= 1 (0x1)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
              "VIDC.XFR1"= xfcodec.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\security center]
              "AntiVirusDisableNotify"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "C:\\Program Files\\LimeWire\\LimeWire.exe"=
              "C:\\Program Files\\Messenger\\msmsgs.exe"=
              "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
              "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
              "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
              "C:\\Program Files\\Xfire\\Xfire.exe"=
              "C:\\Program Files\\uTorrent\\uTorrent.exe"=
              "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
              "C:\\Program Files\\MSN Messenger\\livecall.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
              "9842:TCP"= 9842:TCP:*isabled:SolidNetworkManager
              "9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager

              R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
              R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 18:29]
              R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11]
              R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]
              R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]
              R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-07 16:36]
              S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\elise\Mijn documenten\Etc\VCdRom.sys
              S3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 11:01]
              S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 18:27]
              S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 18:41]
              S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
              S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-10-05 11:30]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
              \Shell\AutoRun\command - F:\autorun.exe

              *Newly Created Service* - COMHOST
              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-05-13 15:13:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
              .
              **************************************************************************

              catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-05-26 15:52:02
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...


              **************************************************************************
              .
              --------------------- DLLs Geladen Onder Lopende Processen ---------------------

              PROCESS: C:\WINDOWS\explorer.exe
              -> C:\Program Files\ProxyWay\hook.dll
              -> ?:\WINDOWS\system32\ATL.DLL
              -> ?:\WINDOWS\system32\ATL.DLL
              -> ?:\WINDOWS\system32\ATL.DLL
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\WINDOWS\system32\ati2evxx.exe
              C:\WINDOWS\system32\ati2evxx.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\system32\PAStiSvc.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              C:\WINDOWS\DitExp.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
              C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              C:\WINDOWS\system32\dwwin.exe
              C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
              .
              **************************************************************************
              .
              Voltooingstijd: 2008-05-26 16:13:54 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-05-26 14:13:39
              ComboFix2.txt 2008-05-25 14:07:31

              Pre-Run: 10,134,437,888 bytes beschikbaar
              Post-Run: 10,078,085,120 bytes beschikbaar

              237 --- E O F --- 2008-05-17 11:17:13






              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 16:24:54, on 26-5-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\System32\PAStiSvc.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\RunDll32.exe
              C:\WINDOWS\mHotkey.exe
              C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              C:\WINDOWS\CNYHKey.exe
              C:\WINDOWS\Dit.exe
              C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
              C:\WINDOWS\system32\PRISMSTA.EXE
              C:\WINDOWS\DitExp.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
              C:\Program Files\PKR\pkrpal.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Winamp\winampa.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              C:\Program Files\BitTorrent\bittorrent.exe
              C:\Program Files\DAEMON Tools Lite\daemon.exe
              C:\program files\steam\steam.exe
              C:\Program Files\Project Lithium\prjLithium.exe
              C:\Program Files\ProxyWay\proxyway.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
              C:\Program Files\Logitech\SetPoint\SetPoint.exe
              C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
              C:\Program Files\Xfire\Xfire.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
              C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\notepad.exe
              C:\Program Files\internet explorer\iexplore.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
              O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
              O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
              O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
              O4 - HKLM\..\Run: [Dit] Dit.exe
              O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
              O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
              O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
              O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
              O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
              O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
              O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
              O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
              O4 - HKCU\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe
              O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
              O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
              O4 - Global Startup: hp psc 1000 series.lnk = ?
              O4 - Global Startup: hpoddt01.exe.lnk = ?
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
              O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
              O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
              O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
              O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
              O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
              O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisemiddelhuis.spaces.live.com//PhotoUpload/MsnPUpld.cab
              O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159688581031
              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
              O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205335090796
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
              O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
              O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{C61EC49C-1D96-4812-A284-FFF54EA2EEFB}: NameServer = 195.121.1.34,195.121.1.66
              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
              O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

              --
              End of file - 15292 bytes










              Bestand pkrpal.exe ontvangen op 2008.05.26 16:27:48 (CET)
              Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT


              Resultaat: 0/32 (0%)
              Server informatie laden...
              Je bestand is in de wachtrij geplaatst, plaats: 1.
              De gemiddelde starttijd ligt tussen 38 en 55 seconden.
              Laat dit venster open tijdens het scannen.
              De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen.
              Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen.
              Je bestand word op dit moment gescand door VirusTotal,
              De resultaten worden weergegeven zodra ze beschikbaar zijn.
              Geformatteerd Resultaten afdrukken
              Je bestand is vervallen of bestaat niet.
              De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd.

              Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt.
              E-mail:


              Antivirus Versie Laatst geüpdatet Resultaat
              AhnLab-V3 2008.5.22.1 2008.05.26 -
              AntiVir 7.8.0.19 2008.05.26 -
              Authentium 5.1.0.4 2008.05.26 -
              Avast 4.8.1195.0 2008.05.26 -
              AVG 7.5.0.516 2008.05.25 -
              BitDefender 7.2 2008.05.26 -
              CAT-QuickHeal 9.50 2008.05.24 -
              ClamAV 0.92.1 2008.05.26 -
              DrWeb 4.44.0.09170 2008.05.26 -
              eSafe 7.0.15.0 2008.05.26 -
              eTrust-Vet 31.4.5823 2008.05.26 -
              Ewido 4.0 2008.05.26 -
              F-Prot 4.4.4.56 2008.05.23 -
              F-Secure 6.70.13260.0 2008.05.26 -
              Fortinet 3.14.0.0 2008.05.26 -
              GData 2.0.7306.1023 2008.05.23 -
              Ikarus T3.1.1.26.0 2008.05.26 -
              Kaspersky 7.0.0.125 2008.05.26 -
              McAfee 5302 2008.05.23 -
              Microsoft 1.3520 2008.05.26 -
              NOD32v2 3132 2008.05.26 -
              Norman 5.80.02 2008.05.23 -
              Panda 9.0.0.4 2008.05.25 -
              Prevx1 V2 2008.05.26 -
              Rising 20.46.02.00 2008.05.26 -
              Sophos 4.29.0 2008.05.26 -
              Sunbelt 3.0.1123.1 2008.05.17 -
              Symantec 10 2008.05.26 -
              TheHacker 6.2.92.318 2008.05.23 -
              VBA32 3.12.6.6 2008.05.26 -
              VirusBuster 4.3.26:9 2008.05.26 -
              Webwasher-Gateway 6.6.2 2008.05.26 -






              Bestand prjLithium.exe ontvangen op 2008.05.26 16:30:54 (CET)
              Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT


              Resultaat: 1/32 (3.13%)
              Server informatie laden...
              Je bestand is in de wachtrij geplaatst, plaats: 1.
              De gemiddelde starttijd ligt tussen 38 en 55 seconden.
              Laat dit venster open tijdens het scannen.
              De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen.
              Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen.
              Je bestand word op dit moment gescand door VirusTotal,
              De resultaten worden weergegeven zodra ze beschikbaar zijn.
              Geformatteerd Resultaten afdrukken
              Je bestand is vervallen of bestaat niet.
              De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd.

              Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt.
              E-mail:


              Antivirus Versie Laatst geüpdatet Resultaat
              AhnLab-V3 2008.5.22.1 2008.05.26 -
              AntiVir 7.8.0.19 2008.05.26 -
              Authentium 5.1.0.4 2008.05.26 -
              Avast 4.8.1195.0 2008.05.26 -
              AVG 7.5.0.516 2008.05.25 -
              BitDefender 7.2 2008.05.26 -
              CAT-QuickHeal 9.50 2008.05.24 -
              ClamAV 0.92.1 2008.05.26 -
              DrWeb 4.44.0.09170 2008.05.26 -
              eSafe 7.0.15.0 2008.05.26 -
              eTrust-Vet 31.4.5823 2008.05.26 -
              Ewido 4.0 2008.05.26 -
              F-Prot 4.4.4.56 2008.05.23 -
              F-Secure 6.70.13260.0 2008.05.26 -
              Fortinet 3.14.0.0 2008.05.26 -
              GData 2.0.7306.1023 2008.05.23 -
              Ikarus T3.1.1.26.0 2008.05.26 -
              Kaspersky 7.0.0.125 2008.05.26 -
              McAfee 5302 2008.05.23 -
              Microsoft 1.3520 2008.05.26 -
              NOD32v2 3132 2008.05.26 -
              Norman 5.80.02 2008.05.23 -
              Panda 9.0.0.4 2008.05.25 -
              Prevx1 V2 2008.05.26 -
              Rising 20.46.02.00 2008.05.26 -
              Sophos 4.29.0 2008.05.26 -
              Sunbelt 3.0.1123.1 2008.05.17 -
              Symantec 10 2008.05.26 -
              TheHacker 6.2.92.318 2008.05.23 -
              VBA32 3.12.6.6 2008.05.26 -
              VirusBuster 4.3.26:9 2008.05.26 -
              Webwasher-Gateway 6.6.2 2008.05.26 Win32.Malware.gen#ASPack (suspicious)


              mvg, bassie123

              Comment


              • #8
                Hoi,

                Alles ziet er weer schoon uit.
                Doe nog wel even het volgende:

                1. Je mag de gebruikte tools weer verwijderen.
                Verwijder ComboFix door naar start > uitvoeren te gaan, en dan combofix /u te typen. Dit zal gelijk zorgen dat eventueel geïnfecteerde systeemherstelpunten worden gewist.

                2. Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

                Download Java Runtime Environment (JRE) 6u6.
                • Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
                • Klik op de "Download" knop aan de rechterkant.
                • Vink aan: "Accept License Agreement".
                • De pagina zal herladen.
                • Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                3. Ga naar de Windows update site en haal alle updates op, dit ter bescherming van je pc.

                4. Lees deze pagina eens door om herinfectie te voorkomen.
                Met vriendelijke groet,
                Blackbird

                Comment


                • #9
                  ok bedankt voor de hulp, virusscanner doet het weer prima

                  mvg bassie123.

                  Comment


                  • #10
                    Graag gedaan.
                    Met vriendelijke groet,
                    Blackbird

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X