Computer doet raar

#1
Hallo,

Sinds een paar weken heb ik een probleem met mijn computer. Als ik bijvoorbeeld internet explorer opstart, sluit deze na enkele momenten zomaar af. Ook malwarebytes starte sinds gisteren helemaal niet op, dit heb ik reeds opgelost door de naam mbam.exe in 54321.exe te veranderen. Maar ook als ik met andere programma's bezig ben, bijvoorbeeld Firefox, Windows Mediaplayer etc. lijkt het alsof er een ander programma wordt opgestart. (de donkerblauwe balk bovenaan het venster wordt ineens lichtblauw). Dus ik wou graag een HJT logje plaatsen zodat misschien iemand op het forum mij kan helpen.
--- automatische edit ---
HJT log

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:45, on 27-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\common files\symantec shared\ccsetmgr.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\program files\common files\symantec shared\ccevtmgr.exe
c:\program files\common files\symantec shared\ccproxy.exe
c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
c:\program files\common files\symantec shared\sndsrvc.exe
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\ctsvccda.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\norton internet security\norton antivirus\navapsvc.exe
c:\windows\system32\hpzipm12.exe
c:\windows\system32\svchost.exe
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\windows\system32\mspmspsv.exe
c:\program files\common files\pure networks shared\platform\nmsrvc.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\program files\creative\sb live! 24-bit\surround mixer\ctsysvol.exe
c:\program files\common files\symantec shared\ccapp.exe
c:\program files\common files\pure networks shared\platform\nmctxth.exe
c:\program files\pure networks\network magic\nmapp.exe
c:\windows\system32\rundll32.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\common files\symantec shared\security console\nscsrvce.exe
c:\windows\system32\searchindexer.exe
c:\program files\windows media player\wmplayer.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\messenger\msmsgs.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: norton internet security 2006 - {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\nisshext.dll
o2 - bho: nav helper - {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\navshext.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: norton internet security 2006 - {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\nisshext.dll
o3 - toolbar: norton antivirus - {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\navshext.dll
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [ctsysvol] c:\program files\creative\sb live! 24-bit\surround mixer\ctsysvol.exe /r
o4 - hklm\..\run: [updreg] c:\windows\updreg.exe
o4 - hklm\..\run: [snelkoppeling naar eigenschappenvenster voor high definition audio] hdaudpropshortcut.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [ccapp] c:\program files\common files\symantec shared\ccapp.exe
o4 - hklm\..\run: [symantec pif alerteng] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe /a /m c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\alerteng.dll
o4 - hklm\..\run: [nmctxth] c:\program files\common files\pure networks shared\platform\nmctxth.exe
o4 - hklm\..\run: [nmapp] c:\program files\pure networks\network magic\nmapp.exe -autorun -nosplash
o4 - hklm\..\run: [nwiz] nwiz.exe /installquiet
o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\runservices: [wusb54gc] %programfiles%\
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [nbj] c:\program files\ahead\nero backitup\nbj.exe
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\runonce: [shockwave updater] c:\windows\system32\adobe\shockwave 11\swhelper_1150595.exe -update -1150595 -"mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; simbar enabled; simbar={f2a8402f-4c5f-4655-9e4e-3f4efcc02f0d}; .net clr 1.1.4322; .net clr 2.0.50727; .net clr 3.0.04506.30; .net clr 3.0.04506.648; .net clr 3.0.4506.2152; .net clr 3.5.30729; officeliveconnector.1.3; officelivepatch.0.0)" -"[noparse]http://www.habbo.nl/client"[/noparse]
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: raid manager.lnk = c:\program files\ite\ite it8212 ata raid controller\raidmgr.exe
o8 - extra context menu item: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: shopperreports - compare travel rates - {946b3e9e-e21a-49c8-9f63-900533fafe14} - c:\windows\system32\shdocvw.dll
o9 - extra button: shopperreports - compare product prices - {946b3e9e-e21a-49c8-9f63-900533fafe15} - c:\windows\system32\shdocvw.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {2250c29c-c5e9-4f55-be4e-01e45a40fcf1} (cmediamix object) - [noparse]http://musicmix.messenger.msn.com/medialogic.cab[/noparse]
o16 - dpf: {2917297f-f02b-4b9d-81df-494b6333150b} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab31267.cab[/noparse]
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [noparse]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[/noparse]
o16 - dpf: {6a344d34-5231-452a-8a57-d064ac9b7862} (symantec download manager) - [noparse]https://webdl.symantec.com/activex/symdlmgr.cab[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1140638021515[/noparse]
o16 - dpf: {74dbcb52-f298-4110-951d-ad2ff67bc8ab} (nvidia smart scan) - [noparse]http://www.nvidia.com/content/driverdownload/nforce/nvidiasmartscan.cab[/noparse]
o16 - dpf: {8e0d4de5-3180-4024-a327-4dfad1796a8d} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatsclient.cab31267.cab[/noparse]
o16 - dpf: {97e71027-0ba2-44f2-97db-f84d808ed0b6} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab55762.cab[/noparse]
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (msn games - installer) - [noparse]http://messenger.zone.msn.com/binary/zintro.cab56649.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {cd995117-98e5-4169-9920-6c12d4c0b548} (hgplugin9usa class) - [noparse]http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/hgplugin9usa.cab[/noparse]
o16 - dpf: {cf40acc5-e1bb-4aff-ac72-04c2f616bca7} (get_atlcom class) - [noparse]http://www.adobe.com/products/acrobat/nos/gp.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[/noparse]
o16 - dpf: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} -
o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse]
o23 - service: atheros configuration service (acs) - unknown owner - c:\windows\system32\acs.exe
o23 - service: canon camera access library 8 (ccalib8) - canon inc. - c:\program files\canon\cal\calmain.exe
o23 - service: symantec event manager (ccevtmgr) - symantec corporation - c:\program files\common files\symantec shared\ccevtmgr.exe
o23 - service: symantec internet security password validation (ccispwdsvc) - symantec corporation - c:\program files\norton internet security\ccpwdsvc.exe
o23 - service: symantec network proxy (ccproxy) - symantec corporation - c:\program files\common files\symantec shared\ccproxy.exe
o23 - service: symantec settings manager (ccsetmgr) - symantec corporation - c:\program files\common files\symantec shared\ccsetmgr.exe
o23 - service: com host (comhost) - symantec corporation - c:\program files\norton internet security\comhost.exe
o23 - service: creative service for cdrom access - creative technology ltd - c:\windows\system32\ctsvccda.exe
o23 - service: google update service (gupdate1c9acbb8959df00) (gupdate1c9acbb8959df00) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: liveupdate - symantec corporation - c:\progra~1\symantec\liveup~1\lucoms~1.exe
o23 - service: liveupdate notice service - symantec corporation - c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
o23 - service: norton antivirus auto-protect-service (navapsvc) - symantec corporation - c:\program files\norton internet security\norton antivirus\navapsvc.exe
o23 - service: pure networks platform service (nmservice) - cisco systems, inc. - c:\program files\common files\pure networks shared\platform\nmsrvc.exe
o23 - service: norton protection center service (nscservice) - symantec corporation - c:\program files\common files\symantec shared\security console\nscsrvce.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
o23 - service: planner voor automatische liveupdate - symantec corporation - c:\program files\symantec\liveupdate\aluschedulersvc.exe
o23 - service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: symantec avscan (savscan) - symantec corporation - c:\program files\norton internet security\norton antivirus\savscan.exe
o23 - service: servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe
o23 - service: symantec network drivers service (sndsrvc) - symantec corporation - c:\program files\common files\symantec shared\sndsrvc.exe
o23 - service: symantec spbbcsvc (spbbcsvc) - symantec corporation - c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
o23 - service: symantec core lc - unknown owner - c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
o23 - service: upnpservice - magix ag - c:\program files\common files\magix shared\upnpservice\upnpservice.exe
o23 - service: wmp54gv4svc - gemteks - c:\program files\linksys\linksys wireless-g pci wireless network monitor\wlservice.exe
--
end of file - 13660 bytes

[/hjt]

O ja en ik heb het volgende al tevergeefs geprobeerd http://www.nationaalcomputerforum.nl/showthread.php?t=53954

en daarbij heb ik de volgende logjes verzameld van SDFix en Avenger

SDFix: Version 1.240
Run on za 26-12-2009 at 16:52

Microsoft Windows XP [versie 5.1.2600]


Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 17:04:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\Berends\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:pnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:pnkBstrB"
"C:\\Documents and Settings\\Berends\\Application Data\\Vusion\\WARPVideoStreamer.exe"="C:\\Documents and Settings\\Berends\\Application Data\\Vusion\\WARPVideoStreamer.exe:*:Enabled:WARP Video Streamer"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire"
"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"="C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\sj3nkie\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\sj3nkie\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\sj3nkie\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\sj3nkie\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\sj3nkie\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\sj3nkie\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :



Files with Hidden Attributes :


Finished!

en

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTbdvbrxnriq.sys
Start Type: 1 (System)

Rootkit scan completed.


Error: file "c:\windows\system32\22.tmp" not found!
Deletion of file "c:\windows\system32\22.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\37.tmp" not found!
Deletion of file "c:\windows\system32\37.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\dpvacm32.dll" not found!
Deletion of file "c:\windows\system32\dpvacm32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\d3drm32.dll" not found!
Deletion of file "c:\windows\system32\d3drm32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c428c540517" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c428c540517" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c428c540658" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c428c540658" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
 
Laatst bewerkt door een moderator:

Abraham54

Administrator
Medewerker
#2
Hallo Peter, het op eigen houtje tools gebruiken uit andere HJT-logs is niet risicoloos. Want wacht gewoon de opdrachten af, die voor jouw Windows gelden!

Je hebt een bijzonder goede antvirus in je systeem zitten.

Start het menu een kies voor een volledige scan en post het resultaat daarvan!
 
#3
Oke is goed zal wel even duren voordat het klaar is dus antwoord volgt waarschijnlijk vanavond.
--- automatische edit ---
De scan is voltooid en geeft aan dat er geen bedreigingen zijn gevonden.
--- automatische edit ---
Ik heb gisteren trouwens ook met mbam wat dingen opgeschoond. Nu net even een snelle scan gedraaid en weer 4 items gevonden, wat me opvalt is dat er telkens dezelfde rootkit verschijnt.

27-12-2009 19:30:46
mbam-log-2009-12-27 (19-30-44).txt

Scan type: Snelle Scan
Objecten gescand: 118199
Verstreken tijd: 5 minute(s), 11 second(s)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 1
Registersleutels genfecteerd: 1
Registerwaarden genfecteerd: 0
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 2

Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen genfecteerd:
\\?\globalroot\systemroot\system32\H8SRTvqlduyptxn.dll (Trojan.FakeAlert) -> No action taken.

Registersleutels genfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.

Registerwaarden genfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)

Mappen genfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden genfecteerd:
\\?\globalroot\systemroot\system32\H8SRTvqlduyptxn.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> No action taken.
 
Laatst bewerkt door een moderator:

Abraham54

Administrator
Medewerker
#4
Hallo Peter, jouw Norton antivirus - wat geeft het menu aan m.b.t. updates?

Wat de MBAM-scan betreft, die je gedaan hebt - daarna heb je niet de knop Verwijderen gebruikt!

Ook kan ik de MBAM-versie niet zien!


Maar gezien de problemen in jouw Windows, raad ik aan dat je Combofix laat scannen.

Om Combofix te kunnen gebruiken geldt het volgende:

- er mogen geen webbrowsers openstaan
- antivirus moet geheel gedeaktiveerd zijn
- actieve mal- en spywarescanners moeten gedeaktiveerd zijn.


Niet in het actieve Combofixvnster klikken dit zal Combofix doen bevriezen!

Combofix sluit de internet verbinding probeer deze tussentijds niet te herstellen!


Indien de Recovery Console niet genstalleerd is,
dan wordt je gevraagd om dit alsnog te doen door op 'JA' te klikken in het "Query - Recovery Console" venster.
Klik daarom op 'OK' en 'Ja' om automatisch de Recovery Console te laten installeren.
Klik na afloop hiervan wederom op 'Ja', om het scannen op malware te starten.


De recovery Console maakt het makkelijker problemen op te lossen, indien Windows om de een of andere reden opstartproblemen heeft!



Hier vindt je gegevens hoe antivirus te deaktiveren http://www.bleepingcomputer.com/forums/topic114351.html
 
#5
Ik heb de nieuwste versie van mbam, maar ik heb wel op verwijderen geklikt volgens mij. Maar ik ga nu combofix proberen, hopen dat het lukt!
--- automatische edit ---
[hjt]
combofix 09-12-27.03 - berends 28-12-2009 12:47:37.1.2 - x86
microsoft windows xp home edition 5.1.2600.3.1252.31.1043.18.1535.1023 [gmt 1:00]
gestart vanuit: c:\documents and settings\berends\bureaublad\combofix.exe
av: norton internet security 2006 *on-access scanning disabled* (updated) {e10a9785-9598-4754-b552-92431c1c35f8}
fw: norton internet security 2006 *disabled* {7c21a4c9-f61f-4ac4-b722-a6e19c16f220}
fw: norton internet worm protection *disabled* {990f9400-4cee-43ea-a83a-d013add8ea6e}
waarschuwing - de recovery console is niet op dit systeem geinstalleerd !!
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\berends\mijn documenten\zbthumbnail.info
c:\windows\system32\data
c:\windows\system32\drivers\h8srtbdvbrxnriq.sys
c:\windows\system32\h8srtheowkiwxyx.dll
c:\windows\system32\h8srttetjcbfohc.dat
c:\windows\system32\h8srtvqlduyptxn.dll
c:\windows\system32\srcr.dat
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\service_h8srtd.sys
-------\legacy_h8srtd.sys
(((((((((((((((((((( bestanden gemaakt van 2009-11-28 to 2009-12-28 ))))))))))))))))))))))))))))))
.
2009-12-27 13:12 . 2009-12-27 13:12 -------- d-----w- c:\program files\common files\apple
2009-12-27 13:12 . 2009-12-27 13:12 -------- d-----w- c:\program files\apple software update
2009-12-27 13:12 . 2009-12-27 13:12 -------- d-----w- c:\documents and settings\all users\application data\apple
2009-12-27 12:35 . 2009-12-27 18:31 -------- d--h--r- c:\documents and settings\berends\onlangs geopend
2009-12-26 18:36 . 2009-12-26 18:36 -------- d-----w- c:\documents and settings\berends\application data\malwarebytes
2009-12-26 18:35 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:35 . 2009-12-27 18:22 -------- d-----w- c:\program files\malwarebytes' anti-malware
2009-12-26 18:35 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 17:43 . 2009-12-26 17:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-26 15:51 . 2009-12-26 15:51 580096 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-12-26 15:45 . 2009-12-26 15:46 -------- d-----w- c:\windows\erunt
2009-12-26 15:19 . 2009-12-26 15:19 -------- d-sh--w- c:\documents and settings\administrator\privacie
2009-12-26 15:19 . 2009-12-26 15:19 -------- d-sh--w- c:\documents and settings\administrator\ietldcache
2009-12-26 15:09 . 2009-12-26 15:09 -------- d-----w- c:\documents and settings\all users\application data\malwarebytes
2009-12-26 14:27 . 2009-12-26 14:27 -------- d-----w- c:\documents and settings\berends\application data\iobit
2009-12-26 14:27 . 2009-12-26 14:27 -------- d-----w- c:\program files\iobit
2009-12-26 13:53 . 2004-09-13 06:17 2146304 ------w- c:\windows\unnmp.exe
2009-12-26 13:50 . 2004-10-14 08:19 2285568 ------w- c:\windows\unnerovision.exe
2009-12-26 12:07 . 2009-12-26 12:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-25 18:42 . 2009-12-25 18:42 -------- d-----w- c:\program files\trend micro
2009-12-25 16:55 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\opencl.dll
2009-12-25 16:55 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-25 13:03 . 2009-12-25 13:03 -------- d-----w- c:\program files\pure networks
2009-12-25 13:02 . 2009-07-07 13:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-12-25 13:01 . 2009-07-07 13:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-12-25 13:01 . 2009-12-25 13:01 -------- d-----w- c:\program files\common files\pure networks shared
2009-12-25 12:59 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-25 12:40 . 2009-12-25 12:40 -------- d-----w- c:\program files\webex
2009-12-25 12:39 . 2009-12-25 12:44 -------- d-----w- c:\documents and settings\all users\application data\pure networks
2009-12-24 13:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-24 12:40 . 2005-10-27 14:06 356096 ----a-w- c:\windows\system32\rt61.sys
2009-12-24 12:40 . 2005-10-27 14:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2009-12-24 12:40 . 2005-10-20 14:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2009-12-24 12:40 . 2005-02-01 17:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2009-12-24 12:40 . 2005-02-01 17:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2009-12-24 12:40 . 2005-02-01 17:18 17992 ----a-w- c:\windows\bcm42rly.sys
2009-12-24 12:40 . 2003-10-13 14:30 94208 ----a-w- c:\windows\system32\gtw32n50.dll
2009-12-24 12:40 . 2003-09-25 21:15 15872 ----a-w- c:\windows\system32\gtndis5.sys
2009-12-24 12:40 . 2009-12-25 12:43 -------- d-----w- c:\program files\linksys
2009-12-23 18:26 . 2009-12-23 18:26 -------- d-----w- c:\documents and settings\berends\application data\symantec
2009-12-23 18:20 . 2009-12-25 09:16 -------- d-----w- c:\program files\norton internet security
2009-12-23 18:19 . 2009-12-25 08:56 60808 ----a-w- c:\windows\system32\s32evnt1.dll
2009-12-23 18:19 . 2009-12-25 08:56 124464 ----a-w- c:\windows\system32\drivers\symevent.sys
2009-12-23 18:17 . 2009-12-25 08:56 -------- d-----w- c:\program files\symantec
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\ietldcache
2009-12-04 14:21 . 2009-12-04 14:21 -------- d-----w- c:\documents and settings\berends\application data\ea
2009-12-04 13:58 . 2009-12-04 13:58 -------- d-----w- c:\documents and settings\berends\local settings\application data\unity
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 18:08 . 2008-06-18 12:54 -------- d-----w- c:\program files\systemrequirementslab
2009-12-27 18:08 . 2009-12-27 18:08 138240 ----a-w- c:\documents and settings\berends\application data\systemrequirementslab\srlproxy_srl_4_1_14_0_d.dll
2009-12-27 18:08 . 2009-12-27 18:08 138240 ----a-w- c:\documents and settings\berends\application data\systemrequirementslab\srlproxy_srl_4_1_14_0_c.dll
2009-12-27 18:08 . 2009-12-27 18:08 138240 ----a-w- c:\documents and settings\berends\application data\systemrequirementslab\srlproxy_srl_4_1_14_0_b.dll
2009-12-27 18:08 . 2009-12-27 18:08 138240 ----a-w- c:\documents and settings\berends\application data\systemrequirementslab\srlproxy_srl_4_1_14_0_a.dll
2009-12-27 18:08 . 2008-06-18 12:53 -------- d-----w- c:\documents and settings\berends\application data\systemrequirementslab
2009-12-27 13:48 . 2005-08-19 13:09 -------- d-----w- c:\program files\common files\symantec shared
2009-12-27 13:04 . 2004-08-04 12:00 536884 ----a-w- c:\windows\system32\perfh013.dat
2009-12-27 13:04 . 2004-08-04 12:00 101106 ----a-w- c:\windows\system32\perfc013.dat
2009-12-26 16:58 . 2009-02-07 14:59 -------- d-----w- c:\documents and settings\all users\application data\lavasoft
2009-12-26 13:53 . 2005-08-18 11:41 -------- d-----w- c:\program files\ahead
2009-12-26 12:06 . 2005-10-26 11:52 -------- d-----w- c:\program files\java
2009-12-26 12:06 . 2009-12-26 12:06 152576 ----a-w- c:\documents and settings\berends\application data\sun\java\jre1.6.0_17\lzma.dll
2009-12-26 12:06 . 2009-12-26 12:06 79488 ----a-w- c:\documents and settings\berends\application data\sun\java\jre1.6.0_17\gtapi.dll
2009-12-26 09:47 . 2005-08-18 08:50 63072 ----a-w- c:\documents and settings\berends\local settings\application data\gdipfontcachev1.dat
2009-12-25 16:57 . 2009-08-23 12:59 -------- d-----w- c:\program files\nvidia corporation
2009-12-25 13:02 . 2009-12-25 12:40 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi
2009-12-25 09:12 . 2009-04-23 08:05 -------- d-----w- c:\documents and settings\all users\application data\symantec
2009-12-25 08:56 . 2009-12-25 08:54 806 ----a-w- c:\windows\system32\drivers\symevent.inf
2009-12-25 08:56 . 2009-12-25 08:54 10635 ----a-w- c:\windows\system32\drivers\symevent.cat
2009-12-24 12:40 . 2008-08-18 12:18 20747 ----a-w- c:\windows\system32\drivers\aegisp.sys
2009-12-24 12:40 . 2005-08-18 08:54 -------- d--h--w- c:\program files\installshield installation information
2009-12-23 18:22 . 2006-08-12 16:27 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-12-23 18:11 . 2009-04-23 07:54 -------- d-----w- c:\documents and settings\all users\application data\norton
2009-12-13 18:16 . 2009-08-13 10:52 -------- d-----w- c:\program files\divx
2009-12-13 18:16 . 2009-08-13 10:52 -------- d-----w- c:\program files\common files\divx shared
2009-12-09 20:13 . 2009-02-28 11:26 907248 ----a-w- c:\documents and settings\localservice\local settings\application data\fontcache3.0.0.0.dat
2009-12-06 09:39 . 2006-08-03 14:58 -------- d-----w- c:\program files\google
2009-12-04 14:21 . 2009-12-04 14:21 175616 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\unrar64_nocrypt.dll
2009-12-04 14:21 . 2009-12-04 14:21 150528 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\unrar_nocrypt.dll
2009-12-04 14:21 . 2009-12-04 14:21 30208 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\filedownloadconsole.exe
2009-11-26 18:01 . 2009-02-27 18:36 -------- d-----w- c:\program files\winnydows
2009-11-21 16:03 . 2004-08-04 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-11-21 02:34 . 2009-04-30 20:02 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2009-04-30 20:02 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2009-02-18 13:44 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2007-12-05 00:41 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2006-10-22 10:22 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2005-08-18 08:56 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2005-07-20 19:07 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2005-07-20 19:07 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2005-07-20 19:07 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2005-07-20 19:07 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2005-07-20 19:07 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-19 20:42 . 2007-05-25 13:52 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-19 14:13 . 2006-01-20 20:02 -------- d-----w- c:\program files\image-line
2009-11-19 14:13 . 2006-01-20 20:02 -------- d-----w- c:\program files\vstplugins
2009-11-19 14:12 . 2009-05-08 17:35 -------- d-----w- c:\program files\creative
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\divx.dll
2009-10-29 07:46 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-04-14 14:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:38 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-04 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-08 13:57 . 2007-10-09 11:03 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-08-04 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 09:30 . 2009-12-04 14:22 13312 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\photofaceconsole.exe
2009-10-07 19:34 . 2009-09-23 14:45 190216 ----a-w- c:\windows\system32\pnkbstrb.exe
2009-10-07 19:25 . 2009-09-23 14:47 139640 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys
2009-09-30 18:14 . 2009-12-04 14:22 15872 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\photofaceconsole.xmlserializers.dll
2009-09-30 09:41 . 2009-12-04 14:22 361472 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\fgphotofitdll.dll
2009-09-29 19:29 . 2009-12-04 14:22 6144 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\detectopenglconsole.exe
2009-09-29 19:29 . 2009-12-04 14:22 5120 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\downloadsourcephotoconsole.exe
2009-09-29 19:29 . 2009-12-04 14:22 9216 ----a-w- c:\documents and settings\berends\application data\ea\easw\gameface\uploadphotofitconsole.exe
2008-09-26 21:39 . 2008-09-26 21:39 5632 --sha-w- c:\program files\thumbs.db
2006-03-18 07:15 . 2006-02-27 18:00 694 ----a-w- c:\program files\onvz.cfg
2005-12-04 11:40 . 2005-11-30 19:10 7726 ----a-w- c:\program files\vw-zvw.rtf
2005-11-30 20:28 . 2005-11-27 19:35 628736 ----a-w- c:\program files\salesass.exe
2005-11-30 20:09 . 2005-11-30 19:10 7460 ----a-w- c:\program files\vw-int.rtf
2005-11-30 20:04 . 2005-11-30 19:10 7619 ----a-w- c:\program files\vw-aanv.rtf
2005-11-30 19:53 . 2005-11-24 16:46 13962 ----a-w- c:\program files\rg-farma.rtf
2005-11-30 19:51 . 2005-11-24 16:46 90588 ----a-w- c:\program files\rg-hulpm.rtf
2005-11-30 19:42 . 2005-11-24 16:46 20767 ----a-w- c:\program files\rg-fysio.rtf
2005-11-30 19:34 . 2005-11-30 19:10 2249 ----a-w- c:\program files\totcare.rtf
2005-11-30 19:33 . 2005-11-30 19:10 8254 ----a-w- c:\program files\vw-prevm.rtf
2005-11-30 19:10 . 2005-11-30 19:10 9600 ----a-w- c:\program files\vw-zorgc.rtf
2005-11-30 19:10 . 2005-11-30 19:10 13151 ----a-w- c:\program files\collectf.rtf
2005-11-30 19:10 . 2005-11-30 19:10 12619 ----a-w- c:\program files\basisvrz.rtf
2005-11-29 21:12 . 2005-11-28 21:10 92150 ----a-w- c:\program files\polisvg.001
2005-11-29 21:12 . 2005-11-28 21:10 2640 ----a-w- c:\program files\polisvg.002
2005-11-29 21:12 . 2005-11-28 21:10 110081 ----a-w- c:\program files\polisvg.003
2005-11-29 21:12 . 2005-11-28 19:08 40472 ----a-w- c:\program files\zvw-faq.rtf
2005-11-29 21:12 . 2005-11-24 16:46 8179 ----a-w- c:\program files\dig-port.rtf
2005-11-28 19:08 . 2005-11-28 19:08 9899 ----a-w- c:\program files\aanbzvw1.rtf
2005-11-28 19:08 . 2005-11-28 19:08 9517 ----a-w- c:\program files\aanbzvw2.rtf
2005-11-28 19:08 . 2005-11-28 19:08 9328 ----a-w- c:\program files\aanbzvw4.rtf
2005-11-28 19:08 . 2005-11-28 19:08 8900 ----a-w- c:\program files\aanbzvw3.rtf
2005-11-28 19:08 . 2005-11-28 19:08 7226 ----a-w- c:\program files\aanbint1.rtf
2005-11-28 19:08 . 2005-11-28 19:08 6557 ----a-w- c:\program files\aanbint2.rtf
2005-11-28 19:08 . 2005-11-28 19:08 6248 ----a-w- c:\program files\aanbint4.rtf
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"nbj"=c:\program files\ahead\nero backitup\nbj.exe [2005-07-14 1961984]
"wmpnscfg"=c:\program files\windows media player\wmpnscfg.exe [2006-11-02 204288]
[hkey_current_user\software\microsoft\windows\currentversion\runonce]
"shockwave updater"=c:\windows\system32\adobe\shockwave 11\swhelper_1150595.exe [2009-03-19 460216]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"quicktime task"=c:\program files\quicktime\qttask.exe [2009-01-05 413696]
"ctsysvol"=c:\program files\creative\sb live! 24-bit\surround mixer\ctsysvol.exe [2003-09-17 57344]
"updreg"=c:\windows\updreg.exe [2000-05-10 90112]
"snelkoppeling naar eigenschappenvenster voor high definition audio"="hdaudpropshortcut.exe" [2004-03-17 61952]
"adobe reader speed launcher"=c:\program files\adobe\reader 9.0\reader\reader_sl.exe [2009-10-03 35696]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2009-09-04 935288]
"ccapp"=c:\program files\common files\symantec shared\ccapp.exe [2008-03-07 53096]
"symantec pif alerteng"=c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe [2008-01-29 583048]
"nmctxth"=c:\program files\common files\pure networks shared\platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=c:\program files\pure networks\network magic\nmapp.exe [2009-07-08 472112]
"nvmediacenter"=c:\windows\system32\nvmctray.dll [2009-11-20 110184]
"nvcpldaemon"=c:\windows\system32\nvcpl.dll [2009-11-20 12669544]
"sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2009-12-26 149280]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56f9679e-7826-4c84-81f3-532071a8bcc5}"= c:\program files\windows desktop search\msnlnamespacemgr.dll [2009-05-24 304128]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^gigaset wlan adapter monitor.lnk]
path=c:\documents and settings\all users\menu start\programma's\opstarten\gigaset wlan adapter monitor.lnk
backup=c:\windows\pss\gigaset wlan adapter monitor.lnkcommon startup
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^hp digital imaging monitor.lnk]
path=c:\documents and settings\all users\menu start\programma's\opstarten\hp digital imaging monitor.lnk
backup=c:\windows\pss\hp digital imaging monitor.lnkcommon startup
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^windows search.lnk]
path=c:\documents and settings\all users\menu start\programma's\opstarten\windows search.lnk
backup=c:\windows\pss\windows search.lnkcommon startup
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe photo downloader]
2007-03-22 13:09 63712 ----a-w- c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\hp software update]
2007-05-08 15:24 54840 ----a-w- c:\program files\hp\hp software update\hpwuschd2.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\nerocheck.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\shockwave updater]
[hkey_local_machine\software\microsoft\shared tools\msconfig\services]
"pnkbstrb"=2 (0x2)
"pnkbstra"=2 (0x2)
"avast! web scanner"=3 (0x3)
"avast! mail scanner"=3 (0x3)
"avast! antivirus"=2 (0x2)
"aswupdsv"=2 (0x2)
[hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqste08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpofxm08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hposfx08.exe=
c:\\program files\\hp\\digital imaging\\bin\\hposid01.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqscnvw.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqkygrp.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpqcopy.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpfccopy.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpzwiz01.exe=
c:\\program files\\hp\\digital imaging\\unload\\hpqphunl.exe=
c:\\program files\\hp\\digital imaging\\bin\\hpoews01.exe=
c:\\program files\\messenger\\msmsgs.exe=
c:\\windows\\system32\\dpnsvr.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\windows\\system32\\pnkbstra.exe=
c:\\windows\\system32\\pnkbstrb.exe=
c:\\documents and settings\\berends\\application data\\vusion\\warpvideostreamer.exe=
c:\\program files\\windows live\\messenger\\wlcsdk.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
r0 iteraid;iteraid_service_install;c:\windows\system32\drivers\iteraid.sys [18-8-2005 9:54 24971]
r3 bonifay;bonifay;c:\windows\system32\drivers\bonifay.sys [2-6-2007 14:53 12288]
r3 eraserutilrebootdrv;eraserutilrebootdrv;c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys [25-12-2009 10:13 102448]
s1 aswsp;avast! self protection; [x]
s2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswfsblk.sys [?]
s2 gupdate1c9acbb8959df00;google update service (gupdate1c9acbb8959df00);c:\program files\google\update\googleupdate.exe [24-3-2009 21:02 133104]
s3 adm8511;admtek adm8511/an986 usb to fast ethernet converter;c:\windows\system32\drivers\adm8511.sys [18-8-2005 8:51 20160]
s3 cbpmp50;cbpmp50 ndis protocol driver;c:\windows\system32\drivers\cbpmp50.sys --> c:\windows\system32\drivers\cbpmp50.sys [?]
s3 cbpsp50;cbpsp50 ndis protocol driver;c:\windows\system32\drivers\cbpsp50.sys [10-8-2008 16:12 27072]
s3 gonzales;gonzales;c:\windows\system32\drivers\gonzales.sys [2-6-2007 14:53 7040]
s3 nmwcdnsu;nokia usb flashing phone parent;c:\windows\system32\drivers\nmwcdnsu.sys [6-1-2009 20:16 138112]
s3 nmwcdnsuc;nokia usb flashing generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6-1-2009 20:16 8320]
s3 ntportio;ntportio;\??\c:\docume~1\berends\locals~1\temp\u\1214319406\ntportio.sys --> c:\docume~1\berends\locals~1\temp\u\1214319406\ntportio.sys [?]
s3 s115bus;sony ericsson device 115 driver (wdm);c:\windows\system32\drivers\s115bus.sys [4-8-2007 19:23 83208]
s3 s115mdfl;sony ericsson device 115 usb wmc modem filter;c:\windows\system32\drivers\s115mdfl.sys [4-8-2007 19:23 15112]
s3 s115mdm;sony ericsson device 115 usb wmc modem driver;c:\windows\system32\drivers\s115mdm.sys [4-8-2007 19:23 108680]
s3 s115mgmt;sony ericsson device 115 usb wmc device management drivers (wdm);c:\windows\system32\drivers\s115mgmt.sys [4-8-2007 19:24 100488]
s3 s115obex;sony ericsson device 115 usb wmc obex interface;c:\windows\system32\drivers\s115obex.sys [4-8-2007 19:24 98568]
s3 saih0464;saih0464;c:\windows\system32\drivers\saih0464.sys [20-8-2005 16:24 55808]
s3 upnpservice;upnpservice;c:\program files\common files\magix shared\upnpservice\upnpservice.exe [18-4-2009 13:10 544768]
s4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-3-2007 10:37 721904]
--- andere services/drivers in geheugen ---
*newlycreated* - comhost
.
------- bijkomende scan -------
.
ustart page = hxxp://www.google.nl/
usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
udefault_search_url = hxxp://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s
ie: &search
ie: add to google photos screensa&ver - c:\windows\system32\gphotos.scr/200
ie: e&xporteren naar microsoft excel - c:\progra~1\micros~2\office11\excel.exe/3000
ie: {{946b3e9e-e21a-49c8-9f63-900533fafe15} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc} -
ff - profilepath - c:\documents and settings\berends\application data\mozilla\firefox\profiles\k6gu0g6h.default\
ff - prefs.js: browser.startup.homepage - www.geenstijl.nl
ff - plugin: c:\documents and settings\berends\application data\mozilla\firefox\profiles\k6gu0g6h.default\extensions\warpvideo@vusion.com\platform\winnt_x86-msvc\plugins\npwarpvideoplugin.dll
ff - plugin: c:\documents and settings\berends\local settings\application data\unity\webplayer\loader\npunity3d32.dll
ff - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
ff - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
ff - plugin: c:\program files\google\picasa3\nppicasa3.dll
ff - plugin: c:\program files\google\update\1.2.183.13\npgoogleoneclick8.dll
ff - plugin: c:\program files\microsoft\office live\npolw.dll
ff - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
ff - hiddenextension: microsoft .net framework assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- firefox policies ----
ff - user.js: general.useragent.extra.zencast - .
- - - - orphans verwijderd - - - -
hklm-run-nwiz - nwiz.exe
addremove-electroairhockey - c:\program files\electrotank\electroairhockey\uninstall.exe
addremove-mirascanv3.20 - c:\windows\twain_32\mira3_20\uninst.isu
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2009-12-28 12:59
windows 5.1.2600 service pack 3 ntfs
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
[hkey_users\s-1-5-21-1078081533-1547161642-682003330-1004\software\microsoft\windows\currentversion\shell extensions\approved\{8b2fa9cc-8bea-1311-468b-cfc040e11f0b}*]
@allowed: (read) (restrictedcode)
@allowed: (read) (restrictedcode)
"abfikblfmhpnfhhemmgalhjcdbiglmfbji"=hex:61,61,00,00
"bbfikblfmhpnfhhemmjaclmdifmllmocjblj"=hex:61,61,00,00
[hkey_users\s-1-5-21-1078081533-1547161642-682003330-1004\software\securom\!caution! never a or change any key*]
"??"=hex:86,b4,b7,41,90,3e,36,5b,8d,9b,c6,27,d7,d0,6c,ef,0b,dd,14,76,3b,58,eb,
73,34,73,25,d0,53,f1,d1,29,84,3b,c0,30,db,32,18,08,85,1f,4a,9b,b6,1d,be,d6,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\•€|•€|•9~*]
"3140211900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
--------------------- dlls geladen onder lopende processen ---------------------
- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11res.dll
- - - - - - - > 'explorer.exe'(1644)
c:\progra~1\window~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ andere aktieve processen ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\common files\symantec shared\ccsetmgr.exe
c:\program files\common files\symantec shared\ccevtmgr.exe
c:\program files\common files\symantec shared\ccproxy.exe
c:\program files\common files\symantec shared\sndsrvc.exe
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
c:\windows\system32\acs.exe
c:\windows\system32\ctsvccda.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\norton internet security\norton antivirus\navapsvc.exe
c:\program files\symantec\liveupdate\aluschedulersvc.exe
c:\windows\system32\hpzipm12.exe
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\windows\system32\mspmspsv.exe
c:\program files\linksys\linksys wireless-g pci wireless network monitor\wlservice.exe
c:\program files\linksys\linksys wireless-g pci wireless network monitor\wmp54gv4.exe
c:\program files\windows media player\wmpnetwk.exe
c:\program files\common files\pure networks shared\platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\program files\common files\symantec shared\security console\nscsrvce.exe
c:\program files\messenger\msmsgs.exe
.
**************************************************************************
.
voltooingstijd: 2009-12-28 13:05:55 - machine werd herstart
combofix-quarantined-files.txt 2009-12-28 12:05
pre-run: 96.486.178.816 bytes beschikbaar
post-run: 96.892.579.840 bytes beschikbaar
current=6 default=6 failed=5 lastknowngood=7 sets=1,2,3,4,5,6,7
- - end of file - - fab17b2c9b641d2872516efeb0bd3102

[/hjt]
--- automatische edit ---
Heel erg bedankt volgens mij is alles weer in orde :D. Ik kon namelijk eerst ook niet via windows defragmenteren en het volume controleren op fouten. Ook start mbam nu op zonder dat ik mbam.exe in 54321.exe moet veranderen. Ook nog gescand met mbam en niks gevonden dus alles lijkt in orde! heel erg bedankt
 
Laatst bewerkt door een moderator:

Nieuwste berichten

Bovenaan Onderaan