Bedankt voor de snelle reactie.
Allereerst de Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:03, on 22-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5296 bytes
En de log van Combofix:
ComboFix 09-02-21.01 - Sietse 2009-02-22 13:32:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2047.1612 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Sietse\Bureaublad\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\autorun.inf
I:\resycled
J:\resycled
j:\resycled\boot.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))
.
2009-02-22 13:24 . 2009-02-22 13:24 <DIR> d-------- c:\program files\Trend Micro
2009-02-22 13:12 . 2009-02-22 13:12 <DIR> d-------- c:\windows\LastGood.Tmp
2009-02-22 13:09 . 2009-02-22 13:09 <DIR> d-------- c:\windows\system32\nl
2009-02-22 13:09 . 2009-02-22 13:09 <DIR> d-------- c:\windows\system32\bits
2009-02-22 13:09 . 2009-02-22 13:09 <DIR> d-------- c:\windows\l2schemas
2009-02-22 13:06 . 2009-02-22 13:09 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-22 13:02 . 2009-02-22 13:02 <DIR> d-------- c:\windows\EHome
2009-02-22 12:23 . 2009-02-22 12:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 12:23 . 2009-02-22 12:23 <DIR> d-------- c:\documents and settings\Sietse\Application Data\Malwarebytes
2009-02-22 12:23 . 2009-02-22 12:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 12:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 12:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 12:09 . 2009-02-22 12:09 13,646 --a------ c:\windows\system32\wpa.bak
2009-02-22 12:07 . 2001-08-17 22:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-02-22 12:06 . 2008-04-14 17:34 58,112 --a------ c:\windows\system32\drivers\redbook.sys
2009-02-22 12:06 . 2008-04-14 18:02 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-22 12:05 . 2008-04-14 18:02 76,288 --a------ c:\windows\system32\usbui.dll
2009-02-22 12:04 . 2009-02-22 11:10 <DIR> d--h----- c:\documents and settings\Default User\Sjablonen
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d--h----- c:\documents and settings\Default User\Onlangs geopend
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d--h----- c:\documents and settings\Default User\Netwerkprinteromgeving
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d-------- c:\documents and settings\Default User\Mijn documenten
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> dr------- c:\documents and settings\Default User\Menu Start
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d-------- c:\documents and settings\Default User\Favorieten
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d-------- c:\documents and settings\Default User\Bureaublad
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d--h----- c:\documents and settings\All Users\Sjablonen
2009-02-22 12:04 . 2009-02-22 13:09 <DIR> dr------- c:\documents and settings\All Users\Menu Start
2009-02-22 12:04 . 2009-02-22 12:04 <DIR> d-------- c:\documents and settings\All Users\Favorieten
2009-02-22 12:04 . 2009-02-22 11:11 <DIR> dr------- c:\documents and settings\All Users\Documenten
2009-02-22 12:04 . 2009-02-22 12:23 <DIR> d-------- c:\documents and settings\All Users\Bureaublad
2009-02-22 12:03 . 2006-03-02 13:00 14,573 -ra------ c:\windows\SET21.tmp
2009-02-22 12:01 . 2009-02-22 13:21 <DIR> d--h----- c:\documents and settings\Default User
2009-02-22 12:01 . 2009-02-22 11:13 <DIR> d-------- c:\documents and settings\All Users
2009-02-22 12:01 . 2009-02-22 11:16 <DIR> d-------- C:\Documents and Settings
2009-02-22 12:01 . 2009-02-22 11:15 261 --a------ c:\windows\system32\$winnt$.inf
2009-02-22 12:00 . 2009-02-22 13:09 <DIR> d-------- c:\windows\system32\nl-nl
2009-02-22 12:00 . 2008-12-21 00:03 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-22 12:00 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-22 12:00 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-22 12:00 . 2008-12-21 00:03 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-22 12:00 . 2008-12-21 00:03 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-22 12:00 . 2008-12-21 00:03 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-22 12:00 . 2008-12-21 00:03 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-22 12:00 . 2008-12-21 00:03 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-22 12:00 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 11:03 --------- d-----w c:\program files\NOS
2009-02-22 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-22 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-22 10:49 --------- d-----w c:\program files\MSBuild
2009-02-22 10:49 --------- d-----w c:\program files\Microsoft Works
2009-02-22 10:46 --------- d-----w c:\program files\Common Files\Adobe
2009-02-22 10:34 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-22 10:34 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-02-22 10:34 35,888 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-02-22 10:34 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-22 10:34 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-22 10:34 --------- d-----w c:\program files\Windows Sidebar
2009-02-22 10:34 --------- d-----w c:\program files\Symantec
2009-02-22 10:34 --------- d-----w c:\program files\Norton Internet Security
2009-02-22 10:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-22 10:34 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-22 10:33 --------- d-----w c:\program files\NortonInstaller
2009-02-22 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-22 10:27 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-22 10:27 --------- d-----w c:\program files\Java
2009-02-22 10:26 --------- d-----w c:\program files\Intel
2009-02-22 10:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 10:25 --------- d-----w c:\program files\Realtek
2009-02-22 10:24 315,392 ----a-w c:\windows\HideWin.exe
2009-02-22 10:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-22 10:14 --------- d-----w c:\program files\microsoft frontpage
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-02-22 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-02-22 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-02-22 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090217.002\IDSxpx86.sys [2009-02-22 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-02-22 115560]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 13:33:04
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Voltooingstijd: 2009-02-22 13:33:43
ComboFix-quarantined-files.txt 2009-02-22 12:33:41
Pre-Run: 311.060.131.840 bytes beschikbaar
Post-Run: 311,128,432,640 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
151 --- E O F --- 2009-02-22 12:13:47
Ik kan nu weer direct bij mijn mp3 speler. Weet niet of ik die logjes dan nog moet posten? Doe het toch maar voor de zekerheid. Hartstikke bedankt iig!
