Inhoud van lvn

19 september 2010

ok check! bedankt voor de hulp! topforum dit xD

19 september 2010

Nee ik heb geen meldingen meer. Ik heb ook een beetje gesurft en leek weer normaal allemaal en krijg ook die gerneric host 32 fail error niet meer. Weet je ook wat voor virus het was? hopelijk geen keylogger ofzo.

19 september 2010

ComboFix 10-09-17.04 - Louis 09/19/2010 15:53:19.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1583 [GMT 2:00]

Gestart vanuit: d:\documenten en settings\Louis\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: d:\documenten en settings\Louis\Bureaublad\CFScript.txt

AV: McAfee Antivirus en antispyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"c:\windows\system32\drivers\qgjwzqq.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\qgjwzqq.sys

d:\documenten en settings\Louis\Application Data\etxaqjblq

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_qgjwzqq

-------\Service_qgjwzqq

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-19 to 2010-09-19 ))))))))))))))))))))))))))))))

.

2010-09-18 12:47 . 2010-09-18 12:47 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-18 12:17 . 2001-09-06 19:26 144384 -c--a-w- c:\windows\system32\dllcache\avmenum.dll

2010-09-18 12:16 . 2001-08-17 18:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys

2010-09-18 08:37 . 2010-09-18 08:37 -------- d-----w- d:\documenten en settings\Tum\Application Data\ArcSoft

2010-09-17 17:49 . 2010-09-17 17:49 503808 ----a-w- d:\documenten en settings\Tum\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-232cb9f5-n\msvcp71.dll

2010-09-17 17:49 . 2010-09-17 17:49 499712 ----a-w- d:\documenten en settings\Tum\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-232cb9f5-n\jmc.dll

2010-09-17 17:49 . 2010-09-17 17:49 61440 ----a-w- d:\documenten en settings\Tum\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-520146cc-n\decora-sse.dll

2010-09-17 17:49 . 2010-09-17 17:49 348160 ----a-w- d:\documenten en settings\Tum\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-232cb9f5-n\msvcr71.dll

2010-09-17 17:49 . 2010-09-17 17:49 12800 ----a-w- d:\documenten en settings\Tum\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-520146cc-n\decora-d3d.dll

2010-09-17 17:49 . 2010-09-17 17:49 -------- d-----w- c:\program files\Common Files\Java

2010-09-17 17:49 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-17 17:26 . 2010-09-17 17:26 -------- d-----w- d:\documenten en settings\Tum\Application Data\Hewlett-Packard

2010-09-16 06:34 . 2010-09-16 06:34 -------- d-s---w- d:\documenten en settings\Tineke\UserData

2010-09-14 17:34 . 2010-09-14 17:34 -------- d-s---w- d:\documenten en settings\LocalService\UserData

2010-09-14 02:09 . 2010-09-14 02:10 -------- d-----w- d:\documenten en settings\Tum\Local Settings\Application Data\CutePDF Writer

2010-09-07 18:48 . 2010-09-07 18:48 -------- d-----w- d:\documenten en settings\Janine\Local Settings\Application Data\Mozilla

2010-09-07 18:48 . 2010-09-07 18:48 -------- d-----w- d:\documenten en settings\Janine\Application Data\Share-to-Web Upload Folder

2010-09-01 23:00 . 2010-09-01 23:00 -------- d-s---w- d:\documenten en settings\Tum\UserData

2010-08-24 00:09 . 2010-08-24 00:09 -------- d-----w- d:\documenten en settings\All Users\Application Data\SSScanAppDataDir

2010-08-24 00:08 . 2010-08-24 00:08 -------- d-----w- d:\documenten en settings\All Users\Application Data\MSScanAppDataDir

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 12:47 . 2010-01-06 14:25 -------- d-----w- d:\documenten en settings\Louis\Application Data\HPAppData

2010-09-17 17:48 . 2010-01-11 17:44 -------- d-----w- c:\program files\Java

2010-09-10 22:14 . 2010-01-07 20:31 -------- d-----w- d:\documenten en settings\Louis\Application Data\uTorrent

2010-08-23 23:59 . 2010-01-06 13:55 169360 ----a-w- c:\windows\hpoins38.dat

2010-08-18 00:48 . 2010-08-18 00:48 -------- d-----w- d:\documenten en settings\Tineke\Application Data\Share-to-Web Upload Folder

2010-08-14 07:34 . 2010-01-10 22:04 -------- d-----w- d:\documenten en settings\Louis\Application Data\Audacity

2010-08-12 20:09 . 2010-01-07 20:41 -------- d-----w- d:\documenten en settings\Louis\Application Data\Media Player Classic

2010-08-12 06:18 . 2010-01-06 10:34 88000 ----a-w- c:\windows\system32\perfc013.dat

2010-08-12 06:18 . 2010-01-06 10:34 503386 ----a-w- c:\windows\system32\perfh013.dat

2010-08-11 06:12 . 2010-08-11 06:12 -------- d-----w- d:\documenten en settings\Louis\Application Data\Malwarebytes

2010-08-11 06:11 . 2010-08-11 06:11 -------- d-----w- d:\documenten en settings\All Users\Application Data\Malwarebytes

2010-08-11 00:41 . 2010-08-11 00:41 -------- d-----w- d:\documenten en settings\LocalService\Application Data\HPAppData

2010-08-09 18:41 . 2010-08-09 18:40 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-31 08:53 . 2010-07-31 08:53 -------- d-----w- d:\documenten en settings\All Users\Application Data\hps

2010-07-31 08:51 . 2010-07-31 08:51 -------- d-----w- c:\program files\TNT Post Fotoservice

2010-07-20 00:02 . 2010-07-20 00:02 536 ---ha-w- C:\hpothb07.dat

2010-07-19 23:47 . 2010-07-19 23:47 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

.

((((((((((((((((((((((((((((( SnapShot@2010-09-19_13.02.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-19 14:03 . 2010-09-19 14:03 16384 c:\windows\Temp\Perflib_Perfdata_740.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="d:\documenten en settings\Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-06 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]

"SetIcon"="c:\program files\Icons\SetIcon.exe" [2002-08-22 39936]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/28/2010 2:40 AM 82952]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/8/2010 4:16 PM 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/28/2010 2:40 AM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/28/2010 2:40 AM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/28/2010 2:40 AM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/28/2010 2:40 AM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/28/2010 2:40 AM 55456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/28/2010 2:40 AM 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/28/2010 2:40 AM 88480]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/28/2010 2:40 AM 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/28/2010 2:40 AM 83496]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2010 3:44 PM 691696]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-838170752-682003330-1005Core.job

- d:\documenten en settings\Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-06 16:19]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-838170752-682003330-1005UA.job

- d:\documenten en settings\Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-06 16:19]

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - d:\documenten en settings\Louis\Application Data\Mozilla\Firefox\Profiles\4vu765p9.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documenten en settings\Louis\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1020)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2532)

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

d:\program files\Adobe\Reader 9.0\Reader\viewerps.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\wscntfy.exe

d:\documenten en settings\Louis\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-19 16:07:38 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-19 14:07

ComboFix2.txt 2010-09-19 13:08

Pre-Run: 5,220,691,968 bytes beschikbaar

Post-Run: 5,206,761,472 bytes beschikbaar

- - End Of File - - 908CEE7073D60198F2577D11F054619A

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:09:27 PM, on 9/19/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\ComboFix\CF16909.cfxxe

C:\ComboFix\mbr.cfxxe

C:\WINDOWS\system32\wscntfy.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Icons\SetIcon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Documenten en Settings\Louis\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

D:\Documenten en Settings\Louis\Mijn documenten\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517093351.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\SetIcon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Google Update] "D:\Documenten en Settings\Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262784382843

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 8502 bytes

19 september 2010

De hijackthis bewerking lukte niet (bestandje kwam weer terug bij nieuwe scans). Hier is het combofix logje

[ATTACH]6680[/ATTACH]

log.txt

18 september 2010

Hi

Er zit een virus op de pc die volgens mij onder andere driver heeft verwijdert. Ik kreeg eerst de melding dat generic host 32 ermee ophield. Na een reboot deed ook de videokaart driver het niet meer. En toen ik de browser opstartte ging die ineens naar een website die ik helemaal niet in had getypt. Een tijdje terug had ik last van antimalware doctor heb ik verwijdert met hulp van dit forum maar misschien is er toch iets achter gebleven. Anyway hier een hijackthis logje.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:25:33 PM, on 9/18/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Icons\SetIcon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\ctfmon.exe