Archief - Foutmelding 80040154 bij WLM

Dit is mijn hijackthis log als het goed is
Ik begrijp echt niet waarom ik deze foutmelding krijg het is pas sinds vandaag.
Zou iemand mij Aub kunne helpen.?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:57:16, on 12-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ERDNT\cache\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Windows programs
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Windows programs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Windows programs
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP0.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Welcome to www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System
O1 - Hosts: 74.125.45.100 getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.com
O1 - Hosts: 67.212.189.117 google.com.au
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.be
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.com.br
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ca
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ch
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.de
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.dk
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.fr
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ie
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.it
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.jp
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.nl
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.no
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.nz
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.pl
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.se
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.uk
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.za
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 Google Analytics | Official Website
O1 - Hosts: 67.212.189.117 Bing
O1 - Hosts: 67.212.189.117 search.yahoo.com
O1 - Hosts: 67.212.189.117 Yahoo! Search - Web Search
O1 - Hosts: 67.212.189.117 uk.search.yahoo.com
O1 - Hosts: 67.212.189.117 ca.search.yahoo.com
O1 - Hosts: 67.212.189.117 de.search.yahoo.com
O1 - Hosts: 67.212.189.117 fr.search.yahoo.com
O1 - Hosts: 67.212.189.117 au.search.yahoo.com
O1 - Hosts: 67.212.189.117 YouTube - Broadcast Yourself.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {3F53037B-B942-4E25-8CB5-A72F249B28ED} - (no file)
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 12270 bytes

Voer de volgende acties eerst uit:
Download HostsXpert en unzip HostsXpert naar een eigen map,
bijvoorbeeld C:\HostsXpert.

Start HostsXpert.exe

klik "restore microsoft's hosts files"

Sluit daarna het programma af.

LET OP: Startup/exefile [msnmsgr] msnmsgr.exe komt meerdere keren voor bij CC of op onbekende directory

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O1 - Hosts: 74.125.45.100 Welcome to Welcome to www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System
O1 - Hosts: 74.125.45.100 getavplusnow.com
O1 - Hosts: 74.125.45.100 securesoftwarebill.com
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.com
O1 - Hosts: 67.212.189.117 google.com.au
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.be
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.com.br
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ca
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ch
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.de
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.dk
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.fr
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ie
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.it
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.jp
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.nl
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.no
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.nz
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.pl
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.se
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.uk
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.za
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 Google Analytics | Official Website
O1 - Hosts: 67.212.189.117 Bing
O1 - Hosts: 67.212.189.117 search.yahoo.com
O1 - Hosts: 67.212.189.117 Yahoo! Search - Web Search
O1 - Hosts: 67.212.189.117 uk.search.yahoo.com
O1 - Hosts: 67.212.189.117 ca.search.yahoo.com
O1 - Hosts: 67.212.189.117 de.search.yahoo.com
O1 - Hosts: 67.212.189.117 fr.search.yahoo.com
O1 - Hosts: 67.212.189.117 au.search.yahoo.com
O1 - Hosts: 67.212.189.117 YouTube - Broadcast Yourself.
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {3F53037B-B942-4E25-8CB5-A72F249B28ED} - (no file)
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.



Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware
• Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
• Ga naar het tabblad "Updates" en Update MBAM.
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
• Druk vervolgens op "Scannen" om de scan te starten.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.

Het log wordt automatisch bewaard door MalwareBytes Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Hallo ik heb dit allemaal gedaan
maar ik krijg nog steeds dezelfde foutmelding??

ik weet niet of het komt door hotsexpert maar ik kan die niet openen
het iseen gecomprimerde map wat moet ik daar aan doen.

Staat bij de uitleg hoor.

en unzip HostsXpert naar een eigen map, daarbij zeg je alles gedaan te hebben maar ze zet geen uitslagen neer, hoe kan ik je dan verder helpen.

Graag dus een Mbam uitslag en een nieuw HijackThis logje aub.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Databaseversie: 5121

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15-11-2010 21:56:22
mbam-log-2010-11-15 (21-56-22).txt

Scantype: Snelle scan
Objecten gescand: 142938
Verstreken tijd: 8 minuut/minuten, 40 seconde

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 14
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 4
Bestanden geïnfecteerd: 7

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
C:\Documents and Settings\van veen\Application Data\C-76947-8457-2745 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Hijackthis logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:06:11, on 21-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\ERDNT\cache\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Windows programs
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Windows programs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Windows programs
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP0.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Welcome to www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System
O1 - Hosts: 74.125.45.100 getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.com
O1 - Hosts: 67.212.189.117 google.com.au
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.be
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.com.br
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ca
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ch
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.de
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.dk
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.fr
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.ie
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.it
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.jp
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.nl
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.no
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.nz
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.pl
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.se
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.uk
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 google.co.za
O1 - Hosts: 67.212.189.117 Google
O1 - Hosts: 67.212.189.117 Google Analytics | Official Website
O1 - Hosts: 67.212.189.117 Bing
O1 - Hosts: 67.212.189.117 search.yahoo.com
O1 - Hosts: 67.212.189.117 Yahoo! Search - Web Search
O1 - Hosts: 67.212.189.117 uk.search.yahoo.com
O1 - Hosts: 67.212.189.117 ca.search.yahoo.com
O1 - Hosts: 67.212.189.117 de.search.yahoo.com
O1 - Hosts: 67.212.189.117 fr.search.yahoo.com
O1 - Hosts: 67.212.189.117 au.search.yahoo.com
O1 - Hosts: 67.212.189.117 YouTube - Broadcast Yourself.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP0.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 11064 bytes


Groetjess

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

hallo ik denk dat dit is wat je bedoeld

ComboFix 10-11-21.02 - van veen 22-11-2010 18:26:34.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.287 [GMT 1:00]
Gestart vanuit: c:\documents and settings\van veen\Bureaublad\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenten\Server\admin.txt
c:\documents and settings\All Users\Documenten\Server\server.dat
c:\documents and settings\van veen\Application Data\Smart Engine
c:\documents and settings\van veen\Application Data\Smart Engine\cookies.sqlite
c:\documents and settings\van veen\Mijn documenten\Internet Explorer.lnk
c:\windows\system32\system
c:\windows\system32\Thumbs.db
.
---- Voorgaande Run -------
.
c:\windows\system32\afiuabf.dll

Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ERDNT\cache\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OIWQMHQQ
-------\Service_oiwqmhqq
-------\Legacy_SSHNAS


(((((((((((((((((((( Bestanden Gemaakt van 2010-10-22 to 2010-11-22 ))))))))))))))))))))))))))))))
.

2010-12-02 12:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:52 . 2010-11-30 09:52 -------- d-----w- c:\documents and settings\Gast\Application Data\AVG9
2010-11-20 12:49 . 2010-11-20 13:06 -------- d-----w- c:\documents and settings\van veen\Application Data\Mp3Tube Toolbar
2010-11-15 20:22 . 2010-11-15 20:22 -------- d-----w- c:\documents and settings\van veen\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 23:39 . 2010-11-21 01:26 -------- d--h--r- c:\documents and settings\van veen\Onlangs geopend
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Conduit
2010-11-12 16:20 . 2010-11-12 16:20 -------- d-----w- c:\documents and settings\van veen\Application Data\GlarySoft
2010-11-12 00:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-12 00:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-12 00:20 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-12 00:20 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-12 00:20 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-12 00:20 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-12 00:20 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:20 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\program files\Alwil Software
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 00:02 . 2010-11-12 00:02 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\PackageAware
2010-11-11 22:51 . 2010-11-11 22:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-11 10:10 . 2010-11-11 10:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 10:07 . 2010-11-12 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\abe1cb
2010-11-11 10:07 . 2010-11-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SMBHWHOYXRE
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\van veen\Application Data\Sammsoft
2010-11-11 09:27 . 2010-11-11 10:07 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft
2010-11-10 19:40 . 2010-11-10 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 17:12 . 2010-11-10 22:25 -------- d-----w- c:\documents and settings\van veen\Application Data\GetRightToGo
2010-11-09 16:21 . 2010-11-10 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-11-09 11:37 . 2010-11-09 11:39 -------- d-----w- c:\documents and settings\van veen\Application Data\Fighters
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-08 23:51 . 2010-11-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-08 20:16 . 2010-11-11 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 21:27 . 2008-04-14 20:33 510464 ----a-w- c:\windows\system32\winlogon(2).exe
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 20:32 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 20:32 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-09-07 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-13 10:44 . 2010-09-13 10:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 10:44 . 2010-09-13 10:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 13:35 . 2008-05-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:35 . 2008-05-05 20:32 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:35 . 2008-05-05 20:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:35 . 2008-05-05 20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:58 . 2008-05-05 20:32 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 20:30 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 20:05 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 20:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:55 . 2008-04-14 20:32 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[7] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2009-07-11 . A61F29AE9E7F1FD2EFB9F91F5461A7EB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\explorer.exe ... is niet aanwezig !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\PHPNukeDU\tbPHP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]
"{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-11-2010 1:21 165584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/17 18:29];c:\program files\CyberLink\PowerDVD9\000.fcl [7-5-2009 21:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-11-2010 1:21 17744]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17-4-2010 16:55 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://dutch.ircfast2.com/nl/index.php?rvs=hompag/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{46897C77-E7A6-4C33-BFFB-E9C2E2718942} - (no file)
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-22 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Voltooingstijd: 2010-11-22 18:38:43 - machine werd herstart
ComboFix-quarantined-files.txt 2010-11-22 17:38

Pre-Run: 9.387.085.824 bytes beschikbaar
Post-Run: 9.541.369.856 bytes beschikbaar

- - End Of File - - 0FBA7F33EC5CEFD41EB264D257360B58



Kan ik nu gewoon combofix weer verwijderen en mijn virusscan terug aan zetten

Download dit en pak het uit en sla het op in je root > C:\files\

http://www.malwareinfo.nl/files/Files.rar

Open een kladblok kopieer en plak de onderstaande code:


Sla dit op op je Bureaublad als CFScript.txt.


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :


Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

he

ComboFix 10-11-24.01 - van veen 24-11-2010 22:28:09.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.296 [GMT 1:00]
Gestart vanuit: c:\documents and settings\van veen\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\van veen\Bureaublad\CFScript.txt..txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-24 to 2010-11-24 ))))))))))))))))))))))))))))))
.

2010-12-02 12:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:52 . 2010-11-30 09:52 -------- d-----w- c:\documents and settings\Gast\Application Data\AVG9
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Application Data\BabylonToolbar
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\program files\FoxTabVideo2Mp3Converter
2010-11-24 19:57 . 2010-11-24 21:10 -------- d-----w- c:\program files\Babylon
2010-11-20 12:49 . 2010-11-20 13:06 -------- d-----w- c:\documents and settings\van veen\Application Data\Mp3Tube Toolbar
2010-11-15 20:22 . 2010-11-15 20:22 -------- d-----w- c:\documents and settings\van veen\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 20:21 . 2010-11-24 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 23:39 . 2010-11-24 21:23 -------- d--h--r- c:\documents and settings\van veen\Onlangs geopend
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\CCleaner
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Softonic-Eng7
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\WMTools Downloaded Files
2010-11-12 22:56 . 2010-11-12 22:56 388096 ----a-r- c:\documents and settings\van veen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 22:33 . 2010-11-12 22:33 -------- d-----w- c:\program files\Trend Micro
2010-11-12 21:16 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\DriverCure
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\ParetoLogic
2010-11-12 18:24 . 2010-11-12 21:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 18:20 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Conduit
2010-11-12 16:20 . 2010-11-12 16:20 -------- d-----w- c:\documents and settings\van veen\Application Data\GlarySoft
2010-11-12 00:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-12 00:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-12 00:20 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-12 00:20 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-12 00:20 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-12 00:20 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-12 00:20 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:20 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\program files\Alwil Software
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 00:02 . 2010-11-12 00:02 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\PackageAware
2010-11-11 22:51 . 2010-11-11 22:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-11 10:10 . 2010-11-11 10:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 10:07 . 2010-11-12 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\abe1cb
2010-11-11 10:07 . 2010-11-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SMBHWHOYXRE
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\van veen\Application Data\Sammsoft
2010-11-11 09:27 . 2010-11-11 10:07 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft
2010-11-10 19:40 . 2010-11-10 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 17:12 . 2010-11-10 22:25 -------- d-----w- c:\documents and settings\van veen\Application Data\GetRightToGo
2010-11-09 16:21 . 2010-11-10 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-11-09 11:37 . 2010-11-09 11:39 -------- d-----w- c:\documents and settings\van veen\Application Data\Fighters
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-08 23:51 . 2010-11-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-08 20:16 . 2010-11-11 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 21:27 . 2008-04-14 20:33 510464 ----a-w- c:\windows\system32\winlogon(2).exe
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 20:32 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 20:32 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-09-07 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-13 10:44 . 2010-09-13 10:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 10:44 . 2010-09-13 10:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 13:35 . 2008-05-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:35 . 2008-05-05 20:32 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:35 . 2008-05-05 20:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:35 . 2008-05-05 20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:58 . 2008-05-05 20:32 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 20:30 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 20:05 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 20:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:55 . 2008-04-14 20:32 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

------- Sigcheck -------

[7] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2009-07-11 . A61F29AE9E7F1FD2EFB9F91F5461A7EB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\explorer.exe ... is niet aanwezig !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-11-2010 1:21 165584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/17 18:29];c:\program files\CyberLink\PowerDVD9\000.fcl [7-5-2009 21:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-11-2010 1:21 17744]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17-4-2010 16:55 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://dutch.ircfast2.com/nl/index.php?rvs=hompag/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-24 22:32
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Voltooingstijd: 2010-11-24 22:35:19
ComboFix-quarantined-files.txt 2010-11-24 21:35
ComboFix2.txt 2010-11-22 17:38

Pre-Run: 15.630.217.216 bytes beschikbaar
Post-Run: 15.707.271.168 bytes beschikbaar

- - End Of File - - E832D73C953A47AB0092F6D174F4ABC2

Even wat navragen/zoeken.

**Hosts bestand herstellen**

1. Start Malwarebytes en klik op tabblad Meer functies tab
Klik hier op Fileassasin starten
Daarna zal een nieuw venster openen
Kopieer en plak het volgende in het veld bij bestandsnaam :

C:\WINDOWS\system32\drivers\etc\hosts

Klik daarna op openen en kies voor JA om het Hosts bestand te verwijderen.


2. Download HostsXpert
Unzip het programma naar je Bureaublad.
Open de map en dubbelklik op Hoster.exe
Klik op "Restore Microsofts Original Hosts File"
Klik op "OK" en sluit het programma.

Verwijder nu eerst HANDMATIG combofix en start daarna opnieuw op.
Download combofix opnieuw volgens de al eerder gegeven richtlijnen en voer een nieuwe scan uit. Plaats de uitslag samen met een nieuw HijackThis logje aub.

hallo dit isde combofix log

ComboFix 10-11-24.04 - van veen 25-11-2010 12:32:27.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.284 [GMT 1:00]
Gestart vanuit: c:\documents and settings\van veen\Bureaublad\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-25 to 2010-11-25 ))))))))))))))))))))))))))))))
.

2010-12-02 12:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:52 . 2010-11-30 09:52 -------- d-----w- c:\documents and settings\Gast\Application Data\AVG9
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Application Data\BabylonToolbar
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\program files\FoxTabVideo2Mp3Converter
2010-11-24 19:57 . 2010-11-24 21:10 -------- d-----w- c:\program files\Babylon
2010-11-20 12:49 . 2010-11-20 13:06 -------- d-----w- c:\documents and settings\van veen\Application Data\Mp3Tube Toolbar
2010-11-15 20:22 . 2010-11-15 20:22 -------- d-----w- c:\documents and settings\van veen\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 20:21 . 2010-11-24 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 23:39 . 2010-11-25 11:15 -------- d--h--r- c:\documents and settings\van veen\Onlangs geopend
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\CCleaner
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Softonic-Eng7
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\WMTools Downloaded Files
2010-11-12 22:56 . 2010-11-12 22:56 388096 ----a-r- c:\documents and settings\van veen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 22:33 . 2010-11-12 22:33 -------- d-----w- c:\program files\Trend Micro
2010-11-12 21:16 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\DriverCure
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\ParetoLogic
2010-11-12 18:24 . 2010-11-12 21:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 18:20 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Conduit
2010-11-12 16:20 . 2010-11-12 16:20 -------- d-----w- c:\documents and settings\van veen\Application Data\GlarySoft
2010-11-12 00:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-12 00:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-12 00:20 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-12 00:20 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-12 00:20 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-12 00:20 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-12 00:20 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:20 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\program files\Alwil Software
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 00:02 . 2010-11-12 00:02 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\PackageAware
2010-11-11 22:51 . 2010-11-11 22:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-11 10:10 . 2010-11-11 10:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 10:07 . 2010-11-12 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\abe1cb
2010-11-11 10:07 . 2010-11-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SMBHWHOYXRE
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\van veen\Application Data\Sammsoft
2010-11-11 09:27 . 2010-11-11 10:07 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft
2010-11-10 19:40 . 2010-11-10 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 17:12 . 2010-11-10 22:25 -------- d-----w- c:\documents and settings\van veen\Application Data\GetRightToGo
2010-11-09 16:21 . 2010-11-10 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-11-09 11:37 . 2010-11-09 11:39 -------- d-----w- c:\documents and settings\van veen\Application Data\Fighters
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-08 23:51 . 2010-11-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-08 20:16 . 2010-11-11 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 21:27 . 2008-04-14 20:33 510464 ----a-w- c:\windows\system32\winlogon(2).exe
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 20:32 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 20:32 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-09-07 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-13 10:44 . 2010-09-13 10:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 10:44 . 2010-09-13 10:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 13:35 . 2008-05-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:35 . 2008-05-05 20:32 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:35 . 2008-05-05 20:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:35 . 2008-05-05 20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:58 . 2008-05-05 20:32 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 20:30 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 20:05 1852928 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2009-07-11 . A61F29AE9E7F1FD2EFB9F91F5461A7EB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\explorer.exe ... is niet aanwezig !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-24_21.33.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-25 11:20 . 2010-11-25 11:20 16384 c:\windows\temp\Perflib_Perfdata_18c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-11-2010 1:21 165584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/17 18:29];c:\program files\CyberLink\PowerDVD9\000.fcl [7-5-2009 21:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-11-2010 1:21 17744]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17-4-2010 16:55 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://dutch.ircfast2.com/nl/index.php?rvs=hompag/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-25 12:37
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Voltooingstijd: 2010-11-25 12:39:17
ComboFix-quarantined-files.txt 2010-11-25 11:39
ComboFix2.txt 2010-11-24 21:35
ComboFix3.txt 2010-11-22 17:38

Pre-Run: 8.308.510.720 bytes beschikbaar
Post-Run: 8.307.605.504 bytes beschikbaar

- - End Of File - - D001A33083A6D1A6BCA8426781D8B52F

en dit is de HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:38, on 25-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\ERDNT\cache\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Windows programs
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7361 bytes

Download dit en pak het uit en sla het op in je root > C:\files\

http://www.malwareinfo.nl/files/Files.rar

Open een kladblok kopieer en plak de onderstaande code:


Sla dit op op je Bureaublad als CFScript.txt.


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :


Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

ComboFix 10-11-25.05 - van veen 26-11-2010 15:49:15.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.310 [GMT 1:00]
Gestart vanuit: c:\documents and settings\van veen\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\van veen\Bureaublad\CFScript.gif
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-26 to 2010-11-26 ))))))))))))))))))))))))))))))
.

2010-12-02 12:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:52 . 2010-11-30 09:52 -------- d-----w- c:\documents and settings\Gast\Application Data\AVG9
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Application Data\BabylonToolbar
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\program files\FoxTabVideo2Mp3Converter
2010-11-24 19:57 . 2010-11-24 21:10 -------- d-----w- c:\program files\Babylon
2010-11-20 12:49 . 2010-11-20 13:06 -------- d-----w- c:\documents and settings\van veen\Application Data\Mp3Tube Toolbar
2010-11-15 20:22 . 2010-11-15 20:22 -------- d-----w- c:\documents and settings\van veen\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 20:21 . 2010-11-24 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 23:39 . 2010-11-26 14:45 -------- d--h--r- c:\documents and settings\van veen\Onlangs geopend
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\CCleaner
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Softonic-Eng7
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\WMTools Downloaded Files
2010-11-12 22:56 . 2010-11-12 22:56 388096 ----a-r- c:\documents and settings\van veen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 22:33 . 2010-11-12 22:33 -------- d-----w- c:\program files\Trend Micro
2010-11-12 21:16 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\DriverCure
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\ParetoLogic
2010-11-12 18:24 . 2010-11-12 21:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 18:20 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Conduit
2010-11-12 16:20 . 2010-11-12 16:20 -------- d-----w- c:\documents and settings\van veen\Application Data\GlarySoft
2010-11-12 00:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-12 00:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-12 00:20 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-12 00:20 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-12 00:20 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-12 00:20 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-12 00:20 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:20 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\program files\Alwil Software
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 00:02 . 2010-11-12 00:02 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\PackageAware
2010-11-11 22:51 . 2010-11-11 22:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-11 10:10 . 2010-11-11 10:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 10:07 . 2010-11-12 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\abe1cb
2010-11-11 10:07 . 2010-11-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SMBHWHOYXRE
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\van veen\Application Data\Sammsoft
2010-11-11 09:27 . 2010-11-11 10:07 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft
2010-11-10 19:40 . 2010-11-10 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 17:12 . 2010-11-10 22:25 -------- d-----w- c:\documents and settings\van veen\Application Data\GetRightToGo
2010-11-09 16:21 . 2010-11-10 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-11-09 11:37 . 2010-11-09 11:39 -------- d-----w- c:\documents and settings\van veen\Application Data\Fighters
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-08 23:51 . 2010-11-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-08 20:16 . 2010-11-11 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 21:27 . 2008-04-14 20:33 510464 ----a-w- c:\windows\system32\winlogon(2).exe
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 20:32 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 20:32 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-09-07 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-13 10:44 . 2010-09-13 10:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 10:44 . 2010-09-13 10:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 13:35 . 2008-05-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:35 . 2008-05-05 20:32 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:35 . 2008-05-05 20:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:35 . 2008-05-05 20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:58 . 2008-05-05 20:32 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 20:30 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 20:05 1852928 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2009-07-11 . A61F29AE9E7F1FD2EFB9F91F5461A7EB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\explorer.exe ... is niet aanwezig !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-24_21.33.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-26 07:07 . 2010-11-26 07:07 16384 c:\windows\temp\Perflib_Perfdata_14c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-11-2010 1:21 165584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/17 18:29];c:\program files\CyberLink\PowerDVD9\000.fcl [7-5-2009 21:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-11-2010 1:21 17744]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17-4-2010 16:55 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://dutch.ircfast2.com/nl/index.php?rvs=hompag/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-26 15:53
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Voltooingstijd: 2010-11-26 15:56:03
ComboFix-quarantined-files.txt 2010-11-26 14:55
ComboFix2.txt 2010-11-25 11:39
ComboFix3.txt 2010-11-24 21:35
ComboFix4.txt 2010-11-22 17:38

Pre-Run: 7.926.493.184 bytes beschikbaar
Post-Run: 7.984.648.192 bytes beschikbaar

- - End Of File - - 3EA8FE6E5598891ADB43ACA95A363246

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


c:\windows\ERDNT\cache\explorer.exe | c:\windows\explorer.exe

Sla dit op op je Bureaublad als CFScript.txt.Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld : Dit zal ComboFix doen herstarten.Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

ComboFix 10-11-26.07 - van veen 27-11-2010 10:09:13.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.301 [GMT 1:00]
Gestart vanuit: c:\documents and settings\van veen\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\van veen\Bureaublad\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-27 to 2010-11-27 ))))))))))))))))))))))))))))))
.

2010-12-02 12:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:52 . 2010-11-30 09:52 -------- d-----w- c:\documents and settings\Gast\Application Data\AVG9
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Application Data\BabylonToolbar
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\program files\FoxTabVideo2Mp3Converter
2010-11-24 19:57 . 2010-11-24 21:10 -------- d-----w- c:\program files\Babylon
2010-11-20 12:49 . 2010-11-20 13:06 -------- d-----w- c:\documents and settings\van veen\Application Data\Mp3Tube Toolbar
2010-11-15 20:22 . 2010-11-15 20:22 -------- d-----w- c:\documents and settings\van veen\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 20:21 . 2010-11-24 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 23:39 . 2010-11-27 09:05 -------- d--h--r- c:\documents and settings\van veen\Onlangs geopend
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\CCleaner
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Softonic-Eng7
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\WMTools Downloaded Files
2010-11-12 22:56 . 2010-11-12 22:56 388096 ----a-r- c:\documents and settings\van veen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 22:33 . 2010-11-12 22:33 -------- d-----w- c:\program files\Trend Micro
2010-11-12 21:16 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\DriverCure
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\ParetoLogic
2010-11-12 18:24 . 2010-11-12 21:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 18:20 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Conduit
2010-11-12 16:20 . 2010-11-12 16:20 -------- d-----w- c:\documents and settings\van veen\Application Data\GlarySoft
2010-11-12 00:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-12 00:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-12 00:20 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-12 00:20 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-12 00:20 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-12 00:20 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-12 00:20 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:20 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\program files\Alwil Software
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 00:02 . 2010-11-12 00:02 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\PackageAware
2010-11-11 22:51 . 2010-11-11 22:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-11 10:10 . 2010-11-11 10:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 10:07 . 2010-11-12 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\abe1cb
2010-11-11 10:07 . 2010-11-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SMBHWHOYXRE
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\van veen\Application Data\Sammsoft
2010-11-11 09:27 . 2010-11-11 10:07 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft
2010-11-10 19:40 . 2010-11-10 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 17:12 . 2010-11-10 22:25 -------- d-----w- c:\documents and settings\van veen\Application Data\GetRightToGo
2010-11-09 16:21 . 2010-11-10 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-11-09 11:37 . 2010-11-09 11:39 -------- d-----w- c:\documents and settings\van veen\Application Data\Fighters
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-08 23:51 . 2010-11-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-08 20:16 . 2010-11-11 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 21:27 . 2008-04-14 20:33 510464 ----a-w- c:\windows\system32\winlogon(2).exe
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 20:32 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 20:32 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-09-07 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-13 10:44 . 2010-09-13 10:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 10:44 . 2010-09-13 10:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 13:35 . 2008-05-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:35 . 2008-05-05 20:32 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:35 . 2008-05-05 20:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:35 . 2008-05-05 20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:58 . 2008-05-05 20:32 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 20:30 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 20:05 1852928 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2009-07-11 . A61F29AE9E7F1FD2EFB9F91F5461A7EB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\explorer.exe ... is niet aanwezig !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-24_21.33.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-27 08:31 . 2010-11-27 08:31 16384 c:\windows\temp\Perflib_Perfdata_158.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-11-2010 1:21 165584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/17 18:29];c:\program files\CyberLink\PowerDVD9\000.fcl [7-5-2009 21:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-11-2010 1:21 17744]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17-4-2010 16:55 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://dutch.ircfast2.com/nl/index.php?rvs=hompag/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-27 10:13
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Voltooingstijd: 2010-11-27 10:16:08
ComboFix-quarantined-files.txt 2010-11-27 09:16
ComboFix2.txt 2010-11-26 14:56
ComboFix3.txt 2010-11-25 11:39
ComboFix4.txt 2010-11-24 21:35
ComboFix5.txt 2010-11-27 09:07

Pre-Run: 16.251.191.296 bytes beschikbaar
Post-Run: 16.262.623.232 bytes beschikbaar

- - End Of File - - AB17E65484E7295A49EAF5BB815E538A

Plaats de cd-rom van Windows XP in het cd-rom-station.
Klik op Start en klik op Uitvoeren.
Typ d:\i386\winnt32.exe /cmdcons in het vak Openen, waarbij d de stationsletter is voor het cd-rom-station.
Er wordt een Windows Setup-dialoogvenster weergegeven. In het Windows Setup-dialoogvenster wordt de optie Herstelconsole beschreven. Klik op Ja om de installatie te bevestigen.
Haal de Windows XP installatie cd uit de computer.

Herstart je computer. Nu wordt 'Microsoft Windows Herstelconsole' weergegeven in het opstartmenu. Selecteer 'Microsoft Windows Herstelconsole'
Doe de installatie cd weer in de computer.

Type expand X:\i386\explorer.ex_ c:\windows\
Let op: Verander X in de letter van het cdrom station. Na explorer.ex_ komt eerst een spatie en dan pas c:\windows\
Druk vervolgens op enter.
Als er gevraagd wordt om het bestand te overschrijven, kies dan Ja



Hoe staat het met de problemen?