Webbrowsers erg traag

[willy555]

Sinds een paar dagen laden de websites (I.E, Firefox, Opera) erg traag. En soms helemaal niet. Ook ligt de actieve systeemprocessen continu tegen de 98%. Allemaal heel vervelend. Heb van alles al gedaan. Virusscanners, Ad aware enz enz laten draaien. Tot nu toe heeft niks geholpen. Graag zet ik de scan van Hijack en Combofix hierop als laatste mogelijkheid voordat ik de boel ga formateren.

Kunnen jullie mij vertellen wat het probleem misschien is?

Alvast bedankt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:57, on 5-8-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214592986078
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6157 bytes

ComboFix 08-08-04.01 - Administrator 2008-08-05 20:08:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.509 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))
.

2008-08-05 19:46 . 2008-08-05 19:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-08-05 01:41 . 2008-08-05 01:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-04 21:31 . 2008-08-04 21:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-08-04 01:07 . 2008-08-04 01:08 <DIR> d-------- C:\Program Files\Recuva
2008-08-03 22:29 . 2008-08-03 22:28 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-03 22:28 . 2008-08-03 22:37 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-08-03 21:41 . 2008-08-03 21:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 21:08 . 2008-08-03 21:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 21:08 . 2008-08-03 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 20:57 . 2008-08-03 20:57 <DIR> d-------- C:\Program Files\Opera
2008-08-02 14:06 . 2008-08-05 02:38 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-27 14:47 . 2008-07-27 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-27 02:45 . 2008-07-27 02:45 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-07-27 02:45 . 2008-07-27 02:44 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-27 02:33 . 2008-06-03 04:59 3,500,352 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-07-27 02:33 . 2008-06-03 08:20 3,100,160 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-27 02:33 . 2008-06-03 04:48 2,120,832 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-07-27 02:33 . 2008-06-03 04:21 557,056 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-07-27 02:33 . 2008-06-03 05:21 306,688 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-07-27 02:33 . 2008-04-28 23:09 172,033 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-27 02:33 . 2008-06-03 04:27 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-27 02:33 . 2008-06-03 04:33 48,128 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-07-27 02:33 . 2008-06-03 05:11 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-27 02:20 . 2008-07-27 02:20 <DIR> d-------- C:\Program Files\filehippo.com
2008-07-26 11:41 . 2008-07-26 11:41 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-21 02:12 . 2008-07-21 02:12 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-07-21 02:11 . 2008-07-21 02:11 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-20 01:28 . 2008-08-02 21:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-07-16 22:00 . 2008-07-16 22:00 <DIR> d-------- C:\Program Files\hp deskjet 5550 series
2008-07-16 22:00 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-16 22:00 . 2002-07-11 15:20 147,512 --a------ C:\WINDOWS\system32\hpzlnt06.dll
2008-07-16 22:00 . 2002-01-28 14:32 45,056 --a------ C:\WINDOWS\system32\prnunins.exe
2008-07-16 22:00 . 2008-07-16 22:00 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-07-16 21:58 . 2008-07-16 22:01 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-07-10 00:10 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-06 18:37 . 2008-07-06 18:37 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-07-06 18:37 . 2008-07-06 18:37 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-07-06 18:35 . 2008-07-06 18:35 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-07-06 18:35 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-06 18:08 . 2008-07-06 18:08 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-07-06 18:05 . 2008-04-14 22:32 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-06 18:05 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-06 18:05 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-06 18:05 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-06 17:59 . 2008-07-06 18:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2008-07-06 17:50 . 2008-07-06 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-06 17:49 . 2008-07-06 18:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-07-06 17:48 . 2008-07-06 17:48 <DIR> d-------- C:\Program Files\DIFX
2008-07-06 17:48 . 2008-07-06 18:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-07-06 17:47 . 2008-07-06 18:37 <DIR> d-------- C:\Program Files\Nokia
2008-07-06 17:47 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-06 17:45 . 2008-07-06 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-07-06 17:33 . 2008-04-14 00:16 37,888 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-07-06 17:33 . 2008-04-14 00:16 37,888 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-07-05 11:33 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 11:33 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-05 09:26 . 2008-07-10 19:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 18:10 5,234,720 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-05 01:30 63,644 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-04 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-03 21:56 --------- d-----w C:\Program Files\Java
2008-08-02 17:32 2,950,144 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-08-02 17:32 1,719,808 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-02 17:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-27 00:39 --------- d-----w C:\Program Files\ATI
2008-07-27 00:37 --------- d-----w C:\Program Files\ATI Technologies
2008-07-27 00:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 05:45 3,428,352 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-22 05:45 1,664,000 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-19 15:04 --------- d-----w C:\Program Files\HAM
2008-07-19 00:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-12 15:45 --------- d-----w C:\Program Files\WinTV
2008-07-12 08:50 1,584,128 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-10 12:20 3,149,312 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 14:16 3,254,784 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-05 18:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-07-04 17:55 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 17:55 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 17:55 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\SET27F.tmp
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\SET24F.tmp
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\SET273.tmp
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\SET279.tmp
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\SET270.tmp
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\SET26D.tmp
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\SET282.tmp
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\SET258.tmp
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\SET25B.tmp
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\SET27C.tmp
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\SET264.tmp
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\SET252.tmp
2008-07-03 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-02 21:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-02 16:29 --------- d-----w C:\Program Files\Vuze
2008-06-30 18:28 --------- d-----w C:\Program Files\uTorrent
2008-06-29 22:40 152,008 ----a-w C:\WINDOWS\HAM Uninstaller.exe
2008-06-29 22:02 --------- d-----w C:\Program Files\BearShare
2008-06-29 00:46 --------- d-----w C:\Program Files\nanoPEG for WinTV
2008-06-29 00:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 00:45 --------- d-----w C:\Program Files\Common Files\IviSDK
2008-06-29 00:39 66,048 ----a-w C:\WINDOWS\system32\hcwXDS.dll
2008-06-29 00:39 376,836 ----a-w C:\WINDOWS\system32\drivers\HcwFalcn.rom
2008-06-29 00:39 177,152 ----a-w C:\WINDOWS\system32\drivers\hcwPP2.sys
2008-06-29 00:39 16,382 ----a-w C:\WINDOWS\system32\drivers\HcwMakoC.rom
2008-06-29 00:39 14,264 ----a-w C:\WINDOWS\system32\drivers\HcwMakoB.rom
2008-06-28 23:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-28 22:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-28 22:59 --------- d-----w C:\Program Files\MSBuild
2008-06-28 22:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-28 22:17 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-28 14:52 --------- d-----w C:\Program Files\SopCast
2008-06-28 13:26 --------- d-----w C:\Program Files\DivX
2008-06-28 13:18 --------- d-----w C:\Program Files\Picasa2
2008-06-28 13:17 --------- d-----w C:\Program Files\Google
2008-06-28 13:12 --------- d-----w C:\Program Files\7-Zip
2008-06-28 13:01 --------- d-----w C:\Program Files\SiSoftware
2008-06-28 12:56 --------- d-----w C:\Program Files\MSN Messenger
2008-06-28 12:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2008-06-28 12:52 --------- d-----w C:\Program Files\VideoLAN
2008-06-28 12:49 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-28 12:48 --------- d-----w C:\Program Files\Windows Live
2008-06-28 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-28 12:43 --------- d-----w C:\Program Files\Lavasoft
2008-06-28 12:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 12:37 --------- d-----w C:\Program Files\Yahoo!
2008-06-28 12:37 --------- d-----w C:\Program Files\CCleaner
2008-06-28 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-28 12:24 --------- d-----w C:\Program Files\AskSBar
2008-06-28 11:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-28 00:00 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-27 23:29 --------- d-----w C:\Program Files\Common Files\Java
2008-06-27 23:19 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-06-27 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-27 23:16 --------- d-----w C:\Program Files\Zone Labs
2008-06-27 22:20 --------- d-----w C:\Program Files\AVG
2008-06-27 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 21:54 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-06-27 21:00 --------- d-----w C:\Program Files\Asus
2008-06-27 20:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-27 20:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-27 18:32 --------- d-----w C:\Program Files\Realtek
2008-06-27 18:31 --------- d-----w C:\Program Files\VIA
2008-06-27 18:30 --------- d-----w C:\Program Files\AMD
2008-06-27 17:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:36 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-05_ 2.04.35.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-05 00:38:38 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu06.exe
+ 2008-08-05 00:38:47 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
+ 2008-08-05 00:38:54 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbu06.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-28 14:24 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 23:32 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 19:55 1232152]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 18:38 307200]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-04 16:44 16006656 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 23:32 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\OpenOffice.org 2.4 .lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4 .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-07-26 13:48 3305472 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
--a------ 2008-07-03 19:08 137216 C:\Program Files\filehippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 23:33 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 19:55]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 19:55]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 19:55]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 19:55]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 15:11]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hnoi4uzb.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 20:10:41
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-08-05 20:11:47
ComboFix-quarantined-files.txt 2008-08-05 18:11:40
ComboFix2.txt 2008-08-05 00:05:03

Pre-Run: 45,113,106,432 bytes beschikbaar
Post-Run: 45,088,591,872 bytes beschikbaar

261 --- E O F --- 2008-07-24 01:00:55

 

[Terrarabo]

En helaas worden HJT logs hier al een paar jaar niet meer geanalyseerd.

Ga hiervoor naar www.hijackthis.nl of naar www.nucia.eu

Succes daar,

Raymond