Ga naar inhoud

jetske2001

Lid
  • Items

    2
  • Registratiedatum

  • Laatst bezocht

jetske2001's prestaties

  1. Oke! Zal in het vervolg de volgorde wijzigen. Maar hierbij de logjes: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:57:53, on 21-7-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE C:\WINDOWS\system32\HPZipm12.exe c:\program files\printsupervision\www\bin\printsupervisor.exe C:\Program Files\PrintSuperVision\www\bin\PSVWebServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\Program Files\Davton\SyncManager\SyncController.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe F:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SnelStart\v850\SnelStart.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\jetske.BLIKGROEP.001\Bureaublad\mbam-setup-1.46.exe C:\DOCUME~1\JETSKE~1.001\LOCALS~1\Temp\is-SPAN6.tmp\mbam-setup-1.46.tmp C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100412125503.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [rmnzhp] RUNDLL32.EXE C:\WINDOWS\system32\mswyxtnd.dll,w O4 - HKCU\..\Run: [HyvesDesktop.exe] F:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [070700Setup.exe] C:\Documents and Settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe O4 - HKCU\..\Run: [rywfeceu] C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\jetske\LOCALS~1\Temp\l84alx.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user') O4 - Startup: Davton SyncController.lnk = F:\Program Files\Davton\SyncManager\SyncController.exe O4 - Startup: _uninst_setup_9.0.0.722_13.05.2010_11-29[1].exe.lnk = C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Temp\_uninst_setup_9.0.0.722_13.05.2010_11-29[1].exe.bat O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com (HKLM) O15 - Trusted Zone: McAfee Security-as-a-Service Beta (HKLM) O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - Trusted Zone: McAfee (HKLM) O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) O15 - ESC Trusted Zone: McAfee Security-as-a-Service Beta (HKLM) O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: McAfee (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blikgroep.local O17 - HKLM\Software\..\Telephony: DomainName = blikgroep.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blikgroep.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blikgroep.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = blikgroep.local O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c9ea67d83d282c) (gupdate1c9ea67d83d282c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: McAfee antivirus- en antispywareservice (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OKI OPHJ DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrintSuperVisor - - c:\program files\printsupervision\www\bin\printsupervisor.exe O23 - Service: PSVWebServer - - C:\Program Files\PrintSuperVision\www\bin\PSVWebServer.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12030 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4334 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 21-7-2010 12:11:43 mbam-log-2010-07-21 (12-11-43).txt Scantype: Snelle scan Objecten gescand: 208613 Verstreken tijd: 12 minuut/minuten, 40 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 2 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rywfeceu (Rogue.AntivirusSuite.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Downloader) -> No action taken. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ComboFix 10-07-20.03 - jetske 21-07-2010 13:25:26.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1036 [GMT 2:00] Gestart vanuit: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\CFScript.txt AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C} FILE :: "c:\documents and settings\All Users\Application Data\3NbA558.dat" "c:\windows\system32\drivers\ssowu.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\3NbA558.dat c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih c:\windows\system32\drivers\ssowu.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ssowu -------\Service_ssowu (((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))) . 2010-07-21 09:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-21 09:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-21 09:57 . 2010-07-21 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\documents and settings\jetske\Application Data\IObit 2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\program files\IObit 2010-07-20 17:33 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-07-20 17:33 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-07-20 17:33 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-07-20 17:33 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-21 11:36 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat 2010-07-21 11:36 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat 2010-07-21 06:30 . 2009-09-08 09:27 -------- d-----w- c:\program files\LogMeIn 2010-07-20 17:34 . 2008-01-20 15:38 235528 ----a-w- c:\documents and settings\jetske\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-20 11:44 . 2010-05-25 14:49 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\BitTorrent 2010-07-01 12:53 . 2009-08-17 15:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-06-30 09:16 . 2008-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-06-24 07:43 . 2009-09-08 09:30 235528 ----a-w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-23 06:07 . 2010-06-23 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD6.tmp.exe 2010-06-14 13:57 . 2008-03-02 15:30 -------- d-----w- c:\program files\HQ2K1 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\IDMComp 2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\program files\IDM Computer Solutions 2010-05-25 15:58 . 2010-05-25 15:58 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Artisteer 2010-05-14 17:25 . 2010-05-14 17:25 3688883 -c--a-r- C:\ComboFix.exe 2010-05-14 13:24 . 2010-05-14 13:24 388096 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-26 08:42 . 2001-09-07 13:00 90586 ----a-w- c:\windows\system32\perfc013.dat 2010-04-26 08:42 . 2001-09-07 13:00 508910 ----a-w- c:\windows\system32\perfh013.dat 2010-04-25 21:25 . 2010-04-05 15:13 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys 2010-04-25 21:25 . 2010-04-05 15:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys 2010-04-25 21:25 . 2010-04-05 15:13 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys . <pre> c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\LogMeIn\x86\logmeinsystray .exe c:\program files\McAfee\Managed VirusScan\DesktopUI\xtray .exe c:\program files\ScanSoft\PaperPort\Ereg\ereg .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HyvesDesktop.exe"="f:\progra~1\HYVESD~1\bin\HYVESD~1.EXE" [N/A] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408] "070700Setup.exe"="c:\documents and settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-08 413696] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440] c:\documents and settings\jetske.BLIKGROEP.001\Menu Start\Programma's\Opstarten\ Davton SyncController.lnk - f:\program files\Davton\SyncManager\SyncController.exe [2009-11-9 55320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 09:30 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^jetske^Menu Start^Programma's^Opstarten^Back2zip.lnk] path=c:\documents and settings\jetske\Menu Start\Programma's\Opstarten\Back2zip.lnk backup=c:\windows\pss\Back2zip.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-01-11 17:54 623992 ----a-w- f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-16 00:37 57344 ----a-w- f:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2008-02-19 07:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 01:03 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-10-11 18:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray] c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MChk] c:\windows\system32\pjayp.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash] c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net] c:\windows\system32\net.net [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-10-11 18:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-08 14:10 413696 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta] cjayp.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-18 09:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager] 2004-08-04 01:03 144384 ----a-w- c:\windows\system32\mobsync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] 2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= R0 74025872;74025872 Boot Guard Driver;c:\windows\system32\drivers\74025872.sys [21-4-2010 21:41 37392] R1 74025871;74025871;c:\windows\system32\drivers\74025871.sys [21-4-2010 21:41 128016] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [20-1-2008 15:28 4064] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [13-3-2009 12:48 14144] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-8-2008 12:41 12856] R2 myAgtSvc;McAfee antivirus- en antispywareservice;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [13-3-2009 12:48 282824] R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [13-5-2008 21:55 24576] R2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [13-5-2008 21:49 24576] R2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [13-5-2008 21:49 20480] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2-12-2008 23:28 30152] S2 gupdate1c9ea67d83d282c;Google Updateservice (gupdate1c9ea67d83d282c);c:\program files\Google\Update\GoogleUpdate.exe [11-6-2009 09:40 133104] S2 yfkjkuhb;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 03:03 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yfkjkuhb [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen] \Shell\AutoRun\command - l:\recyco\avorun.exe \Shell\open\command - l:\recyco\avorun.exe . Inhoud van de 'Gedeelde Taken' map 2010-07-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 07:39] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39] 2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{41E6CC9B-E058-4180-8839-A73F504F08FC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://www.msn.com uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab FF - ProfilePath - c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Mozilla\Firefox\Profiles\8nlzcd97.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-21 13:39 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi] "ImagePath"="system32\drivers\atapi.kav" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\ [HKEY_USERS\S-1-5-21-1957169964-2260404463-2707857471-1152\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77A66BAC-438B-B16B-0BE5-3FE1FA7CB304}*] "nabhddajdlbbgibekgpjomhkfhmf"=hex:6a,61,6d,6c,6b,69,6f,63,62,6c,70,6d,67,6e, 69,6f,6b,65,68,68,00,6f [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(584) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(644) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(2260) c:\windows\system32\webcheck.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Andere Aktieve Processen ------------------------ . f:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe . ************************************************************************** . Voltooingstijd: 2010-07-21 13:50:32 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-21 11:50 ComboFix2.txt 2010-07-21 08:59 ComboFix3.txt 2010-05-14 17:57 Pre-Run: 8.397.324.288 bytes beschikbaar Post-Run: 8.408.494.080 bytes beschikbaar - - End Of File - - 2F11EAE131209DBCB43E9458635F59E9
  2. Goedemorgen, Ook mijn computer mocht het virus van antimalware doctor omarmen. Het hele systeem deed niets meer. Inmiddels is dit weer opgelost en heb ik aan de hand van de tips via dit forum het systeem weer schoon gekregen. Volgens mij werkt alles weer. Ik heb via combofix een logje. Graag zou ik willen dat iemand dit nog even bekijkt om er zeker van te zijn dat alles ook echt weg is: ComboFix 10-07-20.03 - jetske 21-07-2010 10:30:44.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.833 [GMT 2:00] Gestart vanuit: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\ComboFix.exe AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\jetske.BLIKGROEP.001\Application Data\avdrn.dat c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk c:\documents and settings\jetske.BLIKGROEP.001\Application Data\ogix.exe c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Sky-Banners c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Street-Ads c:\documents and settings\jetske\Application Data\ogix.exe c:\documents and settings\jetske\Application Data\Sky-Banners c:\documents and settings\jetske\Application Data\Street-Ads c:\documents and settings\LocalService\Application Data\Sky-Banners c:\documents and settings\LocalService\Application Data\Sky-Banners\skb\log.xml c:\documents and settings\LocalService\Application Data\Street-Ads c:\windows\$NtUninstallMTF1011$ c:\windows\$NtUninstallMTF1011$\apUninstall.exe c:\windows\$NtUninstallMTF1011$\zrpt.xml c:\windows\system32\cjayp.dll c:\windows\system32\comsats.sys c:\windows\system32\dfttuyo.txt c:\windows\system32\Install.txt c:\windows\system32\mswyxtnd.dll c:\windows\system32\pjayp.exe c:\windows\system32\service.sys c:\windows\system32\yjayp.dll . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))) . 2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\documents and settings\jetske\Application Data\IObit 2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\program files\IObit 2010-07-20 17:33 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-07-20 17:33 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-07-20 17:33 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-07-20 17:33 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-07-20 11:30 . 2010-07-21 08:48 766976 ----a-w- c:\windows\system32\drivers\ssowu.sys 2010-07-20 11:30 . 2010-07-21 06:32 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-21 08:40 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat 2010-07-21 08:40 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat 2010-07-21 06:30 . 2009-09-08 09:27 -------- d-----w- c:\program files\LogMeIn 2010-07-20 17:34 . 2008-01-20 15:38 235528 ----a-w- c:\documents and settings\jetske\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-20 11:44 . 2010-05-25 14:49 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\BitTorrent 2010-07-01 12:53 . 2009-08-17 15:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-06-30 09:16 . 2008-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-06-24 07:43 . 2009-09-08 09:30 235528 ----a-w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-23 06:07 . 2010-06-23 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD6.tmp.exe 2010-06-14 13:57 . 2008-03-02 15:30 -------- d-----w- c:\program files\HQ2K1 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\IDMComp 2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\program files\IDM Computer Solutions 2010-05-25 15:58 . 2010-05-25 15:58 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Artisteer 2010-05-14 17:25 . 2010-05-14 17:25 3688883 -c--a-r- C:\ComboFix.exe 2010-05-14 13:24 . 2010-05-14 13:24 388096 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-13 19:01 . 2010-05-13 19:01 112 ----a-w- c:\documents and settings\All Users\Application Data\3NbA558.dat 2010-04-26 08:42 . 2001-09-07 13:00 90586 ----a-w- c:\windows\system32\perfc013.dat 2010-04-26 08:42 . 2001-09-07 13:00 508910 ----a-w- c:\windows\system32\perfh013.dat 2010-04-25 21:25 . 2010-04-05 15:13 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys 2010-04-25 21:25 . 2010-04-05 15:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys 2010-04-25 21:25 . 2010-04-05 15:13 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys . <pre> c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\LogMeIn\x86\logmeinsystray .exe c:\program files\McAfee\Managed VirusScan\DesktopUI\xtray .exe c:\program files\ScanSoft\PaperPort\Ereg\ereg .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HyvesDesktop.exe"="f:\progra~1\HYVESD~1\bin\HYVESD~1.EXE" [N/A] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408] "070700Setup.exe"="c:\documents and settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe" [N/A] "rywfeceu"="c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-08 413696] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "rmnzhp"="c:\windows\system32\mswyxtnd.dll" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "tcyz46"="c:\docume~1\jetske\LOCALS~1\Temp\l84alx.exe" [N/A] c:\documents and settings\jetske.BLIKGROEP.001\Menu Start\Programma's\Opstarten\ Davton SyncController.lnk - f:\program files\Davton\SyncManager\SyncController.exe [2009-11-9 55320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 09:30 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^jetske^Menu Start^Programma's^Opstarten^Back2zip.lnk] path=c:\documents and settings\jetske\Menu Start\Programma's\Opstarten\Back2zip.lnk backup=c:\windows\pss\Back2zip.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-01-11 17:54 623992 ----a-w- f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-16 00:37 57344 ----a-w- f:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2008-02-19 07:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 01:03 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-10-11 18:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray] c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MChk] c:\windows\system32\pjayp.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash] c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net] c:\windows\system32\net.net [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-10-11 18:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-08 14:10 413696 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta] cjayp.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-18 09:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager] 2004-08-04 01:03 144384 ----a-w- c:\windows\system32\mobsync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] 2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= R0 74025872;74025872 Boot Guard Driver;c:\windows\system32\drivers\74025872.sys [21-4-2010 21:41 37392] R1 74025871;74025871;c:\windows\system32\drivers\74025871.sys [21-4-2010 21:41 128016] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [20-1-2008 15:28 4064] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [13-3-2009 12:48 14144] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-8-2008 12:41 12856] R2 myAgtSvc;McAfee antivirus- en antispywareservice;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [13-3-2009 12:48 282824] R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [13-5-2008 21:55 24576] R2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [13-5-2008 21:49 24576] R2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [13-5-2008 21:49 20480] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2-12-2008 23:28 30152] S2 gupdate1c9ea67d83d282c;Google Updateservice (gupdate1c9ea67d83d282c);c:\program files\Google\Update\GoogleUpdate.exe [11-6-2009 09:40 133104] S2 yfkjkuhb;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 03:03 14336] --- Andere Services/Drivers In Geheugen --- *Deregistered* - ssowu HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yfkjkuhb [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen] \Shell\AutoRun\command - l:\recyco\avorun.exe \Shell\open\command - l:\recyco\avorun.exe . Inhoud van de 'Gedeelde Taken' map 2010-07-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 07:39] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39] 2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{41E6CC9B-E058-4180-8839-A73F504F08FC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://www.msn.com uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab FF - ProfilePath - c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Mozilla\Firefox\Profiles\8nlzcd97.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - BHO-{DFF2D7CD-D6B1-44DD-BA53-2CF65884116C} - (no file) AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-21 10:46 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi] "ImagePath"="system32\drivers\atapi.kav" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssowu] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\ [HKEY_USERS\S-1-5-21-1957169964-2260404463-2707857471-1152\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77A66BAC-438B-B16B-0BE5-3FE1FA7CB304}*] "nabhddajdlbbgibekgpjomhkfhmf"=hex:6a,61,6d,6c,6b,69,6f,63,62,6c,70,6d,67,6e, 69,6f,6b,65,68,68,00,6f [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(600) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(656) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(2908) c:\windows\system32\webcheck.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Andere Aktieve Processen ------------------------ . f:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe . ************************************************************************** . Voltooingstijd: 2010-07-21 10:59:03 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-21 08:58 ComboFix2.txt 2010-05-14 17:57 Pre-Run: 7.554.387.968 bytes beschikbaar Post-Run: 8.423.669.760 bytes beschikbaar - - End Of File - - 6DD7F843BDD6A82F4BA76D81DD3EE3D9 Alvast super bedankt! Vr.groet, Jetske
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.