jetske2001
-
Items
2 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door jetske2001
-
-
Goedemorgen,
Ook mijn computer mocht het virus van antimalware doctor omarmen. Het hele systeem deed niets meer. Inmiddels is dit weer opgelost en heb ik aan de hand van de tips via dit forum het systeem weer schoon gekregen. Volgens mij werkt alles weer.
Ik heb via combofix een logje. Graag zou ik willen dat iemand dit nog even bekijkt om er zeker van te zijn dat alles ook echt weg is:
ComboFix 10-07-20.03 - jetske 21-07-2010 10:30:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.833 [GMT 2:00]
Gestart vanuit: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\ComboFix.exe
AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jetske.BLIKGROEP.001\Application Data\avdrn.dat
c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\documents and settings\jetske.BLIKGROEP.001\Application Data\ogix.exe
c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Sky-Banners
c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Street-Ads
c:\documents and settings\jetske\Application Data\ogix.exe
c:\documents and settings\jetske\Application Data\Sky-Banners
c:\documents and settings\jetske\Application Data\Street-Ads
c:\documents and settings\LocalService\Application Data\Sky-Banners
c:\documents and settings\LocalService\Application Data\Sky-Banners\skb\log.xml
c:\documents and settings\LocalService\Application Data\Street-Ads
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\system32\cjayp.dll
c:\windows\system32\comsats.sys
c:\windows\system32\dfttuyo.txt
c:\windows\system32\Install.txt
c:\windows\system32\mswyxtnd.dll
c:\windows\system32\pjayp.exe
c:\windows\system32\service.sys
c:\windows\system32\yjayp.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))
.
2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\documents and settings\jetske\Application Data\IObit
2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\program files\IObit
2010-07-20 17:33 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-20 17:33 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-20 17:33 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-20 17:33 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-20 11:30 . 2010-07-21 08:48 766976 ----a-w- c:\windows\system32\drivers\ssowu.sys
2010-07-20 11:30 . 2010-07-21 06:32 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 08:40 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat
2010-07-21 08:40 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat
2010-07-21 06:30 . 2009-09-08 09:27 -------- d-----w- c:\program files\LogMeIn
2010-07-20 17:34 . 2008-01-20 15:38 235528 ----a-w- c:\documents and settings\jetske\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-20 11:44 . 2010-05-25 14:49 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\BitTorrent
2010-07-01 12:53 . 2009-08-17 15:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-30 09:16 . 2008-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-24 07:43 . 2009-09-08 09:30 235528 ----a-w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 06:07 . 2010-06-23 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD6.tmp.exe
2010-06-14 13:57 . 2008-03-02 15:30 -------- d-----w- c:\program files\HQ2K1
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\IDMComp
2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\program files\IDM Computer Solutions
2010-05-25 15:58 . 2010-05-25 15:58 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Artisteer
2010-05-14 17:25 . 2010-05-14 17:25 3688883 -c--a-r- C:\ComboFix.exe
2010-05-14 13:24 . 2010-05-14 13:24 388096 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-13 19:01 . 2010-05-13 19:01 112 ----a-w- c:\documents and settings\All Users\Application Data\3NbA558.dat
2010-04-26 08:42 . 2001-09-07 13:00 90586 ----a-w- c:\windows\system32\perfc013.dat
2010-04-26 08:42 . 2001-09-07 13:00 508910 ----a-w- c:\windows\system32\perfh013.dat
2010-04-25 21:25 . 2010-04-05 15:13 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-25 21:25 . 2010-04-05 15:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-25 21:25 . 2010-04-05 15:13 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
.
<pre> c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\LogMeIn\x86\logmeinsystray .exe c:\program files\McAfee\Managed VirusScan\DesktopUI\xtray .exe c:\program files\ScanSoft\PaperPort\Ereg\ereg .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HyvesDesktop.exe"="f:\progra~1\HYVESD~1\bin\HYVESD~1.EXE" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]
"070700Setup.exe"="c:\documents and settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe" [N/A]
"rywfeceu"="c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-08 413696]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"rmnzhp"="c:\windows\system32\mswyxtnd.dll" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"tcyz46"="c:\docume~1\jetske\LOCALS~1\Temp\l84alx.exe" [N/A]
c:\documents and settings\jetske.BLIKGROEP.001\Menu Start\Programma's\Opstarten\
Davton SyncController.lnk - f:\program files\Davton\SyncManager\SyncController.exe [2009-11-9 55320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 09:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^jetske^Menu Start^Programma's^Opstarten^Back2zip.lnk]
path=c:\documents and settings\jetske\Menu Start\Programma's\Opstarten\Back2zip.lnk
backup=c:\windows\pss\Back2zip.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 17:54 623992 ----a-w- f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-16 00:37 57344 ----a-w- f:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 07:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 01:03 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 18:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]
c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MChk]
c:\windows\system32\pjayp.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]
c:\windows\system32\net.net [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 18:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-08 14:10 413696 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta]
cjayp.dll [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-18 09:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2004-08-04 01:03 144384 ----a-w- c:\windows\system32\mobsync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
R0 74025872;74025872 Boot Guard Driver;c:\windows\system32\drivers\74025872.sys [21-4-2010 21:41 37392]
R1 74025871;74025871;c:\windows\system32\drivers\74025871.sys [21-4-2010 21:41 128016]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [20-1-2008 15:28 4064]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [13-3-2009 12:48 14144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-8-2008 12:41 12856]
R2 myAgtSvc;McAfee antivirus- en antispywareservice;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [13-3-2009 12:48 282824]
R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [13-5-2008 21:55 24576]
R2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [13-5-2008 21:49 24576]
R2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [13-5-2008 21:49 20480]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2-12-2008 23:28 30152]
S2 gupdate1c9ea67d83d282c;Google Updateservice (gupdate1c9ea67d83d282c);c:\program files\Google\Update\GoogleUpdate.exe [11-6-2009 09:40 133104]
S2 yfkjkuhb;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 03:03 14336]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - ssowu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yfkjkuhb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen]
\Shell\AutoRun\command - l:\recyco\avorun.exe
\Shell\open\command - l:\recyco\avorun.exe
.
Inhoud van de 'Gedeelde Taken' map
2010-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 07:39]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]
2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{41E6CC9B-E058-4180-8839-A73F504F08FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Mozilla\Firefox\Profiles\8nlzcd97.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{DFF2D7CD-D6B1-44DD-BA53-2CF65884116C} - (no file)
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-21 10:46
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\drivers\atapi.kav"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssowu]
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\
[HKEY_USERS\S-1-5-21-1957169964-2260404463-2707857471-1152\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77A66BAC-438B-B16B-0BE5-3FE1FA7CB304}*]
"nabhddajdlbbgibekgpjomhkfhmf"=hex:6a,61,6d,6c,6b,69,6f,63,62,6c,70,6d,67,6e,
69,6f,6b,65,68,68,00,6f
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(656)
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
f:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Voltooingstijd: 2010-07-21 10:59:03 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-21 08:58
ComboFix2.txt 2010-05-14 17:57
Pre-Run: 7.554.387.968 bytes beschikbaar
Post-Run: 8.423.669.760 bytes beschikbaar
- - End Of File - - 6DD7F843BDD6A82F4BA76D81DD3EE3D9
Alvast super bedankt!
Vr.groet,
Jetske
Virus Atimalware doctor : internet doet het niet
in Archief Internet & Netwerk
Geplaatst:
Oke! Zal in het vervolg de volgorde wijzigen.
Maar hierbij de logjes:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:53, on 21-7-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\printsupervision\www\bin\printsupervisor.exe
C:\Program Files\PrintSuperVision\www\bin\PSVWebServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Davton\SyncManager\SyncController.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SnelStart\v850\SnelStart.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\jetske.BLIKGROEP.001\Bureaublad\mbam-setup-1.46.exe
C:\DOCUME~1\JETSKE~1.001\LOCALS~1\Temp\is-SPAN6.tmp\mbam-setup-1.46.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100412125503.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rmnzhp] RUNDLL32.EXE C:\WINDOWS\system32\mswyxtnd.dll,w
O4 - HKCU\..\Run: [HyvesDesktop.exe] F:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [070700Setup.exe] C:\Documents and Settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe
O4 - HKCU\..\Run: [rywfeceu] C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\jetske\LOCALS~1\Temp\l84alx.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')
O4 - Startup: Davton SyncController.lnk = F:\Program Files\Davton\SyncManager\SyncController.exe
O4 - Startup: _uninst_setup_9.0.0.722_13.05.2010_11-29[1].exe.lnk = C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Temp\_uninst_setup_9.0.0.722_13.05.2010_11-29[1].exe.bat
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: McAfee Security-as-a-Service Beta (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: McAfee (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: McAfee Security-as-a-Service Beta (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: McAfee (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blikgroep.local
O17 - HKLM\Software\..\Telephony: DomainName = blikgroep.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blikgroep.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blikgroep.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = blikgroep.local
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate1c9ea67d83d282c) (gupdate1c9ea67d83d282c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee antivirus- en antispywareservice (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OKI OPHJ DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrintSuperVisor - - c:\program files\printsupervision\www\bin\printsupervisor.exe
O23 - Service: PSVWebServer - - C:\Program Files\PrintSuperVision\www\bin\PSVWebServer.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12030 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4334
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
21-7-2010 12:11:43
mbam-log-2010-07-21 (12-11-43).txt
Scantype: Snelle scan
Objecten gescand: 208613
Verstreken tijd: 12 minuut/minuten, 40 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 5
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rywfeceu (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Downloader) -> No action taken.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
ComboFix 10-07-20.03 - jetske 21-07-2010 13:25:26.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1036 [GMT 2:00]
Gestart vanuit: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\CFScript.txt
AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FILE ::
"c:\documents and settings\All Users\Application Data\3NbA558.dat"
"c:\windows\system32\drivers\ssowu.sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\3NbA558.dat
c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih
c:\windows\system32\drivers\ssowu.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ssowu
-------\Service_ssowu
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))
.
2010-07-21 09:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 09:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 09:57 . 2010-07-21 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\documents and settings\jetske\Application Data\IObit
2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\program files\IObit
2010-07-20 17:33 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-20 17:33 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-20 17:33 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-20 17:33 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:36 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat
2010-07-21 11:36 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat
2010-07-21 06:30 . 2009-09-08 09:27 -------- d-----w- c:\program files\LogMeIn
2010-07-20 17:34 . 2008-01-20 15:38 235528 ----a-w- c:\documents and settings\jetske\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-20 11:44 . 2010-05-25 14:49 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\BitTorrent
2010-07-01 12:53 . 2009-08-17 15:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-30 09:16 . 2008-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-24 07:43 . 2009-09-08 09:30 235528 ----a-w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 06:07 . 2010-06-23 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD6.tmp.exe
2010-06-14 13:57 . 2008-03-02 15:30 -------- d-----w- c:\program files\HQ2K1
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\IDMComp
2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\program files\IDM Computer Solutions
2010-05-25 15:58 . 2010-05-25 15:58 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Artisteer
2010-05-14 17:25 . 2010-05-14 17:25 3688883 -c--a-r- C:\ComboFix.exe
2010-05-14 13:24 . 2010-05-14 13:24 388096 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-26 08:42 . 2001-09-07 13:00 90586 ----a-w- c:\windows\system32\perfc013.dat
2010-04-26 08:42 . 2001-09-07 13:00 508910 ----a-w- c:\windows\system32\perfh013.dat
2010-04-25 21:25 . 2010-04-05 15:13 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-25 21:25 . 2010-04-05 15:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-25 21:25 . 2010-04-05 15:13 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HyvesDesktop.exe"="f:\progra~1\HYVESD~1\bin\HYVESD~1.EXE" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]
"070700Setup.exe"="c:\documents and settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-08 413696]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
c:\documents and settings\jetske.BLIKGROEP.001\Menu Start\Programma's\Opstarten\
Davton SyncController.lnk - f:\program files\Davton\SyncManager\SyncController.exe [2009-11-9 55320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 09:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^jetske^Menu Start^Programma's^Opstarten^Back2zip.lnk]
path=c:\documents and settings\jetske\Menu Start\Programma's\Opstarten\Back2zip.lnk
backup=c:\windows\pss\Back2zip.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 17:54 623992 ----a-w- f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-16 00:37 57344 ----a-w- f:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 07:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 01:03 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 18:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]
c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MChk]
c:\windows\system32\pjayp.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]
c:\windows\system32\net.net [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 18:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-08 14:10 413696 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta]
cjayp.dll [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-18 09:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2004-08-04 01:03 144384 ----a-w- c:\windows\system32\mobsync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
R0 74025872;74025872 Boot Guard Driver;c:\windows\system32\drivers\74025872.sys [21-4-2010 21:41 37392]
R1 74025871;74025871;c:\windows\system32\drivers\74025871.sys [21-4-2010 21:41 128016]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [20-1-2008 15:28 4064]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [13-3-2009 12:48 14144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-8-2008 12:41 12856]
R2 myAgtSvc;McAfee antivirus- en antispywareservice;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [13-3-2009 12:48 282824]
R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [13-5-2008 21:55 24576]
R2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [13-5-2008 21:49 24576]
R2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [13-5-2008 21:49 20480]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2-12-2008 23:28 30152]
S2 gupdate1c9ea67d83d282c;Google Updateservice (gupdate1c9ea67d83d282c);c:\program files\Google\Update\GoogleUpdate.exe [11-6-2009 09:40 133104]
S2 yfkjkuhb;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 03:03 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yfkjkuhb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen]
\Shell\AutoRun\command - l:\recyco\avorun.exe
\Shell\open\command - l:\recyco\avorun.exe
.
Inhoud van de 'Gedeelde Taken' map
2010-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 07:39]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]
2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{41E6CC9B-E058-4180-8839-A73F504F08FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Mozilla\Firefox\Profiles\8nlzcd97.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-21 13:39
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\drivers\atapi.kav"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\
[HKEY_USERS\S-1-5-21-1957169964-2260404463-2707857471-1152\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77A66BAC-438B-B16B-0BE5-3FE1FA7CB304}*]
"nabhddajdlbbgibekgpjomhkfhmf"=hex:6a,61,6d,6c,6b,69,6f,63,62,6c,70,6d,67,6e,
69,6f,6b,65,68,68,00,6f
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(644)
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
f:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Voltooingstijd: 2010-07-21 13:50:32 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-21 11:50
ComboFix2.txt 2010-07-21 08:59
ComboFix3.txt 2010-05-14 17:57
Pre-Run: 8.397.324.288 bytes beschikbaar
Post-Run: 8.408.494.080 bytes beschikbaar
- - End Of File - - 2F11EAE131209DBCB43E9458635F59E9