Ga naar inhoud

Virus Atimalware doctor : internet doet het niet


 Delen

Aanbevolen berichten

Goedemorgen,

Ook mijn computer mocht het virus van antimalware doctor omarmen. Het hele systeem deed niets meer. Inmiddels is dit weer opgelost en heb ik aan de hand van de tips via dit forum het systeem weer schoon gekregen. Volgens mij werkt alles weer.

Ik heb via combofix een logje. Graag zou ik willen dat iemand dit nog even bekijkt om er zeker van te zijn dat alles ook echt weg is:

ComboFix 10-07-20.03 - jetske 21-07-2010 10:30:44.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.833 [GMT 2:00]

Gestart vanuit: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\ComboFix.exe

AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\jetske.BLIKGROEP.001\Application Data\avdrn.dat

c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk

c:\documents and settings\jetske.BLIKGROEP.001\Application Data\ogix.exe

c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Sky-Banners

c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Street-Ads

c:\documents and settings\jetske\Application Data\ogix.exe

c:\documents and settings\jetske\Application Data\Sky-Banners

c:\documents and settings\jetske\Application Data\Street-Ads

c:\documents and settings\LocalService\Application Data\Sky-Banners

c:\documents and settings\LocalService\Application Data\Sky-Banners\skb\log.xml

c:\documents and settings\LocalService\Application Data\Street-Ads

c:\windows\$NtUninstallMTF1011$

c:\windows\$NtUninstallMTF1011$\apUninstall.exe

c:\windows\$NtUninstallMTF1011$\zrpt.xml

c:\windows\system32\cjayp.dll

c:\windows\system32\comsats.sys

c:\windows\system32\dfttuyo.txt

c:\windows\system32\Install.txt

c:\windows\system32\mswyxtnd.dll

c:\windows\system32\pjayp.exe

c:\windows\system32\service.sys

c:\windows\system32\yjayp.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))

.

2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\documents and settings\jetske\Application Data\IObit

2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\program files\IObit

2010-07-20 17:33 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-07-20 17:33 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-07-20 17:33 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-07-20 17:33 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-07-20 11:30 . 2010-07-21 08:48 766976 ----a-w- c:\windows\system32\drivers\ssowu.sys

2010-07-20 11:30 . 2010-07-21 06:32 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 08:40 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat

2010-07-21 08:40 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat

2010-07-21 06:30 . 2009-09-08 09:27 -------- d-----w- c:\program files\LogMeIn

2010-07-20 17:34 . 2008-01-20 15:38 235528 ----a-w- c:\documents and settings\jetske\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-20 11:44 . 2010-05-25 14:49 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\BitTorrent

2010-07-01 12:53 . 2009-08-17 15:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-06-30 09:16 . 2008-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-06-24 07:43 . 2009-09-08 09:30 235528 ----a-w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-23 06:07 . 2010-06-23 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD6.tmp.exe

2010-06-14 13:57 . 2008-03-02 15:30 -------- d-----w- c:\program files\HQ2K1

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\IDMComp

2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\program files\IDM Computer Solutions

2010-05-25 15:58 . 2010-05-25 15:58 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Artisteer

2010-05-14 17:25 . 2010-05-14 17:25 3688883 -c--a-r- C:\ComboFix.exe

2010-05-14 13:24 . 2010-05-14 13:24 388096 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-13 19:01 . 2010-05-13 19:01 112 ----a-w- c:\documents and settings\All Users\Application Data\3NbA558.dat

2010-04-26 08:42 . 2001-09-07 13:00 90586 ----a-w- c:\windows\system32\perfc013.dat

2010-04-26 08:42 . 2001-09-07 13:00 508910 ----a-w- c:\windows\system32\perfh013.dat

2010-04-25 21:25 . 2010-04-05 15:13 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-04-25 21:25 . 2010-04-05 15:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-04-25 21:25 . 2010-04-05 15:13 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys

.

<pre>
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\LogMeIn\x86\logmeinsystray .exe
c:\program files\McAfee\Managed VirusScan\DesktopUI\xtray .exe
c:\program files\ScanSoft\PaperPort\Ereg\ereg .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HyvesDesktop.exe"="f:\progra~1\HYVESD~1\bin\HYVESD~1.EXE" [N/A]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]

"070700Setup.exe"="c:\documents and settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe" [N/A]

"rywfeceu"="c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-08 413696]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"rmnzhp"="c:\windows\system32\mswyxtnd.dll" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"tcyz46"="c:\docume~1\jetske\LOCALS~1\Temp\l84alx.exe" [N/A]

c:\documents and settings\jetske.BLIKGROEP.001\Menu Start\Programma's\Opstarten\

Davton SyncController.lnk - f:\program files\Davton\SyncManager\SyncController.exe [2009-11-9 55320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-02 09:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jetske^Menu Start^Programma's^Opstarten^Back2zip.lnk]

path=c:\documents and settings\jetske\Menu Start\Programma's\Opstarten\Back2zip.lnk

backup=c:\windows\pss\Back2zip.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-01-11 17:54 623992 ----a-w- f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-09-16 00:37 57344 ----a-w- f:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2008-02-19 07:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 01:03 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 01:41 49152 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-10-11 18:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]

c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MChk]

c:\windows\system32\pjayp.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]

c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]

c:\windows\system32\net.net [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-10-11 18:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-08 14:10 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta]

cjayp.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-18 09:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2004-08-04 01:03 144384 ----a-w- c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

R0 74025872;74025872 Boot Guard Driver;c:\windows\system32\drivers\74025872.sys [21-4-2010 21:41 37392]

R1 74025871;74025871;c:\windows\system32\drivers\74025871.sys [21-4-2010 21:41 128016]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [20-1-2008 15:28 4064]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [13-3-2009 12:48 14144]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-8-2008 12:41 12856]

R2 myAgtSvc;McAfee antivirus- en antispywareservice;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [13-3-2009 12:48 282824]

R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [13-5-2008 21:55 24576]

R2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [13-5-2008 21:49 24576]

R2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [13-5-2008 21:49 20480]

R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2-12-2008 23:28 30152]

S2 gupdate1c9ea67d83d282c;Google Updateservice (gupdate1c9ea67d83d282c);c:\program files\Google\Update\GoogleUpdate.exe [11-6-2009 09:40 133104]

S2 yfkjkuhb;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 03:03 14336]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - ssowu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

yfkjkuhb

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen]

\Shell\AutoRun\command - l:\recyco\avorun.exe

\Shell\open\command - l:\recyco\avorun.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-07-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 07:39]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]

2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{41E6CC9B-E058-4180-8839-A73F504F08FC}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

FF - ProfilePath - c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Mozilla\Firefox\Profiles\8nlzcd97.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS VERWIJDERD - - - -

BHO-{DFF2D7CD-D6B1-44DD-BA53-2CF65884116C} - (no file)

AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-21 10:46

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]

"ImagePath"="system32\drivers\atapi.kav"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssowu]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\

[HKEY_USERS\S-1-5-21-1957169964-2260404463-2707857471-1152\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77A66BAC-438B-B16B-0BE5-3FE1FA7CB304}*]

"nabhddajdlbbgibekgpjomhkfhmf"=hex:6a,61,6d,6c,6b,69,6f,63,62,6c,70,6d,67,6e,

69,6f,6b,65,68,68,00,6f

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(600)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(656)

c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2908)

c:\windows\system32\webcheck.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

f:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Voltooingstijd: 2010-07-21 10:59:03 - machine werd herstart

ComboFix-quarantined-files.txt 2010-07-21 08:58

ComboFix2.txt 2010-05-14 17:57

Pre-Run: 7.554.387.968 bytes beschikbaar

Post-Run: 8.423.669.760 bytes beschikbaar

- - End Of File - - 6DD7F843BDD6A82F4BA76D81DD3EE3D9

Alvast super bedankt!

Vr.groet,

Jetske

Link naar reactie
Delen op andere sites


Het is absoluut geen goed idee om Combofix al in te zetten, zonder eerder - minder gevaarlijke programma's - een analyse van het probleem te hebben laten maken. In dit geval was een start met HijackThis en Malwarebytes - én eerst de controle van deze logjes - eerder wenselijk geweest :sad

Download dan ook beide programma's en laat die scannen. Dan mag je het volgende doen (want er is nog wel behoorlijk wat mis op je PC) :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\ssowu.sys

c:\documents and settings\All Users\Application Data\3NbA558.dat

Folder::

c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih

Driver:

ssowu

Renv::

c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exec:\program files\LogMeIn\x86\logmeinsystray .exec:\program files\McAfee\Managed VirusScan\DesktopUI\xtray .exec:\program files\ScanSoft\PaperPort\Ereg\ereg .exe

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“070700Setup.exe"=-

"rywfeceu"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"rmnzhp"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"tcyz46"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een logje van HijackThis en Malwarebytes.

Link naar reactie
Delen op andere sites

Oke! Zal in het vervolg de volgorde wijzigen.

Maar hierbij de logjes:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:57:53, on 21-7-2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE

C:\WINDOWS\system32\HPZipm12.exe

c:\program files\printsupervision\www\bin\printsupervisor.exe

C:\Program Files\PrintSuperVision\www\bin\PSVWebServer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Program Files\Davton\SyncManager\SyncController.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

F:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SnelStart\v850\SnelStart.exe

C:\Program Files\Internet Explorer\iexplore.exe

F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Documents and Settings\jetske.BLIKGROEP.001\Bureaublad\mbam-setup-1.46.exe

C:\DOCUME~1\JETSKE~1.001\LOCALS~1\Temp\is-SPAN6.tmp\mbam-setup-1.46.tmp

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100412125503.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [rmnzhp] RUNDLL32.EXE C:\WINDOWS\system32\mswyxtnd.dll,w

O4 - HKCU\..\Run: [HyvesDesktop.exe] F:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [070700Setup.exe] C:\Documents and Settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe

O4 - HKCU\..\Run: [rywfeceu] C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\jetske\LOCALS~1\Temp\l84alx.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')

O4 - Startup: Davton SyncController.lnk = F:\Program Files\Davton\SyncManager\SyncController.exe

O4 - Startup: _uninst_setup_9.0.0.722_13.05.2010_11-29[1].exe.lnk = C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Temp\_uninst_setup_9.0.0.722_13.05.2010_11-29[1].exe.bat

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: McAfee Security-as-a-Service Beta (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: McAfee (HKLM)

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: McAfee Security-as-a-Service Beta (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: McAfee (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blikgroep.local

O17 - HKLM\Software\..\Telephony: DomainName = blikgroep.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blikgroep.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blikgroep.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = blikgroep.local

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate1c9ea67d83d282c) (gupdate1c9ea67d83d282c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe

O23 - Service: McAfee antivirus- en antispywareservice (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OKI OPHJ DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrintSuperVisor - - c:\program files\printsupervision\www\bin\printsupervisor.exe

O23 - Service: PSVWebServer - - C:\Program Files\PrintSuperVision\www\bin\PSVWebServer.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 12030 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4334

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

21-7-2010 12:11:43

mbam-log-2010-07-21 (12-11-43).txt

Scantype: Snelle scan

Objecten gescand: 208613

Verstreken tijd: 12 minuut/minuten, 40 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 5

Registerwaarden geïnfecteerd: 2

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rywfeceu (Rogue.AntivirusSuite.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Downloader) -> No action taken.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

ComboFix 10-07-20.03 - jetske 21-07-2010 13:25:26.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1036 [GMT 2:00]

Gestart vanuit: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\jetske.BLIKGROEP.001\Bureaublad\CFScript.txt

AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

FILE ::

"c:\documents and settings\All Users\Application Data\3NbA558.dat"

"c:\windows\system32\drivers\ssowu.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\3NbA558.dat

c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih

c:\windows\system32\drivers\ssowu.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ssowu

-------\Service_ssowu

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))

.

2010-07-21 09:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-21 09:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 09:57 . 2010-07-21 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\documents and settings\jetske\Application Data\IObit

2010-07-20 18:02 . 2010-07-20 18:02 -------- d-----w- c:\program files\IObit

2010-07-20 17:33 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-07-20 17:33 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-07-20 17:33 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-07-20 17:33 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 11:36 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat

2010-07-21 11:36 . 2008-01-21 21:10 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat

2010-07-21 06:30 . 2009-09-08 09:27 -------- d-----w- c:\program files\LogMeIn

2010-07-20 17:34 . 2008-01-20 15:38 235528 ----a-w- c:\documents and settings\jetske\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-20 11:44 . 2010-05-25 14:49 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\BitTorrent

2010-07-01 12:53 . 2009-08-17 15:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-06-30 09:16 . 2008-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-06-24 07:43 . 2009-09-08 09:30 235528 ----a-w- c:\documents and settings\jetske.BLIKGROEP.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-23 06:07 . 2010-06-23 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD6.tmp.exe

2010-06-14 13:57 . 2008-03-02 15:30 -------- d-----w- c:\program files\HQ2K1

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\IDMComp

2010-05-25 17:47 . 2010-05-25 17:47 -------- d-----w- c:\program files\IDM Computer Solutions

2010-05-25 15:58 . 2010-05-25 15:58 -------- d-----w- c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Artisteer

2010-05-14 17:25 . 2010-05-14 17:25 3688883 -c--a-r- C:\ComboFix.exe

2010-05-14 13:24 . 2010-05-14 13:24 388096 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-26 08:42 . 2001-09-07 13:00 90586 ----a-w- c:\windows\system32\perfc013.dat

2010-04-26 08:42 . 2001-09-07 13:00 508910 ----a-w- c:\windows\system32\perfh013.dat

2010-04-25 21:25 . 2010-04-05 15:13 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-04-25 21:25 . 2010-04-05 15:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-04-25 21:25 . 2010-04-05 15:13 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys

.

<pre>
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\LogMeIn\x86\logmeinsystray .exe
c:\program files\McAfee\Managed VirusScan\DesktopUI\xtray .exe
c:\program files\ScanSoft\PaperPort\Ereg\ereg .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HyvesDesktop.exe"="f:\progra~1\HYVESD~1\bin\HYVESD~1.EXE" [N/A]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]

"070700Setup.exe"="c:\documents and settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-08 413696]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]

c:\documents and settings\jetske.BLIKGROEP.001\Menu Start\Programma's\Opstarten\

Davton SyncController.lnk - f:\program files\Davton\SyncManager\SyncController.exe [2009-11-9 55320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-02 09:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jetske^Menu Start^Programma's^Opstarten^Back2zip.lnk]

path=c:\documents and settings\jetske\Menu Start\Programma's\Opstarten\Back2zip.lnk

backup=c:\windows\pss\Back2zip.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-01-11 17:54 623992 ----a-w- f:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-09-16 00:37 57344 ----a-w- f:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2008-02-19 07:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 01:03 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 01:41 49152 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-10-11 18:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]

c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MChk]

c:\windows\system32\pjayp.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]

c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]

c:\windows\system32\net.net [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-10-11 18:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-08 14:10 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sta]

cjayp.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-18 09:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2004-08-04 01:03 144384 ----a-w- c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

2002-07-02 16:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

R0 74025872;74025872 Boot Guard Driver;c:\windows\system32\drivers\74025872.sys [21-4-2010 21:41 37392]

R1 74025871;74025871;c:\windows\system32\drivers\74025871.sys [21-4-2010 21:41 128016]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [20-1-2008 15:28 4064]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [13-3-2009 12:48 14144]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-8-2008 12:41 12856]

R2 myAgtSvc;McAfee antivirus- en antispywareservice;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [13-3-2009 12:48 282824]

R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [13-5-2008 21:55 24576]

R2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [13-5-2008 21:49 24576]

R2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [13-5-2008 21:49 20480]

R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2-12-2008 23:28 30152]

S2 gupdate1c9ea67d83d282c;Google Updateservice (gupdate1c9ea67d83d282c);c:\program files\Google\Update\GoogleUpdate.exe [11-6-2009 09:40 133104]

S2 yfkjkuhb;IP Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 03:03 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

yfkjkuhb

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##blikgroep-sbs#algemeen]

\Shell\AutoRun\command - l:\recyco\avorun.exe

\Shell\open\command - l:\recyco\avorun.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-07-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-24 07:39]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 07:39]

2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{41E6CC9B-E058-4180-8839-A73F504F08FC}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

FF - ProfilePath - c:\documents and settings\jetske.BLIKGROEP.001\Application Data\Mozilla\Firefox\Profiles\8nlzcd97.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-21 13:39

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]

"ImagePath"="system32\drivers\atapi.kav"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,cd,6f,3a,57,3c,f9,43,93,ff,db,\

[HKEY_USERS\S-1-5-21-1957169964-2260404463-2707857471-1152\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77A66BAC-438B-B16B-0BE5-3FE1FA7CB304}*]

"nabhddajdlbbgibekgpjomhkfhmf"=hex:6a,61,6d,6c,6b,69,6f,63,62,6c,70,6d,67,6e,

69,6f,6b,65,68,68,00,6f

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(584)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(644)

c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2260)

c:\windows\system32\webcheck.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

f:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Voltooingstijd: 2010-07-21 13:50:32 - machine werd herstart

ComboFix-quarantined-files.txt 2010-07-21 11:50

ComboFix2.txt 2010-07-21 08:59

ComboFix3.txt 2010-05-14 17:57

Pre-Run: 8.397.324.288 bytes beschikbaar

Post-Run: 8.408.494.080 bytes beschikbaar

- - End Of File - - 2F11EAE131209DBCB43E9458635F59E9

Link naar reactie
Delen op andere sites


Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643

O4 - HKLM\..\Run: [rmnzhp] RUNDLL32.EXE C:\WINDOWS\system32\mswyxtnd.dll,w

O4 - HKCU\..\Run: [070700Setup.exe] C:\Documents and Settings\jetske.BLIKGROEP.001\Application Data\5519332BF49A1B58548B089D9099A731\070700Setup.exe

O4 - HKCU\..\Run: [rywfeceu] C:\Documents and Settings\jetske.BLIKGROEP.001\Local Settings\Application Data\rtnckmsih\iewbimrtssd.exe

O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\jetske\LOCALS~1\Temp\l84alx.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook

Klik op 'Fix checked' om de items te verwijderen.

Laat dan Malwarebytes opnieuw scannen. "No action taken" in je vorig log, zou er op kunnen wijzen dat je de aangteduide items niet hebt verwijderd. Indien die nu opnieuw opduiken in je MBAM-log kies dan voor "verwijderen".

Zet daarna een nieuw actueel logje van HijackThis en Malwarebytes in je volgende bericht.

Link naar reactie
Delen op andere sites

 Delen

×
×
  • Nieuwe aanmaken...