Ga naar inhoud

antimalware doctor

evaa
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Je JAVA is dus wel antiek ... gaan we eerst wat aan doen. Laat ondertussen die tweede scan met Comodo maar even voor wat het waard is. Dat pikken we op met Combofix (zie hierna).

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6 Update 20.

  • Scroll omlaag naar : "Java SE Runtime Environment (JRE) 6 Update 20".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer Windows
  • Vink aan: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement", en klik op Continue.
  • De pagina zal herladen.
  • Klik op de jre-6u20-windows-i586.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u20-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites
evaa Groentje

evaa

Geplaatst:
  • Auteur
Geplaatst:

zo, hier is 'm

ComboFix 10-06-17.03 - Administrator 18/06/2010 19:54:54.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2047.1525 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0

c:\documents and settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\enemies-names.txt

c:\documents and settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\local.ini

c:\documents and settings\Administrator\Menu Start\Programma's\Antimalware Doctor

c:\documents and settings\Administrator\Menu Start\Programma's\Antimalware Doctor\Antimalware Doctor.lnk

c:\documents and settings\Administrator\Menu Start\Programma's\Antimalware Doctor\Uninstall.lnk

c:\documents and settings\All Users\Application Data\hpe1928.dll

c:\documents and settings\All Users\Application Data\hpeE99.dll

C:\Thumbs.db

c:\windows\system32\Thumbs.db

c:\windows\system32\win.com

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-18 to 2010-06-18 ))))))))))))))))))))))))))))))

.

2010-06-18 17:16 . 2010-06-18 17:16 -------- d-----w- c:\program files\Common Files\Java

2010-06-18 17:15 . 2010-06-18 17:15 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 15:12 . 2010-06-18 15:12 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2010-06-18 14:58 . 2010-06-18 14:58 -------- d-----w- c:\program files\CCleaner

2010-06-18 13:09 . 2010-06-18 13:09 -------- d-----w- C:\VritualRoot

2010-06-18 13:09 . 2010-06-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2010-06-18 13:09 . 2010-06-18 17:49 1170560 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-06-18 13:07 . 2010-06-18 13:07 -------- d-----w- c:\program files\COMODO

2010-06-18 12:46 . 2010-06-18 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

2010-06-18 07:04 . 2010-06-18 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-18 07:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-18 07:03 . 2010-06-18 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-18 07:03 . 2010-06-18 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-18 07:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-17 16:44 . 2010-06-17 16:44 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-17 16:44 . 2010-06-17 16:44 -------- d-----w- c:\program files\Trend Micro

2010-06-17 16:22 . 2010-06-17 16:22 -------- d-----w- C:\Street-Ads

2010-06-12 11:23 . 2010-06-12 11:23 -------- d-----w- c:\documents and settings\Laude\Application Data\Office Genuine Advantage

2010-06-11 14:59 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-06 08:55 . 2010-06-06 08:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics

2010-06-04 19:27 . 2010-06-04 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage

2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\l2schemas

2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\nl

2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\bits

2010-06-03 19:47 . 2010-06-03 19:47 -------- d-----w- c:\documents and settings\Adm

2010-06-03 18:55 . 2010-06-03 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson

2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll

2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-05-28 05:13 . 2010-05-28 05:13 503808 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcp71.dll

2010-05-28 05:13 . 2010-05-28 05:13 499712 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\jmc.dll

2010-05-28 05:13 . 2010-05-28 05:13 348160 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcr71.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-18 17:53 . 2002-12-31 12:00 87416 ----a-w- c:\windows\system32\perfc013.dat

2010-06-18 17:53 . 2002-12-31 12:00 502200 ----a-w- c:\windows\system32\perfh013.dat

2010-06-18 17:05 . 2008-02-12 21:51 -------- d-----w- c:\program files\Google

2010-06-18 17:05 . 2008-02-16 21:11 -------- d-----w- c:\program files\Java

2010-06-18 13:14 . 2008-02-12 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-17 11:40 . 2009-03-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 3

2010-06-17 09:54 . 2009-02-13 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-12 12:35 . 2008-11-12 22:03 85488 ----a-w- c:\documents and settings\Laude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-05 06:25 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWirePlus

2010-06-04 21:46 . 2009-11-10 15:55 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-04 07:47 . 2008-02-12 22:23 85488 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-04 06:38 . 2008-02-13 04:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-05-26 20:42 . 2009-01-14 22:28 1388 ----a-w- c:\documents and settings\Administrator\Application Data\ViewerApp.dat

2010-05-06 10:37 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 12:02 . 2010-05-02 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2010-05-02 11:57 . 2008-02-12 22:16 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-02 11:57 . 2010-05-02 11:54 -------- d-----w- c:\program files\epson

2010-05-02 11:57 . 2008-02-12 22:12 -------- d-----w- c:\program files\Common Files\InstallShield

2010-05-02 11:57 . 2010-05-02 11:56 -------- d-----w- c:\program files\Epson Software

2010-05-02 11:56 . 2010-05-02 11:56 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint

2010-05-02 08:10 . 2002-12-31 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-04-20 05:35 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-08 07:57 . 2010-04-08 07:57 664 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\d3d9caps.tmp

2010-03-22 06:52 . 2010-01-06 17:17 84712 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-06-21 20:05 . 2008-06-21 20:01 10963280 ----a-w- c:\program files\setup-beid-runtime-2.6_tcm147-9841.zip

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]

"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"nxpOEAPI"="c:\program files\NXPowerLite\loadnxploeaddin.exe" [2009-06-01 91520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk

backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk

backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-02-07 15:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

2007-03-21 13:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-05-03 20:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/06/2010 19:00 15464]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/06/2010 11:55 229312]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/06/2010 19:00 25240]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7/03/2010 16:17 27632]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/02/2008 0:55 715248]

S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]

S2 gupdate1c98e04a0ad2bce;Google Updateservice (gupdate1c98e04a0ad2bce);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 19:58 133104]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7/03/2010 16:17 90112]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536]

S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/02/2009 15:12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/02/2009 15:12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/02/2009 15:12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/02/2009 15:12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/02/2009 15:12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/02/2009 15:12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/02/2009 15:12 115752]

.

Inhoud van de 'Gedeelde Taken' map

2010-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-18 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-16 11:27]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58]

2010-06-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.skynet.be/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-18 19:58

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-2147133873-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2010-06-18 19:59:33

ComboFix-quarantined-files.txt 2010-06-18 17:59

Pre-Run: 67.065.323.520 bytes beschikbaar

Post-Run: 67.621.462.016 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AA00A0CE7391CA8500F36F34B0DCDDE2

ik kreeg wel een melding ivm cd emulation drivers die tijdelijk uitgeschakeld zouden worden.

groetjes!

Eva

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

En laat dan Comodo eens opnieuw scannen. Het resultaat mag je in je volgende bericht hangen.

Link naar reactie
Delen op andere sites
evaa Groentje

evaa

Geplaatst:
  • Auteur
Geplaatst:

zo, dat geeft het volgende:

ComboFix 10-06-18.03 - Administrator 19/06/2010 11:15:29.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2047.1628 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))))

.

2010-06-18 17:16 . 2010-06-18 17:16 -------- d-----w- c:\program files\Common Files\Java

2010-06-18 17:15 . 2010-06-18 17:15 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 15:12 . 2010-06-19 09:05 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2010-06-18 14:58 . 2010-06-18 14:58 -------- d-----w- c:\program files\CCleaner

2010-06-18 13:09 . 2010-06-18 13:09 -------- d-----w- C:\VritualRoot

2010-06-18 13:09 . 2010-06-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2010-06-18 13:09 . 2010-06-19 09:07 1285329 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-06-18 13:07 . 2010-06-18 13:07 -------- d-----w- c:\program files\COMODO

2010-06-18 12:46 . 2010-06-18 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

2010-06-18 07:04 . 2010-06-18 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-18 07:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-18 07:03 . 2010-06-18 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-18 07:03 . 2010-06-18 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-18 07:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-17 16:44 . 2010-06-17 16:44 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-17 16:44 . 2010-06-17 16:44 -------- d-----w- c:\program files\Trend Micro

2010-06-17 16:22 . 2010-06-17 16:22 -------- d-----w- C:\Street-Ads

2010-06-12 11:23 . 2010-06-12 11:23 -------- d-----w- c:\documents and settings\Laude\Application Data\Office Genuine Advantage

2010-06-11 14:59 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-06 08:55 . 2010-06-06 08:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics

2010-06-04 19:27 . 2010-06-04 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage

2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\l2schemas

2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\nl

2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\bits

2010-06-03 19:47 . 2010-06-03 19:47 -------- d-----w- c:\documents and settings\Adm

2010-06-03 18:55 . 2010-06-03 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson

2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll

2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-05-28 05:13 . 2010-05-28 05:13 503808 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcp71.dll

2010-05-28 05:13 . 2010-05-28 05:13 499712 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\jmc.dll

2010-05-28 05:13 . 2010-05-28 05:13 348160 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcr71.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-19 09:16 . 2002-12-31 12:00 87416 ----a-w- c:\windows\system32\perfc013.dat

2010-06-19 09:16 . 2002-12-31 12:00 502200 ----a-w- c:\windows\system32\perfh013.dat

2010-06-18 17:05 . 2008-02-12 21:51 -------- d-----w- c:\program files\Google

2010-06-18 17:05 . 2008-02-16 21:11 -------- d-----w- c:\program files\Java

2010-06-18 13:14 . 2008-02-12 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-17 11:40 . 2009-03-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 3

2010-06-17 09:54 . 2009-02-13 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-12 12:35 . 2008-11-12 22:03 85488 ----a-w- c:\documents and settings\Laude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-05 06:25 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWirePlus

2010-06-04 21:46 . 2009-11-10 15:55 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-04 07:47 . 2008-02-12 22:23 85488 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-04 06:38 . 2008-02-13 04:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-05-26 20:42 . 2009-01-14 22:28 1388 ----a-w- c:\documents and settings\Administrator\Application Data\ViewerApp.dat

2010-05-06 10:37 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 12:02 . 2010-05-02 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2010-05-02 11:57 . 2008-02-12 22:16 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-02 11:57 . 2010-05-02 11:54 -------- d-----w- c:\program files\epson

2010-05-02 11:57 . 2008-02-12 22:12 -------- d-----w- c:\program files\Common Files\InstallShield

2010-05-02 11:57 . 2010-05-02 11:56 -------- d-----w- c:\program files\Epson Software

2010-05-02 11:56 . 2010-05-02 11:56 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint

2010-05-02 08:10 . 2002-12-31 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-04-20 05:35 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-08 07:57 . 2010-04-08 07:57 664 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\d3d9caps.tmp

2010-03-22 06:52 . 2010-01-06 17:17 84712 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-06-21 20:05 . 2008-06-21 20:01 10963280 ----a-w- c:\program files\setup-beid-runtime-2.6_tcm147-9841.zip

.

((((((((((((((((((((((((((((( SnapShot@2010-06-18_17.58.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-19 09:11 . 2010-06-19 09:11 16384 c:\windows\Temp\Perflib_Perfdata_2f8.dat

+ 2010-06-19 09:11 . 2010-06-19 09:11 16384 c:\windows\Temp\Perflib_Perfdata_208.dat

+ 2002-12-31 12:00 . 2010-06-19 09:16 68470 c:\windows\system32\perfc009.dat

- 2002-12-31 12:00 . 2010-06-18 17:53 68470 c:\windows\system32\perfc009.dat

+ 2002-12-31 12:00 . 2010-06-19 09:16 435574 c:\windows\system32\perfh009.dat

- 2002-12-31 12:00 . 2010-06-18 17:53 435574 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]

"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"nxpOEAPI"="c:\program files\NXPowerLite\loadnxploeaddin.exe" [2009-06-01 91520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk

backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk

backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-02-07 15:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

2007-03-21 13:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-05-03 20:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/06/2010 19:00 15464]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/06/2010 11:55 229312]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/06/2010 19:00 25240]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7/03/2010 16:17 27632]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/02/2008 0:55 715248]

S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]

S2 gupdate1c98e04a0ad2bce;Google Updateservice (gupdate1c98e04a0ad2bce);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 19:58 133104]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7/03/2010 16:17 90112]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536]

S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/02/2009 15:12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/02/2009 15:12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/02/2009 15:12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/02/2009 15:12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/02/2009 15:12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/02/2009 15:12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/02/2009 15:12 115752]

.

Inhoud van de 'Gedeelde Taken' map

2010-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-16 11:27]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58]

2010-06-19 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.skynet.be/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-19 11:21

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-2147133873-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2010-06-19 11:22:24

ComboFix-quarantined-files.txt 2010-06-19 09:22

ComboFix2.txt 2010-06-19 08:50

ComboFix3.txt 2010-06-18 17:59

Pre-Run: 69.136.748.544 bytes beschikbaar

Post-Run: 69.128.650.752 bytes beschikbaar

- - End Of File - - 609003C3108356F35DE4D29AD202C797

groetjes en 'n fijn weekend

Eva

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.