weer een " virus scanner"

[huib73]

dank je voor je geduld; hier de logfile van combofix:

ComboFix 10-08-12.03 - neu 15-08-2010 0:08.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.630 [GMT 2:00]

Running from: c:\users\neu\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DFR89.tmp

c:\users\Martine\Local Settings\Temporary Internet Files\DD-gz0RJpC

c:\users\Martine\Local Settings\Temporary Internet Files\eRGO_uF-1Q

c:\users\Martine\Local Settings\Temporary Internet Files\eRGO_uF-1Qc208476

c:\users\Martine\Local Settings\Temporary Internet Files\xb2b2J8

c:\users\neu\Local Settings\Temporary Internet Files\DD-gz0RJpC

c:\users\neu\Local Settings\Temporary Internet Files\eRGO_uF-1Q

c:\users\neu\Local Settings\Temporary Internet Files\xb2b2J8

c:\windows\$NtUninstallMTF1011$

c:\windows\$NtUninstallMTF1011$\apUninstall.exe

c:\windows\$NtUninstallMTF1011$\zrpt.xml

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\sdra64.exe

Infected copy of c:\windows\system32\DRIVERS\intelppm.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))

.

2010-08-14 21:59 . 2008-04-13 18:31 36352 -c--a-w- c:\windows\system32\dllcache\intelppm.sys

2010-08-14 21:59 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys

2010-08-14 08:09 . 2010-08-14 08:09 -------- d-----w- c:\users\neu\Application Data\AVG9

2010-08-13 22:28 . 2010-07-23 15:22 43008 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-08-13 22:28 . 2010-07-23 15:22 338944 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-08-13 22:28 . 2010-07-23 15:22 346112 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-08-13 22:28 . 2010-07-23 15:22 1496064 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-08-13 20:02 . 2010-08-13 20:02 388096 ----a-r- c:\users\Martine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-13 20:00 . 2010-08-13 20:00 -------- d-----w- c:\users\Martine\Application Data\Malwarebytes

2010-08-13 19:59 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-13 19:59 . 2010-08-13 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-13 19:59 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-12 21:44 . 2010-08-14 22:25 784384 ----a-w- c:\windows\system32\drivers\jtjraig.sys

2010-08-12 21:43 . 2010-08-14 18:38 -------- d-----w- c:\users\neu\Local Settings\Application Data\yixedtvai

2010-08-12 21:42 . 2010-08-12 21:58 -------- d-----w- c:\users\neu\Application Data\F66A434C23CD1EDF55770408338A544E

2010-07-21 10:12 . 2010-07-21 10:12 1615200 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 10:12 . 2010-07-21 10:12 1373536 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-21 10:12 . 2010-07-21 10:12 1107296 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-21 10:12 . 2010-07-21 10:12 4368224 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgcorex.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-14 22:26 . 2010-01-23 12:15 -------- d-----w- c:\program files\Dl_cats

2010-08-13 22:15 . 2009-08-14 13:58 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-12 21:50 . 2009-07-30 19:50 -------- d-----w- c:\users\neu\Application Data\BitTorrent

2010-07-19 11:20 . 2010-07-13 19:42 -------- d-----w- c:\users\neu\Application Data\Belastingdienst

2010-07-18 14:28 . 2010-06-30 22:31 -------- d-----w- c:\users\neu\Application Data\vlc

2010-07-15 20:04 . 2010-07-15 20:04 242896 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-15 20:04 . 2010-07-15 20:04 216200 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-15 20:04 . 2009-07-13 17:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 20:04 . 2010-07-15 20:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 20:03 . 2009-07-13 17:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-15 20:01 . 2010-07-15 20:01 813336 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-15 20:01 . 2010-07-15 20:01 624920 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-15 20:01 . 2010-07-15 20:01 1690464 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-15 20:01 . 2010-07-15 20:01 1038688 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-06-23 22:24 . 2010-06-23 22:24 122352 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-06-23 05:19 . 2010-06-23 05:19 501936 ----a-w- c:\users\All Users\Application Data\Google\Google Toolbar\Update\gtb35.tmp.exe

2010-06-22 10:14 . 2010-02-15 16:41 -------- d-----w- c:\users\Martine\Application Data\vlc

2010-06-17 22:18 . 2010-03-08 05:41 -------- d-----w- c:\users\neu\Application Data\dvdcss

2010-06-14 14:31 . 2009-07-13 18:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-08 14:55 . 2009-07-13 19:07 48224 ----a-w- c:\users\Martine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-07 20:50 . 2009-07-13 19:49 48224 ----a-w- c:\users\neu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-07 19:14 . 2010-04-26 19:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-04 04:23 . 2009-07-13 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2010-01-24 15:02 . 2010-01-24 07:46 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352]

"TopDesk"="c:\windows\System32\topdesk.exe" [2007-06-20 1912832]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]

"Google Update"="c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-13 133104]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720]

"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-08-06 1230848]

"VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352]

"TopDesk"="c:\windows\System32\topdesk.exe" [2007-06-20 1912832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"ProfileFolderName"="hc" [X]

"CheckUpdates"="wuauclt" [X]

"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\NovaLogic\\Delta Force Task Force Dagger\\Update.exe"=

"c:\\Program Files\\NovaLogic\\Delta Force Task Force Dagger\\DFTFD.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26-4-2010 21:12 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13-7-2009 19:35 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13-7-2009 19:35 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15-7-2010 22:03 308136]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6-4-2010 10:44 90112]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27-8-2009 17:05 92008]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6-4-2010 10:44 27632]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 21:49 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 17:52 1352832]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [4-11-2006 3:19 13592]

--- Other Services/Drivers In Memory ---

*Deregistered* - jtjraig

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-04 00:07 11776 ----a-r- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-04 00:07 11776 ----a-r- c:\program files\Windows Sidebar\regsvr32.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:12]

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:49]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:49]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1001Core.job

- c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:39]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1001UA.job

- c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:39]

2010-08-14 c:\windows\Tasks\User_Feed_Synchronization-{7D778ED9-B444-4554-BF21-4B9AE0A800A4}.job

- c:\windows\system32\msfeedssync.exe [2007-09-23 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://vliegvissen.startpagina.nl/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://vliegvissen.startpagina.nl/prikbord/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=nl&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{127d6e99-a34f-39ba-eb0f-a3f76fd9b718}\components\tfvOw-8kok.dll

FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\neu\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-15 00:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jtjraig]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\(–€|ÿÿÿÿg•€|é•A~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3796)

c:\windows\system32\WININET.dll

c:\windows\System32\topdesk153.dll

c:\windows\System32\VttHooks.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SOUNDMAN.EXE

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dlcxcoms.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\windows\system32\wscntfy.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-08-15 00:29:29 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-14 22:29

ComboFix2.txt 2010-05-12 13:14

Pre-Run: 19.411.197.952 bytes free

Post-Run: 21.829.517.312 bytes free

- - End Of File - - 3518481B7B5CE7F9D5927097EF1CE9BC

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\jtjraig.sys

Driver::

jtjraig

Folder::

c:\users\neu\Application Data\F66A434C23CD1EDF55770408338A544E

c:\users\neu\Local Settings\Application Data\yixedtvai

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[huib73]

hallo, hier mn combofix en HJT logfiles:[ATTACH]5891[/ATTACH]

[ATTACH]5890[/ATTACH]

of heb je ze de volgende keer gewoon in het bericht gekopieerd?

combofix log 20100815-2.txt

HJT logfile 20100815-1.txt

[kape]

Beide logjes zien er nu piccobello uit

Zijn er nu nog merkbare problemen op je PC ?

[huib73]

dank je eigenlijk niet. wel heb ik in firefox nog steeds dat er een full page advertisement over de pagina heen komt. er is te klikken skip here, maar zo iets lijkt me toch niet de bedoeling... nu heb ik er een van Grepolis; een of andere game. soms krijg ik er ook een van zylom

hoe zou ik dat eruit kunnen krijgen?

o ja en hoe update ik mn JAVA? ik kan de oude versie niet via 'software' uit mn systeem gooien, daar hij niet in de lijst staat

[kape]

Eerst JAVA : ga naar deze map C:\Program Files\Java ... en verwijder daar alle java versies die als laatste onderdeel niet update 21 hebben (d.w.z. alles zoals dit jre1.6.0_02 tot jre1.6.0_20) mogen weg. Na deze verwijdering, download je dan de meest actuele versie zoals eerder aangegeven.

15 augustus 2010 aangepast door kape

[huib73]

done!

[kweezie wabbit]

Te laat

[huib73]

dank je , maar ik heb de java al uit mn pc gesloopt zoals eerder aangegeven. moet ik nu alsnog een cc cleaner door mn pc laten gaan om restbestanden te verwijderen? of is cc cleaner ergens anders voor?

verder heb ik nog steeds die hinderlijke pop up van Zylom over mn browser scherm heen. er staat dan rechts onder wel zon Skip tis maar ik zou hem in de eerste plaats al niet moeten krijgen. ik zag wel de nam Zylom in mn HJT file staan, maar wou deze regel niet ongevraagd weggooien...

[huib73]

hier een screenshot van de situatie: