denk dat pc besmet is

[boefke36]

hoi juisterr hier het logje


ComboFix 08-03-18.1 - Mijn Pc 2008-03-19 19:20:56.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.434 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mijn Pc\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\mmhren1.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
.
2008-03-16 20:38 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-16 20:37 . 2008-03-16 20:38 <DIR> d-------- C:\Program Files\Java
2008-03-16 20:37 . 2008-03-16 20:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-16 18:53 . 2008-03-19 19:19 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-14 20:33 . 2008-03-14 20:33 <DIR> d-------- C:\Program Files\BearShare Applications
2008-03-14 20:33 . 2008-03-17 19:16 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\BearShare
2008-03-14 20:33 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-03-11 20:37 . 2008-03-13 17:58 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.bak
2008-03-11 17:09 . 2008-03-19 19:06 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-05 16:40 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-04 21:13 . 2008-03-04 21:15 <DIR> d-------- C:\Documents and Settings\Lara\Contacts
2008-03-04 21:11 . 2008-03-04 21:11 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\MSN6
2008-03-04 21:02 . 2008-03-12 19:12 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\SPAMfighter
2008-03-04 21:01 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara\Sjablonen
2008-03-04 21:01 . 2008-03-04 21:02 <DIR> dr-h----- C:\Documents and Settings\Lara\Onlangs geopend
2008-03-04 21:01 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara\Netwerkprinteromgeving
2008-03-04 21:01 . 2008-03-12 19:15 <DIR> dr------- C:\Documents and Settings\Lara\Mijn documenten
2008-03-04 21:01 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara\Menu Start
2008-03-04 21:01 . 2008-03-04 21:02 <DIR> dr------- C:\Documents and Settings\Lara\Favorieten
2008-03-04 21:01 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\Lara\Bureaublad
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-19 19:23 0 --a------ C:\WINDOWS\system.ini
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-19 18:09 --------- d-----w C:\Program Files\SPAMfighter
2008-03-14 21:08 --------- d-----w C:\Program Files\Kazaa Lite K++
2008-03-05 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 18:41 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-08 21:06 --------- d-----w C:\Program Files\Unity
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Inhoud van de 'Gedeelde Taken' map
"2007-03-24 11:37:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 15:00:08 C:\WINDOWS\Tasks\{69B2FB2F-DBCD-4C46-8E1E-25404F6499E6}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-02-29 15:00:08 C:\WINDOWS\Tasks\{CDEF5967-310E-48EE-908E-4B20132FC970}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-02-28 08:00:13 C:\WINDOWS\Tasks\{E10560A8-A027-4A79-B7FE-77089204A9CD}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exeL /Schedule=
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 19:23:53
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\IKEYRFK8.DLL
-> C:\WINDOWS\system32\Amhooker.dll
.
Voltooingstijd: 2008-03-19 19:25:26
.
2008-03-01 23:03:52 --- E O F ---

[Juisterr]

klik op avenger.exe
In het venster "Input Script here", plaats je deze tekst:


Files to delete:
C:\WINDOWS\system32\WLCtrl32.bak

C:\WINDOWS\mmhren1.exe



Klik daarna op de knop Execute.

[boefke36]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\WLCtrl32.bak" deleted successfully.
Error: file "C:\WINDOWS\mmhren1.exe" not found!
Deletion of file "C:\WINDOWS\mmhren1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.
*******************
Finished! Terminate.

[Juisterr]

Download en installeer CCleaner
(De CCLeaner Yahoo Toolbar is niet nodig)


Download Java Runtime Environment (JRE) 6u5.

• Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
• Klik op de "Download" knop aan de rechterkant.
• Vink aan: "Accept License Agreement", en klik op Continue.
• De pagina zal herladen.
• Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Start Ccleaner.
Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
Selecteer nu alleen de volgende items:
Internet Explorer:
- Tijdelijke Internet bestanden
Systeem:
- Prullenbak leegmaken
- Tijdelijke bestanden
klik nu in Ccleaner op opschonen (rechts onderaan).

Hoe gaat het nu.

[boefke36]

hoi juisterrr
denk dat probleem is op gelost merk geen hinder meer en pc werk goed
dus nogmaals thx voor je tijd die je hier aan besteed hebt.

[Juisterr]

Graag gedaan hoor.