Alles uitgevoerd zoals gevraagd.
Hier volgt log van Combo Fix:
ComboFix 10-08-27.03 - Eigenaar 28/08/2010 11:03:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.196 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\ScanWizard 5
c:\documents and settings\Eigenaar\Bureaublad\Internet Explorer.lnk
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-28 ))))))))))))))))))))))))))))))
.
2010-08-27 21:23 . 2010-08-27 21:23 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\IObit
2010-08-27 21:23 . 2010-08-27 21:23 -------- d-----w- c:\program files\IObit
2010-08-15 18:57 . 2010-08-15 18:57 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 18:57 . 2010-08-15 18:57 -------- d-----w- c:\program files\Trend Micro
2010-08-15 18:24 . 2010-08-15 18:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-15 18:24 . 2010-08-15 18:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-15 18:24 . 2010-08-15 18:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-15 18:23 . 2010-08-15 18:23 -------- d-----w- C:\NVIDIA
2010-08-15 16:22 . 2010-08-15 16:22 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 08:50 . 2010-08-15 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-08-15 08:50 . 2010-08-15 18:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-13 22:53 . 2010-08-15 18:58 -------- d-----w- c:\program files\PCPitstop
2010-08-13 22:53 . 2010-08-15 18:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop
2010-08-13 18:31 . 2010-08-13 18:31 -------- d-----w- c:\program files\CodeStuff
2010-08-13 07:57 . 2010-08-13 07:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-12 22:36 . 2010-08-28 07:49 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2010-08-12 21:52 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-12 21:47 . 2010-08-12 22:09 -------- d-----w- c:\program files\Windows Defender
2010-08-12 21:44 . 2010-08-12 21:44 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-12 21:42 . 2010-08-12 21:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
2010-08-12 21:42 . 2010-08-12 21:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-12 21:30 . 2010-08-12 21:30 163561 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-08-12 19:42 . 2010-08-05 12:38 2972672 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET\PcCloneEX\Uninstall.exe
2010-08-05 12:38 . 2010-08-05 12:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-08-05 12:38 . 2010-08-12 19:42 -------- d-----w- c:\program files\PcCloneEX
2010-08-04 16:39 . 2010-08-07 07:07 -------- d-----w- c:\documents and settings\Eigenaar\RescuePRO
2010-08-04 16:34 . 2010-08-04 16:32 286720 ----a-w- c:\windows\iun507.exe
2010-08-04 16:33 . 2010-08-04 16:34 -------- d-----w- c:\program files\RescuePRO Deluxe
2010-08-04 13:54 . 2010-08-04 13:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MYPCTuneUp
2010-08-04 12:40 . 2010-08-04 12:40 503808 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\msvcp71.dll
2010-08-04 12:40 . 2010-08-04 12:40 12800 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-4d5ced84-n\decora-d3d.dll
2010-08-04 12:40 . 2010-08-04 12:40 499712 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\jmc.dll
2010-08-04 12:40 . 2010-08-04 12:40 61440 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-4d5ced84-n\decora-sse.dll
2010-08-04 12:40 . 2010-08-04 12:40 348160 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-28 09:06 . 2009-05-01 21:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\uTorrent
2010-08-28 07:13 . 2009-05-01 20:40 -------- d-----w- c:\program files\uTorrent
2010-08-15 18:25 . 2009-04-22 22:06 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-14 12:00 . 2004-10-06 00:26 17408 ----a-w- c:\windows\system32\drivers\usbcrft.sys
2010-08-13 21:44 . 2009-05-02 15:51 -------- d-----w- c:\program files\Bonjour
2010-08-13 19:25 . 2009-04-26 22:44 87388 ----a-w- c:\windows\system32\perfc013.dat
2010-08-13 19:25 . 2009-04-26 22:44 502724 ----a-w- c:\windows\system32\perfh013.dat
2010-08-12 22:36 . 2009-10-05 21:07 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Media Player Classic
2010-08-12 22:29 . 2009-05-01 20:39 -------- d-----w- c:\program files\CCleaner
2010-08-12 21:30 . 2009-05-01 19:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\River Past G5
2010-08-12 21:30 . 2009-12-28 20:13 -------- d-----w- c:\program files\Common Files\River Past
2010-08-12 21:14 . 2009-09-16 13:46 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Apple Computer
2010-08-12 21:14 . 2004-10-05 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 21:14 . 2009-05-13 14:30 -------- d-----w- c:\program files\Home Cinema
2010-08-12 19:45 . 2009-06-17 18:39 -------- d-----w- c:\program files\Crawler
2010-08-09 19:19 . 2002-12-31 22:10 -------- d-----w- c:\program files\ScanWizard 5
2010-08-05 20:16 . 2004-10-24 11:34 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 20:15 . 2004-10-24 11:34 -------- d-----w- c:\program files\Java
2010-08-05 13:39 . 2009-04-26 21:09 141176 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-21 09:03 . 2010-07-21 09:03 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Lite
2010-07-17 03:00 . 2010-05-16 19:51 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 11:46 . 2009-04-27 20:00 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33 . 2009-04-26 22:43 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2009-04-26 22:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2009-04-26 22:43 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-10-06 06:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-04-26 22:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-04-26 14:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2009-04-26 22:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-06-08 15:09 . 2009-06-08 15:09 4575552 ----a-w- c:\program files\OutlookConnector.exe
2009-05-03 13:44 . 2009-05-03 13:42 16976752 ----a-w- c:\program files\IE8-WindowsXP-x86-NLD.exe
2009-05-03 13:22 . 2009-05-03 13:22 1091264 ----a-w- c:\program files\oggcodecs_0.81.15562-win32.exe
2009-05-01 20:20 . 2009-05-01 20:20 243204 ----a-w- c:\program files\unlocker1.8.7.exe
2009-05-01 19:25 . 2009-05-01 19:25 1306687 ----a-w- c:\program files\remote_x10_dx.exe
2009-05-01 16:00 . 2009-05-01 16:00 30075904 ----a-w- c:\program files\avira_antivir_personal_en.exe
2009-04-30 21:25 . 2009-04-30 21:25 2585872 ----a-w- c:\program files\WindowsInstaller-KB893803-v2-x86.exe
2009-03-07 11:39 . 2009-05-04 19:18 97 ----a-w- c:\program files\Spyware Doctor License Code.txt
2009-03-04 04:44 . 2009-05-04 19:18 18190616 ----a-w- c:\program files\sdasetup.exe
2002-06-04 07:59 . 2002-06-04 07:59 204800 ----a-w- c:\program files\Restoration.exe
2002-06-04 07:53 . 2002-06-04 07:53 8127 ----a-w- c:\program files\README.txt
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
æTorrent.lnk - c:\program files\uTorrent\utorrent.exe [2009-5-1 328568]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2009-9-19 339968]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [30/12/2009 18:34 902432]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [30/12/2009 18:34 2326920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/05/2009 18:02 108289]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [30/12/2009 18:34 159168]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [6/10/2004 1:38 1287296]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23/10/2004 14:49 24704]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [6/10/2004 2:27 19928]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?]
S1 immpncdv;immpncdv;\??\c:\windows\system32\drivers\ immpncdv.sys --> c:\windows\system32\drivers\immpncdv.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\usbcrft.sys [6/10/2004 2:26 17408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pc tplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2010-08-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-08-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-08-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-08-28 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-27 16:08]
2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{DA800A99-758F-4427-B51E-B27D91B0DBE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{ED978EBE-5B95-496F-96BC-BDB0F0990D01}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-CTFMON - (no file)
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 11:11
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\ð•€|ÿÿÿÿ.•€|þ»Ñw*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
Voltooingstijd: 2010-08-28 11:14:03
ComboFix-quarantined-files.txt 2010-08-28 09:14
Pre-Run: 57.321.717.760 bytes beschikbaar
Post-Run: 58.611.617.792 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 192EA00E2E24B3E26251259D5386E510
Favorieten/bladwijzers