Eveline, bedankt voor je hulp, ik ben er toch maar mee doorgegaan vandaag.
Ik heb in mijn hotmail de gegevens die je me opgaf gewijzigd,
dus nu maar afwachten zeker ?
Moest het binnen enkele weken niet opgelost zijn mag ik dan terugkomen voor
je goede raad/tips ?
Dan die ComboFix is me ook gelukt, ik doe het log hier bij :
ComboFix 10-12-24.01 - Swa 24/12/2010 19:16:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1379 [GMT 1:00]
Gestart vanuit: N:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101224-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Swa\Application Data\Desktopicon
c:\documents and settings\Swa\Application Data\Desktopicon\config.ini
c:\documents and settings\Swa\Onlangs geopend\Thumbs.db
c:\program files\Dcads Advanced Toolbar
c:\program files\INSTALL.LOG
C:\Thumbs.db
c:\windows\i386\csrss.exe
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\msconfig.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-11-24 to 2010-12-24 ))))))))))))))))))))))))))))))
.
2010-12-22 13:12 . 2010-12-22 13:12 388096 ----a-r- c:\documents and settings\Swa\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-15 09:16 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 09:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-09 10:51 . 2010-12-09 10:52 -------- dc-h--w- c:\windows\ie8
2010-12-08 14:17 . 2010-12-08 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-06 21:27 . 2010-12-06 21:27 -------- d-----w- c:\documents and settings\Swa\Application Data\DVDVideoSoftIEHelpers
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-20 17:09 . 2009-05-30 08:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-05-30 08:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:15 . 2007-04-06 13:02 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-04-17 11:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2007-04-18 15:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:23 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-03 23:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-03 23:03 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-03 12:27 . 2004-08-03 22:55 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-09-07 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-03 23:01 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2004-08-03 22:56 1853440 ----a-w- c:\windows\system32\win32k.sys
2002-07-28 20:40 . 2002-12-27 08:47 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\myBabylon_English\tbmyB2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-02 122939]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-02-01 58992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]
"WTClient"="WTClient.exe" [2009-03-17 32768]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-11-12 821384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2006-01-12 18:52 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-06 14:53 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-03-17 07:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-30 17:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlipViewer Library]
2007-08-09 06:37 390936 ----a-w- c:\program files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Ulead Calendar Checker"=c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
"Ulead AutoDetector"=c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe"
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\MDCCindia Technologies\\BFS\\Enterprise\\bfsent16.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/04/2009 16:26 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/04/2010 15:20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [7/04/2010 15:20 20560]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [11/03/2010 17:58 63488]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [12/11/2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12/11/2010 10:31 1145992]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sy s [7/06/2007 16:16 18944]
S2 gupdate1c9abf9ce305450;Google Update Service (gupdate1c9abf9ce305450);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 21:56 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2/07/2007 13:17 1527900]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sy s [23/04/2007 14:28 10752]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revofl t.sys [9/03/2010 11:03 27064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
2010-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-24 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 07:39]
2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:56]
2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:56]
2010-12-24 c:\windows\Tasks\User_Feed_Synchronization-{36574D9A-23FD-47F8-B6E6-0E59C665C7AD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
IE: &Google Search - c:\program files\google\googletoolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\googletoolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\googletoolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\googletoolbar1.dll/cmcache.html
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Swa\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Similar Pages - c:\program files\google\googletoolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\googletoolbar1.dll/cmtrans.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{E55E1F27-0001-491A-9480-AD3097F3DF20} - {E55E1F27-0001-4939-8396-DA2ADCD4B9C4} - c:\program files\irido\Printee for IE\Bin\Printee.dll
Handler: tool - {E55E1F27-0001-11DA-9914-0012F05EB2F7} - c:\program files\irido\Printee for IE\Bin\Printee.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.nl/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - (no file)
AddRemove-Hot_MP3 Toolbar - c:\progra~1\Hot_MP3\UNWISE.EXE
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 19:21
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-725345543-688789844-682003330-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{9B8A62DB-4A7A-C343-93D4-31EA08FFEAAB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaonbdecfcakfocjhcdfancfodbppb"=hex:61,69,65,68,6 1,66,6c,62,63,6d,6a,69,6b,67,
6a,6c,6f,6e,67,6c,6b,66,67,6c,69,6b,6d,6c,6d,6d,67 ,65,68,70,68,70,62,6c,6e,\
"iafophgkfmpdaglnge"=hex:6b,61,6a,67,70,67,6e,6d,6 2,68,65,6f,64,6d,68,65,6e,63,
6e,6e,68,70,00,00
"halmbdbpjailpjkb"=hex:6a,61,67,67,6d,6d,6b,6f,62, 68,65,6b,62,63,68,6f,6e,65,
67,70,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2010-12-24 19:23:34
ComboFix-quarantined-files.txt 2010-12-24 18:23
Pre-Run: 48.890.249.216 bytes beschikbaar
Post-Run: 48.881.623.040 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
- - End Of File - - C61CC8DD42CE4BBE781422B0DF778C9D
Toch nog prettige kerst en eet smakelijk
dank en groetjes
Favorieten/bladwijzers