Antimalware Doctor volledig verwijderen, maar hoe?

[daverend]

ComboFix 10-07-21.01 - Compaq_Eigenaar 22-07-2010 3:22.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.959.439 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Compaq_Eigenaar\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::

"c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Ask.com

c:\program files\Ask.com\btn_search.png

c:\program files\Ask.com\limewire_logo.png

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ewznc

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-22 to 2010-07-22 ))))))))))))))))))))))))))))))

.

2010-07-22 01:07 . 2010-07-22 01:07 -------- d--h--r- c:\documents and settings\Compaq_Eigenaar\Onlangs geopend

2010-07-20 22:46 . 2010-07-20 22:46 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\TeamViewer

2010-07-20 22:46 . 2010-07-20 22:46 -------- d-----w- c:\program files\TeamViewer

2010-07-20 07:49 . 2010-07-20 07:49 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\ProgSense

2010-07-20 07:37 . 2010-07-20 07:37 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\GrabPro

2010-07-19 19:26 . 2010-07-19 19:55 -------- d-----w- c:\program files\1-Click YouTube Downloader

2010-07-19 14:23 . 2010-07-19 14:23 -------- d-----w- c:\program files\Trend Micro

2010-07-19 13:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-19 13:38 . 2010-07-19 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-19 13:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-18 21:01 . 2010-07-19 11:36 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh

2010-07-18 16:09 . 2010-07-18 16:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 10:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-12 00:56 . 2010-07-12 00:56 322352 ----a-w- c:\program files\utorrent.exe

2010-07-11 23:13 . 2010-07-11 23:13 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\All Free YouTube Downloader

2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\All Free MP3 Cutter

2010-07-11 17:53 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll

2010-07-11 17:53 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll

2010-07-11 17:53 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll

2010-07-11 17:53 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll

2010-07-11 17:53 . 2005-04-15 10:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll

2010-07-11 17:53 . 2005-04-04 15:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll

2010-07-11 17:53 . 2005-03-29 05:57 2084864 ----a-w- c:\windows\system32\NCTAudioDesign2.dll

2010-07-11 17:53 . 2005-03-28 13:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll

2010-07-11 17:53 . 2005-03-28 13:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll

2010-07-11 17:53 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll

2010-07-11 17:53 . 2004-11-04 11:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll

2010-07-11 17:53 . 2010-07-11 17:53 -------- d-----w- c:\program files\All Free MP3 Cutter

2010-07-11 09:54 . 2010-07-11 09:54 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes

2010-07-11 09:54 . 2010-07-11 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-09 12:45 . 2010-07-09 12:45 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-05 18:02 . 2010-07-05 18:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-07-05 18:02 . 2010-07-15 14:19 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\skypePM

2010-07-05 18:01 . 2010-07-15 15:30 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Skype

2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\program files\Common Files\Skype

2010-07-05 18:00 . 2010-07-05 18:01 -------- d-----r- c:\program files\Skype

2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 17:01 . 2007-03-19 20:58 -------- d--h--w- c:\documents and settings\Compaq_Eigenaar\Application Data\uTorrent

2010-07-19 18:41 . 2007-03-22 03:56 -------- d--h--w- c:\documents and settings\Compaq_Eigenaar\Application Data\ImgBurn

2010-07-18 23:21 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire

2010-07-18 16:09 . 2008-06-18 07:42 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 16:09 . 2008-06-18 07:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-12 09:13 . 2007-10-21 22:16 -------- d-----w- c:\program files\MagicISO

2010-07-11 23:39 . 2009-08-25 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime

2010-07-11 23:38 . 2007-03-19 21:43 -------- d-----w- c:\program files\Yahoo!

2010-07-11 23:36 . 2006-06-29 08:11 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-11 23:36 . 2006-06-29 08:15 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-07-11 23:30 . 2007-01-01 22:00 -------- d-----w- c:\program files\SoundSpectrum

2010-06-11 21:36 . 2006-11-30 22:54 -------- d-----w- c:\program files\LimeWire

2010-06-04 17:24 . 2009-11-22 22:01 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-03 07:01 . 2007-02-23 07:22 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-02 17:51 . 2010-06-02 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-06-02 17:51 . 2008-06-18 07:41 -------- d-----w- c:\program files\AVG

2010-05-12 09:21 . 2009-10-03 00:40 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-04 17:21 . 2004-08-03 21:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:21 . 2009-07-24 23:25 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:21 . 2004-08-03 21:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-05-02 08:10 . 2004-08-03 21:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2007-09-09 14:46 . 2007-09-09 14:46 1740 -c--a-w- c:\program files\WinZip.lnk

2007-08-08 09:11 . 2007-08-08 09:11 1612 -c--a-w- c:\program files\QuickTime Player.lnk

2007-07-18 06:26 . 2007-07-18 06:26 1487 -c--a-w- c:\program files\DivX Movies.lnk

2007-07-18 06:26 . 2007-07-18 06:26 803 -c--a-w- c:\program files\DivX Player.lnk

2007-07-18 06:26 . 2007-07-18 06:26 814 -c--a-w- c:\program files\DivX Converter.lnk

2007-05-14 20:11 . 2007-05-14 20:11 1049 -c--a-w- c:\program files\Octoshape Streaming Services.lnk

2007-03-27 19:55 . 2007-03-27 19:55 9187 -c--a-w- c:\program files\bin2iso.zip

2007-03-25 21:50 . 2007-03-25 21:50 44823560 -c--a-w- c:\program files\TDA2-retail-2.1.9.90-install_EN.exe

2007-03-21 17:51 . 2007-03-21 17:51 765 -c--a-w- c:\program files\dvdXsoft DVD Ripper.lnk

2007-03-06 17:36 . 2007-03-06 17:36 2726335 -c--a-w- c:\program files\XstreamRadio_3.02a.exe

2007-02-18 00:10 . 2007-02-18 00:10 1932 -c--a-w- c:\program files\HP Documentviewer.lnk

2007-02-18 00:08 . 2007-02-18 00:08 1012 -c--a-w- c:\program files\HP Solution Center.lnk

2007-02-13 17:41 . 2007-02-13 17:41 212849 -c--a-w- c:\program files\hijackthis.zip

2007-01-16 11:32 . 2007-01-16 11:32 1748 -c--a-w- c:\program files\Adobe Reader 7.0.lnk

2006-11-26 02:36 . 2006-11-25 20:49 1585 -c--a-w- c:\program files\@Home Help.lnk

2006-06-29 08:33 . 2006-11-25 20:38 1877 -c--a-w- c:\program files\Te downloaden spellen.lnk

2006-06-29 08:30 . 2006-06-29 08:30 2018 -c--a-w- c:\program files\Help en ondersteuning.lnk

2006-06-29 08:25 . 2006-11-25 20:38 731 -c--a-w- c:\program files\Wizard softwareherstel.lnk

2006-06-29 08:18 . 2006-11-25 20:38 905 -c--a-w- c:\program files\RealPlayer.lnk

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"DataCardMonitor"="c:\program files\Internet Manager\DataCardMonitor.exe" [2009-08-29 249856]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk

backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WTGU.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\WTGU.lnk

backup=c:\windows\pss\WTGU.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Eigenaar^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]

path=c:\documents and settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2006-02-15 13:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-09-07 14:55 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-02-10 15:00 1937408 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2006-02-24 17:46 147456 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2005-07-22 13:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2004-12-13 17:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-03-08 04:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-06-29 08:18 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Octoshape Streaming Services\\Compaq_Eigenaar\\OctoshapeClient.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\utorrent.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-6-2008 9:42 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-6-2008 9:42 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2-6-2010 19:53 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18-7-2010 18:09 308136]

R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\system32\drivers\AWISp50.sys [15-3-2006 16:35 17664]

R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [27-8-2009 23:03 53307]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]

S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [15-9-2007 11:51 171264]

S3 STFSD;STFSD;\??\c:\program files\@Home\Playz Player\STFSD.SYS --> c:\program files\@Home\Playz Player\STFSD.SYS [?]

.

Inhoud van de 'Gedeelde Taken' map

2010-07-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR

IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll

Trusted Zone: rtl.nl\www

DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} - hxxp://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB

FF - ProfilePath - c:\documents and settings\Compaq_Eigenaar\Application Data\Mozilla\Firefox\Profiles\a008op1l.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.blackl.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\Compaq_Eigenaar\Application Data\Mozilla\plugins\npoctoshape.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Octoshape Streaming Services\Compaq_Eigenaar\octoprogram-L03-NMS0806110_SUA_000\npoctoshape.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-22 03:35

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DataCardMonitor = c:\program files\Internet Manager\DataCardMonitor.exe?t=c:\windo????????x+=?rogram files\Internet Manager\?TMP=c:\docume????????????rogram files\Internet Manager\DataCardMonitor.exe?genaar?USE????F?L?0?=?0?=?ments and Settings\Compaq_Eigenaar?windir=C:\WIN

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(640)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3488)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2010-07-22 03:47:23 - machine werd herstart

ComboFix-quarantined-files.txt 2010-07-22 01:47

ComboFix2.txt 2010-07-21 18:10

Pre-Run: 104.014.262.272 bytes beschikbaar

Post-Run: 104.006.131.712 bytes beschikbaar

- - End Of File - - 6AF880CCDAC2AA0C1E7B6DF645095630

[kape]

Verwijder nog volgende vetgedrukte map :

c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh

... en laat dan eens weten of er nog merkbare problemen zijn ?

[daverend]

c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh

Dit bestand is niet te vinden. (Heb verborgen mappen weergegeven). Als ik met 'Zoeken' probeer geeft deze ook geen resultaten weer. Wat nu?

Moet ik Combofix en HJT weer verwijderen van mijn pc?

U heeft nog geen antwoord gegeven op mijn vraag of ik er goed aan doe om een programma als bv. Rootkit Revealer om de zoveel tijd mijn pc te laten scannen.

Ik ben u nogmaals zeer dankbaar voor uw hulp en medewerking!!

(PS. Olivier1991: je kunt beter een nieuwe eigen topic aanmaken. De medewerkers van deze site helpen je dan verder).

EDIT : eigen topic aangemaakt voor Olivier1991 !

22 juli 2010 aangepast door kape

[kape]

Download en unzip Killbox naar je bureaublad.

In het veld "Full Path of File to Delete" kopieer en plak je het volgende:

c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh

Klik op de knop: Delete on Reboot

Klik op de knop: single file

Klik daarna op de rode cirkel met het wit kruisje erin.

Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

Je PC zal nu herstarten.

Daarna mag je HijackThis verwijderen via Software.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Rootkit Revealer moet je enkel inschakelen als je echt overtuigd bent van ernstige problemen. Is geen programma om in te passen in je normale scanbeurten.

That's it !