mijn account geeft virusmelding

[kape]

goede morgen kweezie wabbit,

waar vind ik deze lijn? ik zie ze niet tussen het HJT logje staan

grts peter

In het eerste logje van HJT zat deze lijn nog wel in, maar nu is die inderdaad niet meer aanwezig in je meest recente log.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  
• Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  
• Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.
  

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Mocht ook dit .exe-bestand niet lukken, dan zit je met een ernstig probleem. Is het zo dat enkel bij antivirus- en antispywareprogramma's de .exe-bestanden niet opstarten ? Of heb je dit ook bij alle andere .exe-files ?

14 september 2010 aangepast door kape

[manneke]

hoy Kape,

het is gelukt alles werkt terug bij mijn account

ff een vraagje wat doe ik met combofix?

hier volgd het logje

grts Peter

ComboFix 10-09-13.02 - kristel 14/09/2010 10:18:19.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1014.529 [GMT 2:00]

Gestart vanuit: c:\documents and settings\kristel.PC103131904424\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\peter.PC103131904424\Local Settings\Application Data\rhrlbdrnw

c:\documents and settings\peter.PC103131904424\Local Settings\Application Data\rhrlbdrnw\drqohbwuqiw.exe

c:\program files\autorun.inf

c:\windows\Logs\logg.dat

D:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-14 to 2010-09-14 ))))))))))))))))))))))))))))))

.

2010-09-14 08:13 . 2010-09-14 08:13 -------- d-----w- c:\documents and settings\kristel.PC103131904424\Application Data\AVG9

2010-09-13 07:22 . 2010-09-13 07:22 388096 ----a-r- c:\documents and settings\kristel.PC103131904424\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-13 06:39 . 2010-09-13 06:39 -------- d-----w- c:\documents and settings\kristel.PC103131904424\Application Data\Malwarebytes

2010-09-03 06:31 . 2010-09-08 17:41 -------- d--h--r- c:\documents and settings\peter.PC103131904424\Onlangs geopend

2010-08-31 14:31 . 2010-08-31 14:31 -------- d-----w- c:\documents and settings\peter.PC103131904424\Application Data\Malwarebytes

2010-08-31 14:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-31 14:30 . 2010-08-31 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-31 14:30 . 2010-08-31 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-31 14:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-31 05:59 . 2010-08-31 05:59 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-30 09:32 . 2010-08-30 09:41 -------- d-----w- c:\documents and settings\peter.PC103131904424\Application Data\VAP

2010-08-29 12:57 . 2010-08-29 12:57 -------- d-----w- c:\program files\server

2010-08-29 12:57 . 2010-08-29 12:57 -------- d-----w- c:\program files\htdocs

2010-08-29 12:57 . 2010-08-29 12:57 -------- d-----w- c:\program files\dlls

2010-08-29 09:23 . 2010-08-29 09:23 -------- d-----w- c:\documents and settings\peter.PC103131904424\Application Data\gtopala

2010-08-27 23:56 . 2010-08-29 13:06 65613 ----a-w- c:\program files\uninstall.dat

2010-08-27 23:56 . 2010-07-29 03:21 979968 ------w- c:\program files\CCcamControl.exe

2010-08-27 23:56 . 2009-03-22 18:25 514 ----a-w- c:\program files\runCCcamInfoPHP.cmd

2010-08-27 23:56 . 2009-01-31 13:54 32768 ----a-w- c:\program files\Uninstall.exe

2010-08-27 23:56 . 2004-05-04 08:53 1645320 ----a-w- c:\program files\gdiplus.dll

2010-08-26 02:08 . 2010-08-26 02:08 -------- d-sh--w- c:\documents and settings\kristel.PC103131904424\IECompatCache

2010-08-24 14:58 . 2010-08-31 08:40 -------- d-----w- c:\program files\SetEditVenton

2010-08-18 06:33 . 2010-08-18 06:33 -------- d-----w- c:\windows\system32\XPSViewer

2010-08-18 06:33 . 2010-08-18 06:33 -------- d-----w- c:\program files\Reference Assemblies

2010-08-18 06:33 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-08-18 06:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-18 06:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-18 06:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-18 06:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-18 06:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-08-18 06:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-18 06:32 . 2010-08-18 06:33 -------- d-----w- C:\ca8d73f111abec1ab0c133

2010-08-18 06:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-18 06:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-16 18:13 . 2010-08-24 14:56 -------- d-----w- c:\documents and settings\peter.PC103131904424\Application Data\mIRC

2010-08-16 17:29 . 2010-08-16 17:29 -------- d-----w- c:\program files\Uniblue

2010-08-16 12:53 . 2010-08-16 12:53 388096 ----a-r- c:\documents and settings\peter.PC103131904424\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-16 12:53 . 2010-08-16 12:53 -------- d-----w- c:\program files\Trend Micro

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-28 00:01 . 2010-08-27 23:52 6019 ------w- c:\program files\cardshare-forum-logo.jpg

2010-08-20 15:24 . 2010-08-06 22:12 83816 ----a-w- c:\documents and settings\peter.PC103131904424\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-18 14:35 . 2004-09-08 11:27 92034 ----a-w- c:\windows\system32\perfc013.dat

2010-08-18 14:35 . 2004-09-08 11:27 512434 ----a-w- c:\windows\system32\perfh013.dat

2010-08-18 06:33 . 2009-09-17 19:20 -------- d-----w- c:\program files\MSBuild

2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2010-08-14 19:17 . 2010-08-14 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Driver Whiz

2010-08-14 14:40 . 2010-08-14 14:40 -------- d-----w- c:\documents and settings\peter.PC103131904424\Application Data\Uniblue

2010-08-13 03:42 . 2010-08-13 03:42 61440 ----a-w- c:\documents and settings\kristel.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2b7234a9-n\decora-sse.dll

2010-08-13 03:42 . 2010-08-13 03:42 12800 ----a-w- c:\documents and settings\kristel.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2b7234a9-n\decora-d3d.dll

2010-08-13 03:42 . 2010-08-13 03:42 503808 ----a-w- c:\documents and settings\kristel.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2bcd9f-n\msvcp71.dll

2010-08-13 03:42 . 2010-08-13 03:42 499712 ----a-w- c:\documents and settings\kristel.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2bcd9f-n\jmc.dll

2010-08-13 03:42 . 2010-08-13 03:42 348160 ----a-w- c:\documents and settings\kristel.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f2bcd9f-n\msvcr71.dll

2010-08-12 19:15 . 2010-08-12 19:15 -------- d-----w- c:\program files\CCleaner

2010-08-12 19:00 . 2010-08-12 19:00 -------- d-----w- c:\program files\7-Zip

2010-08-12 05:36 . 2006-08-11 10:38 -------- d-----w- c:\program files\Google

2010-08-11 16:52 . 2009-09-17 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-11 04:55 . 2010-08-11 04:55 503808 ----a-w- c:\documents and settings\peter.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3eaa7a3a-n\msvcp71.dll

2010-08-11 04:55 . 2010-08-11 04:55 499712 ----a-w- c:\documents and settings\peter.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3eaa7a3a-n\jmc.dll

2010-08-11 04:55 . 2010-08-11 04:55 348160 ----a-w- c:\documents and settings\peter.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3eaa7a3a-n\msvcr71.dll

2010-08-11 04:55 . 2010-08-11 04:55 61440 ----a-w- c:\documents and settings\peter.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1e868ecc-n\decora-sse.dll

2010-08-11 04:55 . 2010-08-11 04:55 12800 ----a-w- c:\documents and settings\peter.PC103131904424\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1e868ecc-n\decora-d3d.dll

2010-08-11 04:55 . 2006-08-11 10:38 -------- d-----w- c:\program files\Common Files\Java

2010-08-11 04:55 . 2010-08-11 04:55 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-09 18:35 . 2010-08-09 18:35 -------- d-----w- c:\documents and settings\kristel.PC103131904424\Application Data\HP

2010-08-09 18:16 . 2009-09-17 18:50 -------- d-----w- c:\program files\Windows Live

2010-08-09 18:15 . 2010-08-09 18:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-08-09 18:09 . 2010-08-08 14:30 83816 ----a-w- c:\documents and settings\kristel.PC103131904424\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-09 15:36 . 2006-08-11 10:38 -------- d-----w- c:\program files\Microsoft Works

2010-08-09 15:23 . 2010-08-09 15:23 -------- d-----w- c:\documents and settings\peter.PC103131904424\Application Data\HP

2010-08-07 18:23 . 2009-09-17 16:59 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-07 16:52 . 2004-09-08 11:25 77315 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-08-07 08:26 . 2009-09-17 19:39 -------- d-----w- c:\program files\Eset

2010-08-07 08:08 . 2010-08-07 08:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-07 08:08 . 2010-08-07 08:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-07 08:08 . 2010-08-07 08:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-07 08:08 . 2010-08-07 08:08 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-08-07 08:02 . 2010-08-07 08:02 -------- d-----w- c:\program files\AVG

2010-08-07 08:02 . 2010-08-07 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-07 07:50 . 2006-08-11 10:38 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-07 07:49 . 2006-08-11 10:38 -------- d-----w- c:\program files\Symantec

2010-08-07 07:48 . 2006-08-11 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-08-07 04:56 . 2006-08-11 10:38 -------- d-----w- c:\program files\Hewlett-Packard

2010-08-07 04:56 . 2006-08-11 10:38 -------- d-----w- c:\program files\Easy Internet signup

2010-08-07 04:56 . 2006-08-11 10:38 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-07 04:56 . 2006-08-11 10:38 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-07 04:55 . 2006-08-11 10:38 -------- d-----w- c:\program files\Common Files\LightScribe

2010-08-07 04:55 . 2006-08-11 10:38 -------- d-----w- c:\program files\Common Files\HP

2010-08-07 04:55 . 2006-08-11 10:38 -------- d-----w- c:\program files\Apoint2K

2010-08-07 04:52 . 2010-08-08 14:30 -------- d-----w- c:\documents and settings\kristel.PC103131904424\Application Data\Symantec

2010-08-07 04:52 . 2006-08-11 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi

2010-08-06 22:35 . 2010-05-23 05:52 -------- d-----w- c:\program files\Mobistar Internet Everywhere

2010-08-06 22:15 . 2010-08-06 22:12 143 ----a-w- c:\documents and settings\peter.PC103131904424\Local Settings\Application Data\fusioncache.dat

2010-08-06 22:14 . 2010-08-06 22:12 1721 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EW878EA#UUG)_YN_0Pavi_Q2CE6140CQ4_E410235A42_46_I309D_SHP_V52.24_BF.12_T060120_WXH2_L413_M1015_J100_7Intel_8Pentium M_91.8_#060218_N10EC8139_(EW878EA#UUG)_XMOBILE_CN10_Z8086266D_2.MRK

2010-08-06 21:48 . 2006-08-11 10:38 -------- d-----w- c:\program files\HPQ

2010-08-04 09:20 . 2010-08-04 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2010-08-04 09:19 . 2010-08-04 09:19 -------- d-----w- c:\program files\Fighters

2010-08-03 11:26 . 2010-08-03 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft

2010-07-30 03:49 . 2010-08-27 23:56 4286 ----a-w- c:\program files\logo.ico

2010-06-30 12:33 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-04 08:00 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-24 03:01 . 2010-08-27 23:56 6646 ----a-w- c:\program files\pms_config.ini

2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2006-08-11 05:05 . 2009-09-18 01:38 0 --sha-w- c:\windows\SMINST\HPCD.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-07 2065760]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\kristel.PC103131904424\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/08/2010 10:08 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/08/2010 10:08 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/08/2010 10:05 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/08/2010 10:04 308136]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/08/2010 0:35 100736]

.

Inhoud van de 'Gedeelde Taken' map

2010-09-14 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-16 09:11]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

ActiveSetup-{9639B982-96DF-6556-3ACC-FB2E1A8200AE} - c:\docume~1\PETER~1.PC1\LOCALS~1\Temp\msx45\1.exe

ActiveSetup-{F4CB6D30-BE2E-E281-DC88-558710214830} - c:\windows\Logs\Microsoft.log

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-14 10:27

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?P???? ???B?????????????hLC? ??????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(672)

c:\windows\system32\igfxdev.dll

.

Voltooingstijd: 2010-09-14 10:29:29

ComboFix-quarantined-files.txt 2010-09-14 08:29

Pre-Run: 69.659.553.792 bytes beschikbaar

Post-Run: 72.186.834.944 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0F49F1F9159336730A1EC6C0818653CE

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

[manneke]

ok kape,

alles uitgevoerd zoals in het laatste bericht beschreven

hartelijk bedankt voor het hele pc-helpteam

doe zo verder topforum

we gaan dit topic als opgelost beschouwen

grts Peter