Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Bedankt voor snelle reactie ;-) Hieronder Log

ComboFix 08-01-05.7 - Bieken 2008-01-05 15:15:45.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Bieken\Local Settings\Temporary Internet Files\Content.IE5\2EUH36P4\ComboFix[1].exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bieken\Application Data\macromedia\Flash Player\#SharedObjects\N95J8Y25\www.broadcaster.com
C:\Documents and Settings\Bieken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Bieken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\ctfmona.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))
.

2008-01-05 15:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:10 . 2008-01-05 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 11:31 . 2008-01-05 11:36 <DIR> d-------- C:\Program Files\AntiVirusPro
2008-01-05 11:31 . 2008-01-05 11:31 <DIR> d-------- C:\Documents and Settings\Bieken\Application Data\Anti-Virus-Pro.com
2008-01-05 11:30 . 2008-01-05 11:30 269,334 --a------ C:\WINDOWS\system32\elsjedsbqhgbep.bmp
2007-12-30 18:34 . 2008-01-04 20:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 18:30 . 2008-01-04 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 18:11 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-30 17:45 . 2008-01-05 11:37 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-13 10:54 . 2007-12-13 10:54 <DIR> dr-h----- C:\MSOCache
2007-12-10 21:24 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-10 21:22 . 2007-12-10 21:22 <DIR> d-------- C:\Program Files\photoshop
2007-12-10 20:45 . 2007-12-10 20:45 <DIR> d-------- C:\Program Files\Dcads Games Collection

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 17:30 --------- d-----w C:\Program Files\Google
2007-12-10 20:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 19:23 --------- d-----w C:\Documents and Settings\Bieken\Application Data\ArcSoft
2007-12-10 19:22 --------- d-----w C:\Program Files\LimeWire
2007-12-06 18:33 19,456 ----a-w C:\WINDOWS\system32\drivers\ohdrrymx.dat
2007-11-30 19:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-23 15:41 --------- d-----w C:\Program Files\TomTom HOME
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:41 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:41 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:58 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 16:58 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-03-08 17:20 384 ----a-w C:\Documents and Settings\Bieken\Application Data\internaldb6334.dat
2007-03-08 17:06 194 ----a-w C:\Documents and Settings\Bieken\Application Data\internaldb8467.dat
2007-03-08 17:06 18,432 ----a-w C:\Documents and Settings\Bieken\Application Data\internaldb41.dat
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A580B9-1FD5-459D-8A2E-2DF735817C52}]
2006-04-11 05:00 98048 --a------ C:\WINDOWS\system32\atmf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-04-11 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 05:40 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 09:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 09:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 09:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 01:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 10:34 192512]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 19:55 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05 212992]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-04-11 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"McRegWiz"="c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 13:41 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-04-11 05:00 15360]

C:\Muziek\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-16 15:30:41]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-10 21:26:07]
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-30 18:30:05]
HP Photosmart Premier Snelstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 khjwyyoe;khjwyyoe;C:\WINDOWS\system32\drivers\ohdrrymx.dat
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 00:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 21:39]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 12:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{069e73c0-3845-11dc-9214-0014a5f87835}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 15:20:20
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? [email protected]?????<[email protected]

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-05 15:20:58
ComboFix-quarantined-files.txt 2008-01-05 14:20:55
.
2007-12-13 16:26:22 --- E O F ---

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

waar vind ik combofix.exe ?
of kan ik dit opnieuw via je eerste link installeren?

heb het opnieuw gedownload en opgeslaan op bureaublad

de eerste keer had ik uitvoeren gekozen. nu vind ik het wel terug

log komt eraan

Inbijlage Log:


ComboFix 08-01-05.8 - Bieken 2008-01-05 16:14:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.551 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Bieken\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bieken\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\system32\atmf.dll
C:\WINDOWS\system32\drivers\ohdrrymx.dat
C:\WINDOWS\system32\elsjedsbqhgbep.bmp
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\WINDOWS\system32\atmf.dll
C:\WINDOWS\system32\drivers\ohdrrymx.dat
C:\WINDOWS\system32\elsjedsbqhgbep.bmp
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KHJWYYOE
-------\khjwyyoe


(((((((((((((((((((( Bestanden Gemaakt van 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))
.

2008-01-05 15:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:10 . 2008-01-05 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 11:31 . 2008-01-05 11:36 <DIR> d-------- C:\Program Files\AntiVirusPro
2008-01-05 11:31 . 2008-01-05 11:31 <DIR> d-------- C:\Documents and Settings\Bieken\Application Data\Anti-Virus-Pro.com
2007-12-30 18:34 . 2008-01-04 20:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 18:30 . 2008-01-04 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 18:11 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-30 17:45 . 2008-01-05 11:37 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-13 10:54 . 2007-12-13 10:54 <DIR> dr-h----- C:\MSOCache
2007-12-10 21:24 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-10 21:22 . 2007-12-10 21:22 <DIR> d-------- C:\Program Files\photoshop

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 17:30 --------- d-----w C:\Program Files\Google
2007-12-10 20:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 19:23 --------- d-----w C:\Documents and Settings\Bieken\Application Data\ArcSoft
2007-12-10 19:22 --------- d-----w C:\Program Files\LimeWire
2007-11-30 19:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-23 15:41 --------- d-----w C:\Program Files\TomTom HOME
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-08 17:20 384 ----a-w C:\Documents and Settings\Bieken\Application Data\internaldb6334.dat
2007-03-08 17:06 194 ----a-w C:\Documents and Settings\Bieken\Application Data\internaldb8467.dat
2007-03-08 17:06 18,432 ----a-w C:\Documents and Settings\Bieken\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((( [email protected]_15.20.28,82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-04-11 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 05:40 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 09:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 09:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 09:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 01:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 10:34 192512]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 19:55 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05 212992]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-04-11 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-04-11 05:00 15360]

C:\Muziek\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-16 15:30:41]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-10 21:26:07]
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-30 18:30:05]
HP Photosmart Premier Snelstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 21:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{069e73c0-3845-11dc-9214-0014a5f87835}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 16:18:10
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? [email protected]?????<[email protected]

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-05 16:19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 15:19:19
ComboFix2.txt 2008-01-05 14:20:59
.
2007-12-13 16:26:22 --- E O F ---

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Zijn alle problemen dan voorbij?

Ik ga het morgen proberen.Moet nu dringend weg.
alvast bedankt, je hoort wel of het gelukt is of niet.

tot morgen

Hey Smeenk,

Perfecto man, alles blijkt ok....
Als ik eens iets kan weer doen, je laat het maar horen.

Thx,

Minimexx

Graag gedaan hoor