Mogelijk achtergebleven bestandjes van Virus

[Blindeh]

Ok hier het logje:

ComboFix 11-03-30.02 - brent 31-03-2011  15:12:49.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.2047.1485 [GMT 2:00]
Gestart vanuit: c:\documents and settings\brent\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\brent\Bureaublad\CFScript.txt
.
FILE ::
"C:\32788R22FWJFW.1.tmp"
"C:\32788R22FWJFW.2.tmp"
"c:\windows\system32\drivers\iccnbdsp.sys"
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_iccnbdsp
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-02-28 to 2011-03-31  ))))))))))))))))))))))))))))))
.
.
2011-03-31 00:07 . 2011-03-31 00:07    --------    d-----w-    c:\documents and settings\All Users\Application Data\IObit
2011-03-31 00:07 . 2011-03-31 00:07    --------    d-----w-    c:\program files\IObit
2011-03-30 23:06 . 2011-03-30 23:17    --------    d-----w-    c:\program files\Dolphin
2011-03-29 22:32 . 2011-03-29 22:34    --------    d-----w-    C:\32788R22FWJFW.2.tmp
2011-03-29 22:30 . 2011-03-29 22:32    --------    d-----w-    C:\32788R22FWJFW.1.tmp
2011-03-28 14:24 . 2011-03-28 14:24    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-28 14:24 . 2011-03-28 14:24    --------    d-----w-    c:\documents and settings\NetworkService\Mijn documenten
2011-03-25 12:22 . 2011-03-25 12:22    388096    ----a-r-    c:\documents and settings\brent\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-25 12:22 . 2011-03-25 12:22    --------    d-----w-    c:\program files\Trend Micro
2011-03-19 19:25 . 2011-03-19 19:25    --------    d-----r-    c:\documents and settings\LocalService\Favorieten
2011-03-19 06:02 . 2011-03-19 06:02    --------    d-----r-    c:\documents and settings\NetworkService\Favorieten
2011-03-19 05:12 . 2011-03-19 05:12    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2011-03-16 00:17 . 2011-03-16 00:17    --------    d-----w-    C:\$AVG
2011-03-14 16:54 . 2011-03-14 16:54    --------    d--h--w-    c:\documents and settings\All Users\Application Data\Common Files
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:54 . 2007-10-29 12:00    270848    ----a-w-    c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2007-10-29 12:00    186880    ----a-w-    c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-07-13 11:21    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-07-13 11:21    677888    ----a-w-    c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2007-10-29 12:00    441344    ----a-w-    c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2007-10-29 12:00    290048    ----a-w-    c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2007-10-29 12:00    1855104    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Fraps"="c:\fraps\FRAPS.EXE" [2010-06-15 2320304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Documents and Settings\\brent\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57483:TCP"= 57483:TCP:Pando Media Booster
"57483:UDP"= 57483:UDP:Pando Media Booster
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2-10-2003 3:16 119552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-7-2010 21:53 691696]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27-9-2003 14:37 5504]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29-10-2007 14:00 14336]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [13-7-2010 14:15 58600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]
S2 znyvokes;IPX Traffic Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [29-10-2007 14:00 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13-7-2010 13:51 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15-12-2009 22:07 25832]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
znyvokes
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-BRENTJE-brent.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-11 01:44]
.
2011-03-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2011-03-31 c:\windows\Tasks\User_Feed_Synchronization-{2D49AAED-4272-40F6-8ACA-DD007EE1311D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Bijkomende Scan -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\brent\Application Data\Mozilla\Firefox\Profiles\ff9uw06r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 15:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2011-03-31  15:25:25 - machine werd herstart
ComboFix-quarantined-files.txt  2011-03-31 13:25
ComboFix2.txt  2011-03-29 23:09
.
Pre-Run: 30.831.071.232 bytes beschikbaar
Post-Run: 30.819.500.032 bytes beschikbaar
.
- - End Of File - - E4E088A53199344D32F5C5E60F51D13B

Heb het 'geluidje' waar ik het eerder over gehad niet gehoord sinds de 1e scan/restart van ComboFix, en natuurlijk geen AVG popups meer nadat die verwijdert is.

[kape]

Uitstekend ... dan mag je dit nu doen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[Blindeh]

Ok dan, had CCCleaner ook al op m'n desktop staan dus was geen probleem (moest em wel even updaten)

Nogmaals bedankt, en is er een anti-virus progje wat ik kan gebruiken? Ik krijg steeds de melding van windows dat er geen anti-virus software geinstalleerd is (sinds AVG uninstall).

[kape]

Ofwel kan je AVG opnieuw installeren, ofwel kan je kiezen voor een andere gratis scanner als Avast of Antivir.