Traagheid

[kweezie wabbit]

Kan je het combofix bestand downloaden en op je bureaublad bewaren?

[Skippy]

Het is me gelukt om het programmatje op mijn bureaublad te zetten maar als ik het laat draaien dan faalt hij en slaat hij de pc helemaal vast.

[kweezie wabbit]

Heb je de virusscanner uitgeschakeld voor het opstarten van combofix?

[Skippy]

Ja hoor en ik heb 't ook geprobeerd met hem aan te zetten maar 't lukt niet. Ik ben hier echt een leek in hoor, niet gemakkelijk :-(

[kweezie wabbit]

Je moet geduld hebben bij het uitvoeren van combofix want het kan een tijdje duren voor die klaar is.

Ondertussen doe je best zo weinig mogelijk op de pc.

Je kan misschien het taakbeheer openen op de tab processen voor je combofix opstart.

Zodra combofix begint te werken, kan je het proces selecteren en met het cpu gebruik volgen of er nog activiteit is.

Als er ogenschijnlijk geen activiteit is, wil dit nog niet zeggen dat combofix klaar is.

[Skippy]

Ik heb hem al 2x laten lopen gedurende een hele dag. 't Kan toch niet zijn dat 't echt zo lang duurt?

[kweezie wabbit]

Neen dat is niet normaal.

Ik zal eens overleggen met mijn collega wat we verder nog kunnen doen.

[kweezie wabbit]

Download CF_UNINST.EXE naar het bureaublad.

Dubbelklik het bestand om combofix te verwijderen.

Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:

DDS - Bleeping Computer download.

DDS - Bleeping Computer download.

DDS - Infospyware.

DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.

DDS zal 2 logfiles openen:

* DDS.txt

* Attach.txt

Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit. Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.

Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.

[Skippy]

Het is me blijkbaar eindelijk gelukt. Hieronder vindt je 't resultaat...

ComboFix 12-06-12.01 - Jurgen & Kim 12/06/2012 13:04:26.7.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.564 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Jurgen & Kim\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

---- Voorgaande Run -------

.

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\Process.exe

c:\windows\system32\regdacl

c:\windows\system32\regdacl\doc\RegAudit.GIF

c:\windows\system32\regdacl\doc\RegAudit_e.htm

c:\windows\system32\regdacl\doc\RegDACL.GIF

c:\windows\system32\regdacl\doc\RegDACL_el.htm

c:\windows\system32\regdacl\doc\RegDACL_er1.htm

c:\windows\system32\regdacl\doc\RegDACL_er2.htm

c:\windows\system32\regdacl\doc\RegDACL_er3.htm

c:\windows\system32\regdacl\doc\RegDACLe.htm

c:\windows\system32\regdacl\doc\RegLast_e.htm

c:\windows\system32\regdacl\doc\RegOwner.GIF

c:\windows\system32\regdacl\doc\RegOwner_e.htm

c:\windows\system32\regdacl\doc\SMWNCV.cmd

c:\windows\system32\regdacl\Orderinfo.htm

c:\windows\system32\regdacl\RegToolsHelp.htm

c:\windows\system32\restart.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))

.

.

2012-06-12 04:44 . 2012-06-12 04:44 -------- dc----w- c:\windows\LastGood

2012-06-11 11:13 . 2012-06-11 11:15 -------- dc----w- c:\documents and settings\Jurgen & Kim\Application Data\DVD Flick

2012-06-11 11:11 . 2008-08-31 11:27 28672 -c--a-w- c:\windows\system32\mousewheel.ocx

2012-06-11 11:11 . 2007-08-31 16:36 36864 -c--a-w- c:\windows\system32\trayicon_handler.ocx

2012-06-11 11:11 . 2004-03-08 22:00 662288 -c--a-w- c:\windows\system32\mscomct2.ocx

2012-06-11 11:11 . 2003-01-26 11:41 40960 -c--a-w- c:\windows\system32\ssubtmr6.dll

2012-06-11 11:11 . 1998-06-23 22:00 164144 -c--a-w- c:\windows\system32\comct232.ocx

2012-06-11 11:11 . 2012-06-11 11:11 -------- dc----w- c:\program files\DVD Flick

2012-06-11 11:11 . 2004-03-08 22:00 212240 -c--a-w- c:\windows\system32\richtx32.ocx

2012-06-11 09:55 . 2012-06-11 09:55 -------- dc----w- c:\documents and settings\Jurgen & Kim\Local Settings\Application Data\bluesoleil

2012-06-08 18:08 . 2012-06-08 18:08 770384 -c--a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-08 18:08 . 2012-06-08 18:08 421200 -c--a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-08 09:40 . 2012-06-08 09:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Soluto

2012-06-03 11:27 . 2012-06-03 11:27 -------- d-----w- C:\found.000

2012-06-03 09:40 . 2012-06-12 09:02 -------- dc-h--r- c:\documents and settings\Jurgen & Kim\Onlangs geopend

2012-06-03 09:18 . 2012-06-03 09:18 -------- dc----w- c:\program files\IVT Corporation

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 08:49 . 2012-04-02 10:36 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 08:49 . 2011-05-18 18:23 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:55 . 2004-08-04 00:58 2031104 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2004-08-04 00:58 2152960 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2005-01-27 09:31 1862400 -c--a-w- c:\windows\system32\win32k.sys

2012-04-04 13:56 . 2011-01-23 11:38 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-01-07 10:13 . 2012-01-07 06:00 60 -c--a-w- c:\program files\CommandlineScanner.bat

2012-01-07 10:13 . 2012-01-07 06:00 1585560 -c--a-w- c:\program files\start.exe

2011-01-02 10:44 . 2011-01-02 10:43 396152 -c--a-w- c:\program files\utorrent.exe

2012-06-08 18:08 . 2012-03-06 11:15 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-03-01 . 3BDB7741F27C37725FB025CEE150513A . 3616768 . . [7.00.6000.17109] . . c:\windows\system32\mshtml.dll

[-] 2012-03-01 . 3BDB7741F27C37725FB025CEE150513A . 3616768 . . [7.00.6000.17109] . . c:\windows\system32\dllcache\mshtml.dll

.

[-] 2012-03-01 . BDDE958EFBF08A308B477A54EA0FD82B . 832512 . . [7.00.6000.17109] . . c:\windows\system32\wininet.dll

[-] 2012-03-01 . BDDE958EFBF08A308B477A54EA0FD82B . 832512 . . [7.00.6000.17109] . . c:\windows\system32\dllcache\wininet.dll

[-] 2012-03-01 . 0743FEA21BFE356BCDB60F723BE6325F . 841216 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\wininet.dll

.

[-] 2012-04-11 . 0ED21672B45858B3D6F72B898362A3F2 . 2031104 . . [5.1.2600.6206] . . c:\windows\system32\ntkrnlpa.exe

[-] 2012-04-11 . E7A9D6E071F8ABDAED0D8610FEA3F828 . 2073472 . . [5.1.2600.6206] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2012-04-11 . E7A9D6E071F8ABDAED0D8610FEA3F828 . 2073472 . . [5.1.2600.6206] . . c:\windows\system32\dllcache\ntkrnlpa.exe

.

[-] 2012-04-11 . 7A34AE10A68CA9F94E9EDE5D18A94AE9 . 2152960 . . [5.1.2600.6206] . . c:\windows\system32\ntoskrnl.exe

[-] 2012-04-11 . 8E5DFDF86DF4B5E66CFA794C92C4606C . 2196992 . . [5.1.2600.6206] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]

"Keyboard Status"="c:\progra~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 411648]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-21 118926]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2011-04-13 319574]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=

"c:\\StubInstaller.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21920:TCP"= 21920:TCP:@xpsp2res.dll,-22009

"49826:TCP"= 49826:TCP:@xpsp2res.dll,-22009

"163:TCP"= 163:TCP:@xpsp2res.dll,-22009

"47822:TCP"= 47822:TCP:@xpsp2res.dll,-22009

"16289:TCP"= 16289:TCP:@xpsp2res.dll,-22009

"59299:TCP"= 59299:TCP:@xpsp2res.dll,-22009

"58918:TCP"= 58918:TCP:@xpsp2res.dll,-22009

"22947:TCP"= 22947:TCP:@xpsp2res.dll,-22009

"32930:TCP"= 32930:TCP:@xpsp2res.dll,-22009

"49824:TCP"= 49824:TCP:@xpsp2res.dll,-22009

"2977:TCP"= 2977:TCP:@xpsp2res.dll,-22009

"23713:TCP"= 23713:TCP:@xpsp2res.dll,-22009

"43722:TCP"= 43722:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 2:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 7:30 32592]

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 19:32 20104]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 7:23 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 2:14 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 7:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 7:09 192776]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/02/2005 15:02 666368]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 2:14 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 2:14 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4/10/2011 7:21 16720]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [20/01/2005 16:05 1272000]

R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [27/01/2005 13:37 19928]

S0 gnakms;gnakms;c:\windows\system32\drivers\cssxr.sys --> c:\windows\system32\drivers\cssxr.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys --> c:\windows\system32\drivers\ctredrv.sys [?]

S1 MpKsl0023d320;MpKsl0023d320;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E564AE57-5781-48E6-BEDB-2FD8B04111C3}\MpKsl0023d320.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E564AE57-5781-48E6-BEDB-2FD8B04111C3}\MpKsl0023d320.sys [?]

S1 MpKsl02e6e64f;MpKsl02e6e64f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DFD0C5F-5E77-4869-AD41-3003CC100A4F}\MpKsl02e6e64f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DFD0C5F-5E77-4869-AD41-3003CC100A4F}\MpKsl02e6e64f.sys [?]

S1 MpKsl2c96cd76;MpKsl2c96cd76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67FE8CBD-38C8-4892-9B75-7EB882BF4D5D}\MpKsl2c96cd76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67FE8CBD-38C8-4892-9B75-7EB882BF4D5D}\MpKsl2c96cd76.sys [?]

S1 MpKsl3b9756f2;MpKsl3b9756f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{093653F4-527A-475B-9CF9-9E4AC5A96858}\MpKsl3b9756f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{093653F4-527A-475B-9CF9-9E4AC5A96858}\MpKsl3b9756f2.sys [?]

S1 MpKsl40e9b947;MpKsl40e9b947;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00DC232A-9D29-4B8F-92E5-A2AD1700477B}\MpKsl40e9b947.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00DC232A-9D29-4B8F-92E5-A2AD1700477B}\MpKsl40e9b947.sys [?]

S1 MpKsl40f3cc4d;MpKsl40f3cc4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF94879C-F419-485F-A526-B56C1F9303C3}\MpKsl40f3cc4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF94879C-F419-485F-A526-B56C1F9303C3}\MpKsl40f3cc4d.sys [?]

S1 MpKsl429b1ee7;MpKsl429b1ee7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D90ED-CEF2-444C-8B2D-5843269F6CDA}\MpKsl429b1ee7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D90ED-CEF2-444C-8B2D-5843269F6CDA}\MpKsl429b1ee7.sys [?]

S1 MpKsl685a36aa;MpKsl685a36aa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{783E70DD-2714-46EF-BEC2-D86B4C061C06}\MpKsl685a36aa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{783E70DD-2714-46EF-BEC2-D86B4C061C06}\MpKsl685a36aa.sys [?]

S1 MpKsla9e19044;MpKsla9e19044;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{093653F4-527A-475B-9CF9-9E4AC5A96858}\MpKsla9e19044.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{093653F4-527A-475B-9CF9-9E4AC5A96858}\MpKsla9e19044.sys [?]

S1 MpKslc2ca3e69;MpKslc2ca3e69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDE99DEC-9CE5-4106-AEF7-F69035CA769E}\MpKslc2ca3e69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDE99DEC-9CE5-4106-AEF7-F69035CA769E}\MpKslc2ca3e69.sys [?]

S1 MpKslc51ba6f0;MpKslc51ba6f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D90ED-CEF2-444C-8B2D-5843269F6CDA}\MpKslc51ba6f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D90ED-CEF2-444C-8B2D-5843269F6CDA}\MpKslc51ba6f0.sys [?]

S1 MpKslee0e7875;MpKslee0e7875;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6BDF603-9170-4D2B-A310-E76F912BA3BA}\MpKslee0e7875.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6BDF603-9170-4D2B-A310-E76F912BA3BA}\MpKslee0e7875.sys [?]

S1 MpKsleefeb021;MpKsleefeb021;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2985D14D-39FF-4547-BF4A-85DEE567CC47}\MpKsleefeb021.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2985D14D-39FF-4547-BF4A-85DEE567CC47}\MpKsleefeb021.sys [?]

S1 MpKslf1b175e4;MpKslf1b175e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CF72B02-FA57-4DA4-A61C-146C16D1BE70}\MpKslf1b175e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CF72B02-FA57-4DA4-A61C-146C16D1BE70}\MpKslf1b175e4.sys [?]

S1 MpKslf6fc5c95;MpKslf6fc5c95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F731EA22-51CA-4927-9F1B-62B898156917}\MpKslf6fc5c95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F731EA22-51CA-4927-9F1B-62B898156917}\MpKslf6fc5c95.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2/04/2012 12:36 257696]

S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [26/08/2010 21:29 25992]

S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [26/08/2010 21:29 22024]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 19:33 25864]

S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [27/01/2005 13:34 17408]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 19:32 23048]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/05/2012 18:56 113120]

S3 SNDO963;Trust DB-1180 Binocular DigiCam;c:\windows\system32\drivers\sndo963.sys [15/01/2006 16:25 221056]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:49]

.

2012-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2009-02-22 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8161080022.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

.

2012-06-12 c:\windows\Tasks\User_Feed_Synchronization-{A6A9102E-CE81-42B2-8EF8-26E7479CFFA0}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.hln.be/

mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://86.81.214.224/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.hln.be/

FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScript

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-12 13:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3306070157-3809988416-1071509390-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(784)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-06-12 13:33:49

ComboFix-quarantined-files.txt 2012-06-12 11:33

.

Pre-Run: 28.941.418.496 bytes beschikbaar

Post-Run: 29.002.182.656 bytes beschikbaar

.

- - End Of File - - 7C105DCEEAE2E7790181C7C2ADEC92C4

[kweezie wabbit]

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\found.000

Firefox::

FF - ProfilePath - c:\documents and settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht