RE: pc blijft hangen

[vandeneynde.robin]

ja ik gebruik het regelmatig en heb nu de nieuwste versie

maar ask toolbar installeerde ik niet mee.

ben nl. niet zo'n "ik accepteer, ja ,ok ,ja" persoon

als je iets installeerd doe het dan van de eertste keer goed.

---------- Post toegevoegd om 19:10 ---------- Vorige post was om 19:00 ----------

ComboFix 11-05-12.04 - Rudi 13/05/2011 19:04:36.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1302 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Rudi\Bureaublad\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Toolbar4

c:\documents and settings\Rudi\WINDOWS

C:\RECYCLER(2)

c:\recycler(2)\S-1-5-21-1078081533-73586283-1801674531-1003(2)\Dc4.txt

c:\recycler(2)\S-1-5-21-1078081533-73586283-1801674531-1003(2)\INFO2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))

.

.

2011-05-11 14:58 . 2011-05-11 14:58 -------- d--h--r- c:\documents and settings\Rudi\Onlangs geopend

2011-05-01 12:44 . 2011-05-01 12:44 -------- d-----w- c:\program files\HD Tune

2011-05-01 12:36 . 2011-05-01 12:36 -------- d-----w- c:\program files\Western Digital Corporation

2011-04-27 13:19 . 2011-04-27 14:15 -------- d-----w- c:\documents and settings\Rudi\Application Data\Youtube Downloader HD

2011-04-27 13:19 . 2011-04-27 13:19 -------- d-----w- c:\program files\Youtube Downloader HD

2011-04-24 10:56 . 2011-04-24 10:56 -------- d-----w- c:\program files\FirefoxPreloader

2011-04-24 10:56 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll

2011-04-22 08:38 . 2011-04-22 08:38 -------- d-----w- c:\program files\Aurora

2011-04-15 08:03 . 2011-04-15 08:03 -------- d-----w- c:\program files\Microsoft Virtual PC

2011-04-14 14:18 . 2011-04-15 08:03 165232 ---ha-w- c:\documents and settings\Rudi\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 16:35 . 2010-10-04 17:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2011-4-24 98304]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Secure Dialer.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Secure Dialer.lnk

backup=c:\windows\pss\Secure Dialer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rudi^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\documents and settings\Rudi\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-09 18:55 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2001-11-19 14:54 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-11 02:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeekappSrch Service"=2 (0x2)

"gusvc"=3 (0x3)

"ewido security suite control"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"MDM"=2 (0x2)

"gupdate"=2 (0x2)

"ATI Smart"=2 (0x2)

"HPSLPSVC"=2 (0x2)

"hpqddsvc"=2 (0x2)

"IS360service"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Documents and Settings\\Rudi\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"c:\\Documents and Settings\\Rudi\\Local Settings\\Application Data\\CrossLoop\\CrossLoopConnect.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5910:TCP"= 5910:TCP:vnc5910

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/03/2011 14:32 14776]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/10/2010 19:07 136360]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 9:11 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 9:11 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 9:11 12928]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29/09/2009 12:01 1684736]

S3 cpuz130;cpuz130;\??\c:\docume~1\Rudi\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Rudi\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [3/10/2009 17:22 58288]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [3/10/2009 17:22 8336]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [3/10/2009 17:22 94064]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [3/10/2009 17:22 85408]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [3/10/2009 17:22 83344]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/11/2010 19:03 136176]

S4 IS360service;IS360service;k:\ \prof\IObit Security 360\IS360srv.exe --> k:\ \prof\IObit Security 360\IS360srv.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://eu.ask.com?o=101702&l=dis

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Rudi\Application Data\Mozilla\Firefox\Profiles\r5rne8rk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&apn_uid=67565D3E-18A7-4A60-9958-A6DE55BE365E&apn_ptnrs=F4&apn_sauid=DBE4218C-4DB8-4E58-BF87-32E87D4CF548&apn_dtid=YYYYYYYYBE&q=

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Malwarebytes' Anti-Malware (reboot) - k:\ \prof\Malwarebytes' Anti-Malware\mbam.exe

AddRemove-Advanced SystemCare 3_is1 - k:\ \prof\advanced systemcare free\unins000.exe

AddRemove-Audacity 1.3 Beta (Unicode)_is1 - k:\ \prof\audacity\unins000.exe

AddRemove-CCleaner - k:\ \prof\ccleaner\uninst.exe

AddRemove-ewidoantimalware - k:\ \ewido anti-malware\Uninstall.exe

AddRemove-FreeApp v1 - k:\ \prof\FreeApps.exe

AddRemove-Game Booster_is1 - k:\ \prof\Game Booster\unins000.exe

AddRemove-IObit Security 360_is1 - k:\ \prof\IObit Security 360\unins000.exe

AddRemove-Smart Defrag 2_is1 - k:\ \prof\Smart Defrag 2\unins000.exe

AddRemove-Speccy - l:\ \Programma's\uninst.exe

AddRemove-Theme Park World - k:\tpw\nieuwe map\Uninst.isu

AddRemove-{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1 - l:\ \Programma's\Antivirussen\Hitman Pro\unins000.exe

AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - l:\ \Programma's\Antivirussen\Spybot - Search & Destroy\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-13 19:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600 Disk: WDC_WD5000AACS-00G8B0 rev.05.04C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1d

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2011-05-13 19:09:39

ComboFix-quarantined-files.txt 2011-05-13 17:09

.

Pre-Run: 46.526.816.256 bytes beschikbaar

Post-Run: 46.520.668.160 bytes beschikbaar

.

- - End Of File - - 8C8748E6A700F28DD7D186CE7F01D057

[kweezie wabbit]

Er is toch weer wat opgeruimd.

Ik zal mijn collega vragen het logje verder na te kijken want die heeft daar meer ervaring mee.

Even geduld dus.

[kweezie wabbit]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Rudi\Application Data\Mozilla\Firefox\Profiles\r5rne8rk.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[kweezie wabbit]

Heb je de laatste instructies nog uitgevoerd?

Hoe is het nu met de pc?