tekens

ajkappert · 25 januari 2012

Ik heb AVG nu uitgeschakeld (15 min) en daarna dubbel geklikt op combofix, maar ik zie niet dat er iets gebeurd. Combofix.exe kan ik in het programma niet vinden. Het is 20,3 mb groot.

kweezie wabbit · 26 januari 2012

Download combofix opnieuw. Combofix is trouwens maar 4,2 MB groot.

Voor je combofix opstart, doe je het volgende.

Dubbelklik op het AVG icoontje in het systeemvak (rechts op de taakbalk).

Ga naar extra - geavanceerde instellingen.

In de linker kolom zie je dan Beveiliging door AVG tijdelijk uitschakelen.

Klik hierop, vink dan het vakje aan en klik onderaan op OK.

Om nadien AVG opnieuw te activeren, haal je gewoon het vinkje weer weg.

Start nu de scan met Combofix.

ajkappert · 26 januari 2012

Download combofix opnieuw. Combofix is trouwens maar 4,2 MB groot.
Voor je combofix opstart, doe je het volgende.

Dubbelklik op het AVG icoontje in het systeemvak (rechts op de taakbalk).

Ga naar extra - geavanceerde instellingen.

In de linker kolom zie je dan Beveiliging door AVG tijdelijk uitschakelen.

Klik hierop, vink dan het vakje aan en klik onderaan op OK.

Om nadien AVG opnieuw te activeren, haal je gewoon het vinkje weer weg.

Start nu de scan met Combofix.

Oei, ik ben erg geschrokken. Ik heb gedaan zoals boven gevraagd. de computer heeft zichzelf 1x opgestart, daarna kwam er uiteindelijk een hele file, deze wilde ik kopieëren, maar ik kwam in geen enkel programma meer, alles werd geblokkeerd. Ten lange leste heb ik de computer maar uitgeschakeld en herstart, daarna deed alles het weer. Behalve dan de juiste tekens in incredimail, dat is helaas nog niet opgelost. Moet in combofix verwijderen of kan het veilig blijven staan?

dit kwam ik nu nog tegen2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat

2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TCrdMain.reg.dat

2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TPwrMain.reg.dat

2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosReelTimeMonitor.reg.dat

2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosNC.reg.dat

2012-01-26 17:48:09 . 2012-01-26 17:48:09 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2012-01-26 17:47:57 . 2012-01-26 17:47:57 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2012-01-26 17:41:55 . 2012-01-26 17:41:55 9,871 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-01-26 16:59:39 . 2012-01-26 16:59:39 311,248 ----a-w- C:\Qoobox\Quarantine\C\Users\toshiba\AppData\Local\Temp\AC94.tmp.vir

2012-01-25 20:07:35 . 2012-01-26 17:38:25 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

2009-08-21 17:04:08 . 2009-08-21 17:04:08 40,960 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xp\EBLib.dll.vir

2008-07-24 12:40:58 . 2008-07-24 12:40:58 17,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xp\TPwSav.sys.vir

:

26 januari 2012 aangepast door ajkappert
kijken in mijn computer zag ik bovenstaande nog

kweezie wabbit · 27 januari 2012

Laat combofix voorlopig nog even staan.

Kijk eens of je het bestand C:\ComboFix.txt kan vinden?

Het bestand kan ook in de map C:\Qoobox staan.

Als je het bestand gevonden hebt, kan je het kopieren in je volgend bericht.

Als het kopieren niet wil lukken om een of andere reden, voeg het dan als bijlage toe aan je volgend bericht.

Hoe je een bijlage toevoegt aan een bericht, kan je lezen in deze handleiding.

ajkappert · 27 januari 2012

Combofix.txt staat niet op mijn computer (zoekopdracht geeft ook geen resultaat)

In Qooboo staat: backenv, quarantine, add.remove programs, combofix.quarantined files(2Kb, deze heb ik u gisteren gestuurd), snapshot@2012-1-26.dat.

Verder staat er nog een combofix bestand in C, 407 Kb met "handle 3XE bestand". Ook nog een combofix tekstbestand (20,3Kb) en er is nog een User Jscript bijgekomen.

kweezie wabbit · 28 januari 2012

Het is dat combofix tekstbestand dat we moeten hebben.

Kan je dat kopieren in een volgend bericht of het als bijlage toevoegen.

ajkappert · 28 januari 2012

ComboFix 12-01-23.02 - toshiba 26-01-2012 18:39:31.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2502 [GMT 1:00]

Gestart vanuit: c:\users\toshiba\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\toshiba\AppData\Local\Temp\AC94.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))

.

2012-01-26 17:43 . 2012-01-26 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-26 17:14 . 2012-01-26 17:14 -------- d-----w- c:\program files (x86)\DealPly

2012-01-26 17:13 . 2012-01-26 17:13 1491 ----a-w- C:\user.js

2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\BabylonToolbar

2012-01-26 17:13 . 2007-08-21 12:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll

2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter

2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\programdata\Babylon

2012-01-25 13:30 . 2012-01-25 13:30 -------- d-----w- c:\program files (x86)\Trend Micro

2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Nokia

2012-01-23 21:13 . 2012-01-23 21:13 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2012-01-11 13:52 . 2012-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-01-11 12:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 12:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 12:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 12:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 12:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 12:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 12:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 12:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-10 20:34 . 2009-04-07 15:09 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL

2012-01-10 20:34 . 2009-04-07 15:09 251904 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2012-01-10 19:51 . 2012-01-10 19:51 -------- d-----w- c:\programdata\PC Suite

2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\programdata\Nokia

2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\program files\DIFX

2012-01-10 19:50 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2012-01-10 19:49 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll

2012-01-10 19:48 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Nokia

2012-01-10 19:26 . 2012-01-10 19:26 -------- d-----w- c:\program files\Common Files\CANON

2012-01-10 19:25 . 2012-01-10 19:25 -------- d-----w- c:\program files\Canon

2012-01-10 19:23 . 2012-01-10 19:23 -------- d--h--w- c:\programdata\CanonBJ

2012-01-10 19:23 . 2008-10-09 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9D.DLL

2012-01-10 19:23 . 2008-10-09 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9D.DLL

2012-01-10 19:22 . 2012-01-10 19:22 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-01-10 19:22 . 2008-10-08 20:00 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL

2012-01-10 19:22 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC620O.DLL

2012-01-10 19:22 . 2009-12-11 12:19 1354240 ----a-w- c:\windows\system32\CNC620C.DLL

2012-01-10 19:22 . 2009-12-11 12:19 92672 ----a-w- c:\windows\system32\CNC620I.DLL

2012-01-10 19:22 . 2009-11-30 15:40 293888 ----a-w- c:\windows\system32\CNC620L.DLL

2012-01-10 19:21 . 2012-01-10 20:34 -------- d-----w- c:\program files (x86)\Canon

2012-01-10 18:24 . 2012-01-16 07:07 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-01-10 18:19 . 2012-01-10 18:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2012-01-10 18:18 . 2012-01-17 22:33 -------- d-----w- c:\programdata\Microsoft Help

2012-01-10 18:18 . 2012-01-10 18:18 -------- d-----r- C:\MSOCache

2012-01-10 15:36 . 2012-01-10 15:37 -------- d-----w- c:\program files (x86)\Google

2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\SysWow64\Wat

2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\system32\Wat

2012-01-09 17:03 . 2012-01-09 17:03 -------- d-----w- C:\totalcmd

2012-01-09 16:17 . 2012-01-09 16:18 -------- d-----w- c:\programdata\IM

2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\programdata\IncrediMail

2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\program files (x86)\IncrediMail

2012-01-09 16:12 . 2012-01-09 16:12 -------- d--h--w- c:\programdata\Common Files

2012-01-09 16:12 . 2012-01-09 16:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-01-09 16:11 . 2012-01-26 16:31 -------- d-----w- c:\windows\system32\drivers\AVG

2012-01-09 16:11 . 2012-01-09 16:14 -------- d-----w- c:\programdata\AVG2012

2012-01-09 16:10 . 2012-01-09 16:10 -------- d-----w- c:\program files (x86)\AVG

2012-01-09 16:08 . 2012-01-26 16:31 -------- d-----w- c:\programdata\MFAData

2012-01-09 15:53 . 2012-01-09 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-01-09 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2012-01-09 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2012-01-09 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-01-09 15:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-01-09 15:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-01-09 15:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-01-09 15:22 . 2012-01-09 15:22 -------- d-----w- c:\program files\CCleaner

2012-01-09 13:58 . 2012-01-09 13:58 -------- d--h--w- c:\windows\msdownld.tmp

2012-01-09 13:57 . 2009-07-14 14:57 114688 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\eBay.gadget\Bin\eBayGadget.dll

2012-01-09 13:54 . 2012-01-09 13:54 -------- d-----w- c:\programdata\ToshibaEurope

2012-01-09 13:53 . 2012-01-09 13:55 -------- d-----w- c:\users\toshiba

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-01 09:07 . 2011-11-01 09:07 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltx64.sys

2011-11-01 09:07 . 2011-11-01 09:07 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltjx64.sys

2011-11-01 09:07 . 2011-11-01 09:07 640000 ----a-w- c:\windows\system32\nmwcdcoclsx64.dll

2011-11-01 09:07 . 2011-11-01 09:07 27136 ----a-w- c:\windows\system32\drivers\ccdcmbox64.sys

2011-11-01 09:07 . 2011-11-01 09:07 19968 ----a-w- c:\windows\system32\drivers\ccdcmbx64.sys

2011-11-01 09:07 . 2011-11-01 09:07 166912 ----a-w- c:\windows\system32\ccdcmbwux64.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]

"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-09 366024]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]

.

c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1470848]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=648255ce000000000000743170077476

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-26 18:48:55 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-26 17:48

.

Pre-Run: 207.380.525.056 bytes beschikbaar

Post-Run: 207.544.623.104 bytes beschikbaar

.

- - End Of File - - 6FAACB3266EA8A776C895B29C7BB0B1D

kweezie wabbit · 29 januari 2012

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files (x86)\DealPly

c:\program files (x86)\BabylonToolbar

c:\programdata\Babylon

File::

C:\user.js

c:\windows\msdownld.tmp

DDS::

uStart Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=648255ce000000000000743170077476

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

ajkappert · 29 januari 2012

Wanneer combofix start, moet ik dan ook eerst weer AVG tijdelijk uitschakelen?

kweezie wabbit · 29 januari 2012

Inderdaad, je moet de virusscanner uitschakelen voor je combofix uitvoert.

Inloggen

tekens

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

Gerelateerde inhoud

OVER ONS

SITEMAP

Belangrijke informatie