Onstabiele pc na verwijdering virus.

kape · 4 juli 2012

Euh er staat toch duidelijk te lezen dat een log niet lukte omdat combofix vastliep?

Klopt ... TDSS Killer was een poging om te achterhalen of er iets de zaak blokkeerde. Wil je eens bekijken of je Combofix in "veilige modus" kan laten scannen en of het tooltje dan wél het einde haalt ?

wildstream · 5 juli 2012

ComboFix 12-07-05.02 - baco 05/07/2012 14:44:08.3.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.829 [GMT 2:00]

Gestart vanuit: c:\documents and settings\baco\Bureaublad\ComboFix.exe

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

ADS - WINDOWS: deleted 192 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-05 to 2012-07-05 ))))))))))))))))))))))))))))))

.

2012-06-13 02:19 . 2012-06-13 02:19 -------- d-----w- c:\documents and settings\baco\Local Settings\Application Data\AVG Secure Search

2012-06-07 07:36 . 2012-06-07 07:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 07:36 . 2012-06-07 07:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-02 06:25 . 2012-04-02 01:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-02 06:25 . 2011-09-05 20:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-11 14:35 . 2011-01-07 03:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-23 12:17 . 2012-05-10 14:53 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-12 03:27 . 2012-04-12 03:27 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE

2012-04-12 03:26 . 2012-04-25 22:01 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-06-16 21:51 . 2011-05-25 07:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 14:32 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 00:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]

2012-02-27 12:43 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 16:03 32592]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5-4-2011 0:59 297168]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 248656]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9-3-2011 19:24 2708024]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 15:02 7391072]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [23-10-2011 19:19 12184]

S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [12-4-2012 5:27 175624]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [12-4-2012 5:27 69640]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [14-5-2012 22:40 632792]

S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12-6-2012 16:32 935480]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17-10-2010 22:28 1691480]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11-5-2011 15:45 167264]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 21:28 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 27216]

S3 BCM42XX;Broadcom iLine10-networkadapterstuurprogramma;c:\windows\system32\drivers\bcm42xx5.sys [17-10-2010 16:44 54271]

S3 BCM44X2;Stuurprogramma voor BCM 10/100 ethernet-netwerkadapter;c:\windows\system32\drivers\BCM4E5.SYS [17-10-2010 16:41 26568]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7-1-2011 5:43 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25-4-2012 22:24 113120]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - LBEEPKE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-01 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job

- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-05-22 20:04]

.

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-02-19 14:31]

.

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-02-19 14:31]

.

------- Bijkomende Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\baco\Application Data\Mozilla\Firefox\Profiles\abzlbh6e.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb473e&v=7.008.031.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.ftp - 72.64.146.136

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 72.64.146.136

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - 72.64.146.136

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 80c62355000000000000003005c8187a

FF - user.js: extensions.BabylonToolbar_i.hardId - 80c62355000000000000003005c8187a

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15451

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:40

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-05 14:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2012-07-05 14:50:29

ComboFix-quarantined-files.txt 2012-07-05 12:50

.

Pre-Run: 63.956.410.368 bytes beschikbaar

Post-Run: 63.937.642.496 bytes beschikbaar

.

- - End Of File - - 8A5653BB0FB14EA4885313BF3D22FFD6

kape · 5 juli 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\baco\Application Data\Mozilla\Firefox\Profiles\abzlbh6e.default\

FF - prefs.js: browser.search.defaulturl -

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 80c62355000000000000003005c8187a

FF - user.js: extensions.BabylonToolbar_i.hardId - 80c62355000000000000003005c8187a

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15451

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:40

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

wildstream · 5 juli 2012

ComboFix 12-07-05.02 - baco 05/07/2012 18:51:33.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.662 [GMT 2:00]

Gestart vanuit: c:\documents and settings\baco\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\baco\Bureaublad\CFScript.txt

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-05 to 2012-07-05 ))))))))))))))))))))))))))))))

.

2012-06-13 02:19 . 2012-06-13 02:19 -------- d-----w- c:\documents and settings\baco\Local Settings\Application Data\AVG Secure Search

2012-06-07 07:36 . 2012-06-07 07:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 07:36 . 2012-06-07 07:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-02 06:25 . 2012-04-02 01:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-02 06:25 . 2011-09-05 20:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-11 14:35 . 2011-01-07 03:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-23 12:17 . 2012-05-10 14:53 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-12 03:27 . 2012-04-12 03:27 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE

2012-04-12 03:26 . 2012-04-25 22:01 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-06-16 21:51 . 2011-05-25 07:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-07-05_12.49.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-05 12:53 . 2012-07-05 12:53 16384 c:\windows\temp\Perflib_Perfdata_550.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 14:32 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 00:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]

2012-02-27 12:43 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 16:03 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5-4-2011 0:59 297168]

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9-3-2011 19:24 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31-1-2012 15:02 7391072]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [23-10-2011 19:19 12184]

R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [12-4-2012 5:27 175624]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [12-4-2012 5:27 69640]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [14-5-2012 22:40 632792]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12-6-2012 16:32 935480]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 21:28 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 27216]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17-10-2010 22:28 1691480]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11-5-2011 15:45 167264]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]

S3 BCM42XX;Broadcom iLine10-networkadapterstuurprogramma;c:\windows\system32\drivers\bcm42xx5.sys [17-10-2010 16:44 54271]

S3 BCM44X2;Stuurprogramma voor BCM 10/100 ethernet-netwerkadapter;c:\windows\system32\drivers\BCM4E5.SYS [17-10-2010 16:41 26568]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7-1-2011 5:43 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25-4-2012 22:24 113120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-01 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job

- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-05-22 20:04]

.

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-02-19 14:31]

.

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-02-19 14:31]

.

------- Bijkomende Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\baco\Application Data\Mozilla\Firefox\Profiles\abzlbh6e.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb473e&v=7.008.031.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.ftp - 72.64.146.136

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 72.64.146.136

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - 72.64.146.136

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-05 19:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(4060)

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\program files\Logitech\iTouch\iTchHk.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-07-05 19:04:11

ComboFix-quarantined-files.txt 2012-07-05 17:04

ComboFix2.txt 2012-07-05 12:50

.

Pre-Run: 63.925.288.960 bytes beschikbaar

Post-Run: 63.918.133.248 bytes beschikbaar

.

- - End Of File - - 850C1967BAAEF35E4BCD2755DCD1B815

kape · 5 juli 2012

Dit is prima gelukt. Hoe gedraagt de PC zich nu ?

wildstream · 5 juli 2012

Nog niet optimaal, wanneer ik bv in mijn mailbox klik om je reactie te bekijken dan krijg ik volgende foutmelding :

Het rare is dat die foutmelding dus verschijnt maar toch opent tergelijkertijd internet zonder probleem.

Ook het opstarten gaat nog steeds traag, pc blijft een tijd hangen wanneer bureaublad achtergrond verschijnt...het duurt lang alvorens de windows taakbalk verschijnt.

kape · 5 juli 2012

Download en installeer Speccy.

Tijdens de installatie heb je nu de mogelijkheid om Nederlands als taal te selecteren.

Start nu het programma en er zal een overzicht gemaakt worden van je hardware.

Als dit gereed is selecteer je bovenaan " Bestand - Publiceer Snapshot " en vervolgens bevestig je die keuze met " Ja ".

In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht.

Wil je in woord en beeld zien hoe je een logje van Speccy maakt en plaatst kun je dat Hier lezen.

Ook Dit (KLIK) filmpje laat zien hoe je een Speccy-logje kan plakken in je antwoord.

Na het plaatsen van je logje wordt dit door een expert nagekeken.

wildstream · 5 juli 2012

http://speccy.piriform.com/results/hAqmLsVauFAOUYmLQAvH0d6 5 juli 2012 aangepast door wildstream

Dasle · 5 juli 2012

Download HD Tune en sla het bestand op.

Installeer HD Tune en start deze na de installatie op.

Vervolgens ga je naar het tabblad Error Scan, selecteer de harde schijf die je wil controleren en druk op Start.

De controle kan een hele tijd in beslag nemen afhankelijk van de grootte van de te controleren harde schijf.

Wat is het resultaat van deze test?

wildstream · 6 juli 2012

Inloggen

Onstabiele pc na verwijdering virus.

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie