Computer is trager geworden

[doedelzak123]

Mijn nieuwe PC is al meer dan 30 minuten aan het scannen met Combofix maar blijft na voltooid Deel_4 staan, alleen een cursor blinkt, is dat normaal?

Hebt u de computer zoals kape zei opgestart in veilige modus? Want zelfs met de nieuwe computer kan dit helpen.

29 december 2011 aangepast door doedelzak123

[010890falcon]

Neen, ik heb bij mijn nieuwe PC gewoon alles laten lopen maar niet in veilige modus, ondertussen ben ik al in voltooid 41 geraakt

---------- Post toegevoegd om 19:33 ---------- Vorige post was om 19:26 ----------

Ik denk dat mijn oude PC zwaar geïnfecteerd is want mijn Boot CD moest updates ophalen en doet het niet en de virusscan programma van Gdata werd afgebroken en ik kan de Boot Cd van Gdata ook niet meer uitwerpen want er komt een bericht : cannot open /media/.hal-mtab.

Wat kan ik doen?

---------- Post toegevoegd om 19:38 ---------- Vorige post was om 19:33 ----------

Ik heb de CD eruit gehaald met de paperclip truc en wat nu?

[010890falcon]

Als ik mijn oude PC opstart en F8 druk dan gebeurt er niets en wordt de PC normaal opgestart en nadien blijft alles hangen, ik kan geen enkel commando doorvoeren. Als ik echter opnieuw start en F11 druk dan kan ik de Boot CD van GData wel opstarten.

---------- Post toegevoegd om 20:19 ---------- Vorige post was om 20:04 ----------

Hier het Combofix rapport, ik hoop dat he bruikbaar is,

ComboFix 11-12-29.04 - Chris 29/12/2011 18:12:29.2.4 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1043.18.3767.1935 [GMT 1:00]

Gestart vanuit: c:\users\Chris\Desktop\ComboFix.exe

AV: G Data TotalCare 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

SP: G Data TotalCare 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-29 ))))))))))))))))))))))))))))))

.

.

2011-12-29 18:38 . 2011-12-29 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-29 15:01 . 2011-12-29 18:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EED91A7-9B1F-486D-99E6-776176E698AE}\offreg.dll

2011-12-29 13:17 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EED91A7-9B1F-486D-99E6-776176E698AE}\mpengine.dll

2011-12-25 22:32 . 2011-12-25 22:32 -------- d-----w- c:\programdata\Microsoft Help

2011-12-25 22:32 . 2011-12-25 22:32 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Help

2011-12-16 12:52 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-16 12:52 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-12-16 12:52 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-16 12:52 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-16 12:52 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-16 12:52 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes

2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\programdata\Malwarebytes

2011-12-08 20:19 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-08 15:21 . 2011-12-08 15:21 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-08 15:21 . 2011-12-08 15:21 -------- d-----w- c:\program files (x86)\Trend Micro

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-17 17:59 . 2011-09-24 09:09 53112 ----a-w- c:\windows\system32\drivers\HookCentre.sys

2011-11-17 17:58 . 2011-09-24 09:09 50552 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-11-17 17:58 . 2011-09-24 09:09 111992 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-11-17 17:58 . 2011-09-24 09:09 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys

2011-10-07 21:00 . 2011-10-07 21:00 0 ----a-w- c:\windows\SysWow64\sho7E91.tmp

2011-10-06 13:15 . 2011-10-06 13:15 106488 ----a-w- c:\windows\system32\drivers\GRD.sys

2011-10-04 21:56 . 2011-10-04 21:56 0 ----a-w- c:\windows\SysWow64\shoD32B.tmp

2011-10-04 17:37 . 2011-09-24 09:10 59256 ----a-w- c:\windows\system32\drivers\PktIcpt.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe" [2011-09-22 1012232]

"GDFirewallTray"="c:\program files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2011-11-08 1616904]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]

R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2011-10-28 1498616]

R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x]

R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2011-05-20 960504]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]

S0 SafeBoot;SafeBoot; [x]

S0 SbAlg;SbAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]

S1 RsvLock;RsvLock; [x]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-11-08 1501192]

S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalCare\AVK\AVKService.exe [2011-09-22 464392]

S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe [2011-10-28 2191808]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]

S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe [2011-08-10 1556816]

S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 459784]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-22 c:\windows\Tasks\HPCeeScheduleFor010890FALCON$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2011-12-08 c:\windows\Tasks\HPCeeScheduleForChris.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-29 20:14:08 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-29 19:13

.

Pre-Run: 109.628.715.008 bytes beschikbaar

Post-Run: 109.408.739.328 bytes beschikbaar

.

- - End Of File - - 37AEA24530C3CE3F5711515EE6A6A7C5

[kweezie wabbit]

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\sho7E91.tmp

c:\windows\SysWow64\shoD32B.tmp

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Laat het vetgedrukte bestand eens scannen bij Jotti en post de resultaten.

c:\windows\system32\drivers\GDBehave.sys

[010890falcon]

Kunt U mij zeggen hoe ik CFscript.txt moet slepen in Combofix,exe want bij mij lukt dat niet

---------- Post toegevoegd om 12:22 ---------- Vorige post was om 12:17 ----------

Ik denk dat het gelukt is met combofix!

[kweezie wabbit]

Kan je dan het nieuwe logje plaatsen?

[010890falcon]

Alles leek prima te gaan lukken met Combofix en dat CFscript tot ineens ik een melding kreeg bij het nieuw opstarten dat malwarebytes nog aan het scannen was (terwijl ik dat niet had gevraagd) en ik heb dan malwarebytes afgesloten en de PC opnieuw opgestart en Combofix staat nu al een hele tijd niets te doen?

Dus heb ik mijn antivirus en Firewall weer ingeschakeld op opnieuw op het net te komen maar van een Logje dus geen enkel spoor

[kape]

Heb je al eens geprobeerd - nu alles terug in werking is - om dan het scriptje in de rode snelkoppeling van Combofix te slepen ?

[010890falcon]

Het eigenaardige is dat het scriptje verdwenen is van mijn bureaublad en ook uit mijn documenten

[kape]

Maak het dan opnieuw aan, zoals eerder gemeld.

En heb je dat bestand GDBehave.sys al laten scannen bij Jotti ? Met welk resultaat ?