PC af en toe traag

kape · 13 februari 2012

Deze lijntjes moet je nog wegkrijgen als "administrator" :

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll

simpley · 13 februari 2012

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:15:04, on 13-2-2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16912)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Speccy\Speccy.exe

C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Jeroen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [GarenaMessenger] "C:\Program Files\Garena Plus\GarenaMessenger.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1045627773-2054834815-456020900-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1045627773-2054834815-456020900-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 7935 bytes

Ik heb ook gelijk mijn pc schoongemaakt, hier de resultaten.

http://speccy.piriform.com/results/aGei35G3dzdOhZONJc7vjOk

En, ik heb nu natuurlijk mijn pc een tijdje uit gehad, maar bij de eerste test stond hij al een paar uur aan, dit zal denk ik ook wel uit hebben gemaakt.

En mijn PC was ook af en toe traag toen ik hem in de ochtend aan zette, dus was hij denk ik niet te warm.

Maar, ik heb er geen verstand van, dus het zou ook anders kunnen.

kape · 13 februari 2012

Logje ziet er nu prima uit ... nog een stapje verder dan :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

simpley · 14 februari 2012

Is dit op deze manier illegaal?

Ik wil geen problemen krijgen.

Of betekent Illegal operation attempted on a registry key that has been marked for deletion iets anders?

kape · 14 februari 2012

Betekent gewoon een "ongewenste" ingreep in het register ... niets met "illegaal" te maken, dus ;-)

simpley · 14 februari 2012

ComboFix 12-02-13.01 - Jeroen 14-02-2012 15:45:41.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3070.2012 [GMT 1:00]

Gestart vanuit: c:\users\Jeroen\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))

.

2012-02-14 14:53 . 2012-02-14 14:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-02-14 14:53 . 2012-02-14 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-13 16:42 . 2012-02-13 16:42 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Malwarebytes

2012-02-13 16:42 . 2012-02-13 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-13 16:42 . 2012-02-13 16:42 -------- d-----w- c:\programdata\Malwarebytes

2012-02-13 16:42 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-13 15:55 . 2012-02-13 20:45 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Xfire

2012-02-13 15:55 . 2012-02-13 15:55 -------- d-----w- c:\programdata\Xfire

2012-02-13 15:55 . 2012-02-13 15:55 -------- d-----w- c:\program files\Xfire

2012-02-13 15:54 . 2012-02-13 15:54 -------- d-----w- c:\program files\Speccy

2012-02-13 15:25 . 2012-02-13 15:25 388096 ----a-r- c:\users\Jeroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-13 15:24 . 2012-02-13 15:25 -------- d-----w- C:\hijackthis

2012-02-10 14:56 . 2012-02-10 14:56 -------- d-----w- c:\program files\BabylonToolbar

2012-02-10 14:56 . 2012-02-10 14:56 1492 ----a-w- C:\user.js

2012-02-10 14:56 . 2012-02-10 14:56 -------- d-----w- c:\users\Jeroen\AppData\Local\Babylon

2012-02-10 14:56 . 2012-02-13 20:14 -------- d-----w- c:\program files\BrowserCompanion

2012-02-10 14:56 . 2012-02-10 14:58 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Guitar Pro 6

2012-02-10 14:56 . 2012-02-10 14:56 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Babylon

2012-02-10 14:56 . 2012-02-10 14:56 -------- d-----w- c:\programdata\Guitar Pro 6

2012-02-10 14:56 . 2012-02-10 14:56 -------- d-----w- c:\programdata\Babylon

2012-02-09 19:14 . 2012-02-09 19:14 -------- d-----w- c:\programdata\2D383

2012-02-04 15:56 . 2012-02-04 15:56 -------- d-----w- c:\users\Jeroen\AppData\Local\Apps

2012-02-04 15:56 . 2012-02-05 15:21 -------- d-----w- c:\users\Jeroen\AppData\Local\Deployment

2012-02-04 15:54 . 2012-02-04 15:54 -------- d-----w- c:\program files\Microsoft.NET

2012-02-03 09:31 . 2012-02-03 09:31 42392 ----a-w- c:\windows\system32\xfcodec.dll

2012-01-31 11:27 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-31 11:27 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-01-31 11:27 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-31 11:27 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-01-31 11:27 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll

2012-01-31 11:27 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll

2012-01-31 11:27 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll

2012-01-31 11:27 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll

2012-01-31 11:27 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll

2012-01-31 11:27 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-13 20:45 . 2011-11-05 18:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-02-13 20:45 . 2011-11-03 10:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-02-12 22:15 . 2011-11-03 10:54 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-02-10 18:25 . 2011-11-03 10:55 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-12-03 14:12 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-12-01 19:39 . 2011-10-08 15:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-24 04:23 . 2011-12-14 14:31 2340352 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 14:06 . 2012-01-11 14:49 67072 ----a-w- c:\windows\system32\packager.dll

2011-11-17 05:41 . 2012-01-11 14:49 1288984 ----a-w- c:\windows\system32\ntdll.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-08 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"Steam"="c:\program files\Steam\steam.exe" [2011-10-10 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]

.

c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-2-3 3530136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 136176]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-10 1343400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 15:21]

.

2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 15:21]

.

2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1045627773-2054834815-456020900-1001Core.job

- c:\users\Jeroen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:21]

.

2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1045627773-2054834815-456020900-1001UA.job

- c:\users\Jeroen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:21]

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

HKCU-Run-GarenaMessenger - c:\program files\Garena Plus\GarenaMessenger.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3976)

c:\program files\Xfire\xfire_toucan_45177.dll

.

Voltooingstijd: 2012-02-14 15:54:55

ComboFix-quarantined-files.txt 2012-02-14 14:54

.

Pre-Run: 457.317.961.728 bytes beschikbaar

Post-Run: 457.572.974.592 bytes beschikbaar

.

- - End Of File - - 48F7467A935AF86FA57A103E1B624238

Het lukte me alleen niet om hem op mijn bureaublad op te slaan, kon alleen uitvoeren.

Hoop dat het zo wel goed gelukt is.

kape · 14 februari 2012

Is prima gelukt.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\user.js

Folder::

c:\program files\BabylonToolbar

c:\users\Jeroen\AppData\Local\Babylon

c:\program files\BrowserCompanion

c:\users\Jeroen\AppData\Roaming\Babylon

c:\programdata\Babylon

c:\programdata\2D383

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

simpley · 14 februari 2012

ComboFix 12-02-13.01 - Jeroen 14-02-2012 16:52:17.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3070.1823 [GMT 1:00]

Gestart vanuit: c:\users\Jeroen\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jeroen\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\BabylonToolbar

c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe

c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe

c:\program files\BrowserCompanion

c:\program files\BrowserCompanion\BCHelper.exe

c:\program files\BrowserCompanion\blabbers-ch.crx

c:\program files\BrowserCompanion\blabbers-ff-full.xpi

c:\program files\BrowserCompanion\logo.ico

c:\program files\BrowserCompanion\sqlite3.dll

c:\program files\BrowserCompanion\tdataprotocol.dll

c:\program files\BrowserCompanion\toolbar.dll

c:\program files\BrowserCompanion\uninstall.exe

c:\program files\BrowserCompanion\updater.ini

c:\program files\BrowserCompanion\widgetserv.exe

c:\programdata\2D383

c:\programdata\2D383\{74FBF7D6-23AC-41A6-B881-47BC71373E7A}.swf

c:\programdata\Babylon

C:\user.js

c:\users\Jeroen\AppData\Local\Babylon

c:\users\Jeroen\AppData\Local\Babylon\Setup\bab033.tbinst.dat

c:\users\Jeroen\AppData\Local\Babylon\Setup\bab091.norecovericon.dat

c:\users\Jeroen\AppData\Local\Babylon\Setup\Babylon.dat

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\common.js

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\eula.html

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.css

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.html

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\page2.js

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\page9.html

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\title2.png

c:\users\Jeroen\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg

c:\users\Jeroen\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb

c:\users\Jeroen\AppData\Local\Babylon\Setup\Setup.exe

c:\users\Jeroen\AppData\Local\Babylon\Setup\SetupStrings.dat

c:\users\Jeroen\AppData\Local\Babylon\Setup\sqlite3.dll

c:\users\Jeroen\AppData\Roaming\Babylon

c:\users\Jeroen\AppData\Roaming\Babylon\log_file.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))

.

2012-02-14 15:59 . 2012-02-14 15:59 -------- d-----w- c:\users\Jeroen\AppData\Local\temp

2012-02-14 15:59 . 2012-02-14 15:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-02-14 15:59 . 2012-02-14 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp