PC traag van ene dag op andere

[Brechtiej]

ComboFix 12-06-23.06 - Eigenaar 24/06/2012 16:19:14.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1015.297 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 antivirus systeem 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\playercachelines.tmp

c:\documents and settings\All Users\Application Data\sortedcards.tmp

c:\documents and settings\Eigenaar\WINDOWS

.

---- Voorgaande Run -------

.

c:\program files\Mozilla Firefox\components\AskHPRFF.js

c:\windows\system32\Cache\0e4c36f95dc27967.fb

c:\windows\system32\Cache\19393f658dbd3ad2.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\3b7bb92e6deaa975.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))

.

.

2012-06-21 11:26 . 2012-06-21 11:26 -------- d-----w- c:\documents and settings\Administrator

2012-06-21 09:46 . 2012-06-21 10:26 -------- d-----w- C:\hijackthis

2012-06-21 08:34 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-21 08:08 . 2012-06-24 12:49 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-06-21 06:59 . 2012-06-21 06:59 -------- d-----w- c:\windows\system32\wbem\Repository

2012-06-21 06:50 . 2012-06-21 09:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\GameRanger

2012-06-15 19:32 . 2012-06-15 19:32 -------- d-----w- c:\program files\BabylonToolbar

2012-06-15 19:31 . 2012-06-15 19:31 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Babylon

2012-06-15 19:31 . 2012-06-15 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-06-15 19:31 . 2012-06-15 19:36 -------- d-----w- c:\program files\YourFileDownloader

2012-06-15 19:31 . 2012-06-15 19:31 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\YourFileDownloader

2012-06-15 19:14 . 2012-06-15 19:14 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\In_The_Money_LLC

2012-06-15 19:14 . 2012-06-15 19:15 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\In The Money

2012-06-15 19:14 . 2012-06-15 19:14 -------- d-----w- c:\program files\In The Money

2012-06-14 21:27 . 2012-06-14 21:27 -------- d-----w- C:\6ec8fdabde7468ff30e1c7ab32c58a

2012-06-14 18:49 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AVG Secure Search

2012-06-10 19:10 . 2012-06-10 19:10 -------- d-----w- c:\program files\PokerStrategy

2012-06-09 09:20 . 2012-06-09 09:20 -------- d-----r- c:\program files\Skype

2012-06-09 09:20 . 2012-06-09 09:20 -------- d-----w- c:\program files\Common Files\Skype

2012-06-07 18:05 . 2012-06-07 18:05 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Mikogo 4

2012-06-04 10:25 . 2012-06-21 07:50 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Deployment

2012-06-03 14:24 . 2012-06-03 14:24 -------- d-----w- C:\Poker

2012-06-02 09:30 . 2012-06-02 09:30 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\CPN

2012-05-30 11:59 . 2012-05-30 11:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2008-07-04 12:36 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2008-07-04 12:36 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2008-07-04 12:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-07-04 12:36 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2008-07-04 12:36 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-07-04 12:36 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2008-07-04 12:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2008-07-09 16:57 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2008-07-09 16:57 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2008-07-09 16:57 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2006-03-02 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2008-07-04 12:34 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 16:25 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"Spotify Web Helper"="c:\documents and settings\Eigenaar\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Documents and Settings\\Eigenaar\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5432:TCP"= 5432:TCP:postgres

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 4:48 32592]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [22/04/2007 16:24 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9/10/2006 13:31 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29/03/2007 16:54 13696]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/02/2009 15:44 691696]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/12/2010 5:12 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 295248]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/08/2008 11:34 15424]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [22/04/2007 16:25 5808]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/03/2006 14:00 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/03/2006 14:00 14336]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 7:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 7:09 192776]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22/04/2007 16:32 221184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2012 10:35 654408]

R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4/12/2006 16:13 292384]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12/06/2012 18:25 935480]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/07/2008 18:12 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2012 10:34 22344]

S2 M4-Service;M4-Service;c:\documents and settings\Eigenaar\Application Data\Mikogo 4\M4-Service.exe [16/01/2012 12:04 1007472]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30/05/2012 13:56 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/06/2012 15:17 160944]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [14/04/2011 12:35 167264]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]

S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [4/07/2008 18:18 33024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hattrick.org/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yt7levv3.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112553&tt=060612_6_&babsrc=HP_ss&mntrId=08aac5b8000000000000001f3c3dd49e

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112553&tt=060612_6_&babsrc=KW_ss&mntrId=08aac5b8000000000000001f3c3dd49e&q=

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 08aac5b8000000000000001f298bc70f

FF - user.js: extensions.Softonic.instlDay - 15482

FF - user.js: extensions.Softonic.vrsn - 1.5.21.0

FF - user.js: extensions.Softonic.vrsni - 1.5.21.0

FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.016:58

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00005

FF - user.js: extensions.Softonic.dfltLng -

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extensions.BabylonToolbar_i.id - 08aac5b8000000000000001f3c3dd49e

FF - user.js: extensions.BabylonToolbar_i.hardId - 08aac5b8000000000000001f3c3dd49e

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15506

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:31

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112553&tt=060612_6_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-24 16:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1136)

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL

c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll

c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll

c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll

.

Voltooingstijd: 2012-06-24 16:36:03

ComboFix-quarantined-files.txt 2012-06-24 14:36

ComboFix2.txt 2011-01-09 13:59

.

Pre-Run: 8.238.297.088 bytes beschikbaar

Post-Run: 8.283.074.560 bytes beschikbaar

.

- - End Of File - - 6770B0BDFB15EBEA11E29A5E0D053CA1

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\BabylonToolbar

c:\documents and settings\Eigenaar\Application Data\Babylon

c:\documents and settings\All Users\Application Data\Babylon

Firefox::

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yt7levv3.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 08aac5b8000000000000001f298bc70f

FF - user.js: extensions.Softonic.instlDay - 15482

FF - user.js: extensions.Softonic.vrsn - 1.5.21.0

FF - user.js: extensions.Softonic.vrsni - 1.5.21.0

FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.016:58

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00005

FF - user.js: extensions.Softonic.dfltLng -

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extensions.BabylonToolbar_i.id - 08aac5b8000000000000001f3c3dd49e

FF - user.js: extensions.BabylonToolbar_i.hardId - 08aac5b8000000000000001f3c3dd49e

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15506

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:31

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112553&tt=060612_6_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Brechtiej]

Als ik dat erin sleep, doet hij altijd opnieuw een scan. Ik weet dus niet of het gelukt is.

Hier het bestandje dat ik na de scan kreeg:

ComboFix 12-06-25.05 - Eigenaar 26/06/2012 10:34:59.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1015.273 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript..txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 antivirus systeem 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-26 to 2012-06-26 ))))))))))))))))))))))))))))))

.

.

2012-06-21 11:26 . 2012-06-21 11:26 -------- d-----w- c:\documents and settings\Administrator

2012-06-21 09:46 . 2012-06-21 10:26 -------- d-----w- C:\hijackthis

2012-06-21 08:34 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-21 08:08 . 2012-06-26 08:29 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-06-21 06:59 . 2012-06-21 06:59 -------- d-----w- c:\windows\system32\wbem\Repository

2012-06-21 06:50 . 2012-06-21 09:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\GameRanger

2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-15 19:31 . 2012-06-15 19:39 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\BabylonToolbar

2012-06-15 19:31 . 2012-06-15 19:36 -------- d-----w- c:\program files\YourFileDownloader

2012-06-15 19:31 . 2012-06-15 19:31 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\YourFileDownloader

2012-06-15 19:14 . 2012-06-15 19:14 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\In_The_Money_LLC

2012-06-15 19:14 . 2012-06-15 19:15 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\In The Money

2012-06-15 19:14 . 2012-06-15 19:14 -------- d-----w- c:\program files\In The Money

2012-06-14 21:27 . 2012-06-14 21:27 -------- d-----w- C:\6ec8fdabde7468ff30e1c7ab32c58a

2012-06-14 18:49 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-13 06:19 . 2012-06-13 06:19 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AVG Secure Search

2012-06-10 19:10 . 2012-06-10 19:10 -------- d-----w- c:\program files\PokerStrategy

2012-06-09 09:20 . 2012-06-09 09:20 -------- d-----r- c:\program files\Skype

2012-06-09 09:20 . 2012-06-09 09:20 -------- d-----w- c:\program files\Common Files\Skype

2012-06-07 18:05 . 2012-06-07 18:05 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Mikogo 4

2012-06-04 10:25 . 2012-06-21 07:50 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Deployment

2012-06-03 14:24 . 2012-06-03 14:24 -------- d-----w- C:\Poker

2012-06-02 09:30 . 2012-06-02 09:30 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\CPN

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2008-07-04 12:36 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2008-07-04 12:36 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2008-07-04 12:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-07-04 12:36 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2008-07-04 12:36 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-07-04 12:36 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2008-07-04 12:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2008-07-09 16:57 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2008-07-09 16:57 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2008-07-09 16:57 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2006-03-02 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2008-07-04 12:34 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-24_14.32.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-26 07:06 . 2012-06-26 07:06 16384 c:\windows\temp\Perflib_Perfdata_5bc.dat

+ 2012-06-25 18:38 . 2012-06-25 18:38 1259008 c:\windows\Installer\19563.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 16:25 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"Spotify Web Helper"="c:\documents and settings\Eigenaar\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Documents and Settings\\Eigenaar\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5432:TCP"= 5432:TCP:postgres

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 4:48 32592]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [22/04/2007 16:24 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9/10/2006 13:31 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29/03/2007 16:54 13696]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/02/2009 15:44 691696]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/12/2010 5:12 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 295248]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/08/2008 11:34 15424]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [22/04/2007 16:25 5808]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/03/2006 14:00 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/03/2006 14:00 14336]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 7:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 7:09 192776]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22/04/2007 16:32 221184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2012 10:35 654408]

R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4/12/2006 16:13 292384]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12/06/2012 18:25 935480]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/07/2008 18:12 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2012 10:34 22344]

S2 M4-Service;M4-Service;c:\documents and settings\Eigenaar\Application Data\Mikogo 4\M4-Service.exe [16/01/2012 12:04 1007472]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19/06/2012 17:32 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/06/2012 15:17 160944]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [14/04/2011 12:35 167264]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]

S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [4/07/2008 18:18 33024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hattrick.org/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yt7levv3.default\

FF - prefs.js: browser.search.selectedEngine -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-26 10:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1136)

c:\windows\system32\APSHook.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL

c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll

c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll

.

- - - - - - - > 'lsass.exe'(1196)

c:\windows\system32\APSHook.dll

.

- - - - - - - > 'explorer.exe'(444)

c:\windows\system32\APSHook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-06-26 10:45:58

ComboFix-quarantined-files.txt 2012-06-26 08:45

ComboFix2.txt 2012-06-26 07:59

ComboFix3.txt 2012-06-24 14:36

ComboFix4.txt 2011-01-09 13:59

.

Pre-Run: 8.270.061.568 bytes beschikbaar

Post-Run: 8.270.974.976 bytes beschikbaar

.

- - End Of File - - 2BC4C6D51E14B9128544BD08A5B9D10A

[kape]

Dat is perfect uitgevoerd

Enkel deze map mag je nog manueel verwijderen : c:\documents and settings\Eigenaar\Application Data\BabylonToolbar. En hoe is de toestand van de PC nu ?

[Brechtiej]

Die map vind ik niet onder de map Eigenaar (Application Data vind ik niet)

Pc werkt weer goed, maar daarnet stond CPU weer op 100 % waardoor pc weer zeer traag werkte (5 minuutjes)

[kape]

Application Data is een verborgen map. Om deze te kunnen bekijken of bewerken moet je dus eerst de optie "verborgen mappen tonen" inschakelen.

[Brechtiej]

laptop werkt weer enorm traag, probleem geraakt maar niet opgelost en daarom ga ik hem binnendragen. Ik kan echt niets meer doen voor het moment.

[kape]

laptop werkt weer enorm traag, probleem geraakt maar niet opgelost en daarom ga ik hem binnendragen. Ik kan echt niets meer doen voor het moment.

OK, laat daarna even - ter info - weten wat er ontdekt is als oorzaak van je probleem ?