Pc traag

[Fresonis]

Hallo,

Mijn pc is de laatste tijd erg traag met het opstarten van Windows, maar ook met het opstarten van andere programma's / games. GTA 4 kon ik ineens niet meer spelen, ik kreeg foutmelding als ik de game wilde opstarten. Ik heb gewoon de legale versie met cd. Doordat de pc traag loopt en GTA 4 niet meer wilde opstarten, heb ik besloten om een systeemherstel te doen. Dit is gelukt, GTA 4 kan ik nu wel weer spelen. Geen idee wat er is veranderd waardoor het nu wel weer kan.

Ik heb inmiddels Ccleaner gedraaid, er waren wat register fouten, deze zijn hersteld. Daarnaast heb ik ook Mbam gedaan, deze vond een paar kleinigheden. Virusscan (AVG) kon niks vinden.

Zouden jullie naar mijn logjes kunnen kijken?

Alvast bedankt!

Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.1.1000

Malwarebytes : Free anti-malware download

Databaseversie: v2012.11.04.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Eigenaar :: GILIAM-W7QWD0W7 [administrator]

Realtime bescherming: Uitgeschakeld

4-11-2012 19:14:21

mbam-log-2012-11-04 (19-14-21).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 198719

Verstreken tijd: 2 minuut/minuten, 30 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 1

C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 5

C:\Documents and Settings\Eigenaar\Mijn documenten\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:26:55, on 4-12-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\WINDOWS\system32\GEARSEC.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Philips Display\SmartControl\DTHtml.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe

O23 - Service: iPod-voorziening (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 13040 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Fresonis]

Die ene regel is met hijackthis verwijderd. Combofix is gedaan, hieronder staat het logje:

ComboFix 12-12-04.01 - Eigenaar 07-12-2012 16:26:49.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3327.2529 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Eigenaar\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Eigenaar\Local Settings\Temp\IadHide5.dll

c:\documents and settings\Eigenaar\WINDOWS

c:\program files\Java\jre7\bin\ssv.dll

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\muzapp.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-07 to 2012-12-07 ))))))))))))))))))))))))))))))

.

.

2012-12-04 16:28 . 2012-12-04 19:10 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-12-04 16:10 . 2012-12-04 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-04 16:10 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-04 16:07 . 2012-12-04 16:07 -------- d-----w- c:\program files\CCleaner

2012-12-04 15:45 . 2012-12-04 15:45 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-29 15:40 . 2012-11-29 15:40 -------- d-----w- c:\program files\PrivitizeVPN

2012-11-23 13:51 . 2012-11-23 13:54 -------- d-----w- c:\program files\CDex

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 18:41 . 2012-04-05 09:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-19 18:41 . 2012-01-28 20:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 19:57 . 2001-09-07 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2001-09-07 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-01 10:29 . 2012-10-01 10:29 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-10-01 10:29 . 2012-10-01 10:29 22328 ----a-w- c:\documents and settings\Eigenaar\Application Data\PnkBstrK.sys

2012-10-01 10:29 . 2012-10-01 10:29 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-10-01 10:29 . 2012-10-01 10:29 669184 ----a-w- c:\windows\system32\pbsvc.exe

2012-10-01 10:29 . 2012-10-01 10:29 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-09-24 21:16 . 2012-10-21 11:42 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-11 01:05 . 2012-10-25 17:23 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-11-02 32768]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-09 1423360]

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-05-17 121456]

"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2005-11-02 1110079]

"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2005-11-02 188928]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-11-2 450560]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-2 528384]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2003-10-27 16:16 229376 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2012-08-31 00:52 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2012-08-31 00:52 964024 ----a-w- c:\program files\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2005-07-19 09:05 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]

2010-05-13 15:34 110192 ----a-w- c:\program files\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"g:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"g:\\Games klaar om te spelen\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"g:\\Games klaar om te spelen\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"=

"g:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"g:\\Games klaar om te spelen\\Crysis 2\\bin32\\Crysis2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57361:TCP"= 57361:TCP:Pando Media Booster

"57361:UDP"= 57361:UDP:Pando Media Booster

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 3:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 31952]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2-11-2011 21:07 150568]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 301920]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [31-3-2012 20:16 242240]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 2:24 5167736]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 3:53 193288]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [26-9-2012 16:52 105832]

R2 Iprip;RIP-listener;c:\windows\System32\svchost.exe -k netsvcs [7-9-2001 13:00 14336]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4-12-2012 17:10 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4-12-2012 17:10 676936]

R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2-11-2011 22:28 109168]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29-3-2012 18:59 103040]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 12:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 12:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 12:32 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4-12-2012 17:10 22856]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [17-6-2012 16:31 30312]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [27-9-2012 19:28 83168]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [17-6-2012 16:31 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [17-6-2012 16:31 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [17-6-2012 16:31 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [17-6-2012 16:31 114280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [27-9-2012 19:28 181344]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 19:03]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 19:03]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-879983540-839522115-1003Core.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 20:37]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-879983540-839522115-1003UA.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 20:37]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yesoge1u.default\

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=74380689&tool_id=62781&qkw=

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-07 16:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1708537768-879983540-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e4,b8,ac,20,79,69,9d,cc,ad,0a,9b,22,13,9d,df,ff,42,0e,e5,fe,9d,12,87,

53,9c,b3,c3,ae,a1,16,9f,2c,e4,30,34,ed,1a,ad,57,66,5f,3e,e6,69,0c,07,d2,28,\

"??"=hex:53,89,b9,a1,b2,8f,7b,20,21,bf,b1,66,d8,41,79,68

.

[HKEY_USERS\S-1-5-21-1708537768-879983540-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:47,f6,d6,01,ba,ae,d2,7e,d9,90,24,9b,37,51,a3,61,63,f2,b8,03,a6,

66,6a,76,d6,c5,57,78,aa,13,54,1a,67,c5,e3,50,fc,de,68,d1,1c,55,6b,7c,c0,d2,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(920)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(1292)

c:\docume~1\Eigenaar\LOCALS~1\Temp\IadHide5.dll

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Maxtor\Sync\SyncServices.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Logitech\G-series Software\Applets\LCDMedia.exe

c:\program files\Logitech\G-series Software\Applets\LCDClock.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-07 16:33:48 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-07 15:33

.

Pre-Run: 41.902.190.592 bytes beschikbaar

Post-Run: 42.134.966.272 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 93DB05958D40D5A8A16893FBD0564F7B

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yesoge1u.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

8 december 2012 aangepast door kape

[Fresonis]

hier het logje:

ComboFix 12-12-07.01 - Eigenaar 08-12-2012 21:03:03.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3327.2438 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Eigenaar\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\Eigenaar\Local Settings\Temp\IadHide5.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-08 to 2012-12-08 ))))))))))))))))))))))))))))))

.

.

2012-12-07 19:10 . 2012-12-07 19:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Freecorder 7 Video

2012-12-07 19:10 . 2012-12-07 19:10 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Jaksta_Technologies_Pty_L

2012-12-07 19:05 . 2012-12-07 19:05 -------- d-----w- c:\program files\Applian Technologies

2012-12-07 19:04 . 2012-12-07 19:04 -------- d-----w- c:\program files\Freecorder extension

2012-12-07 19:04 . 2012-12-07 19:04 -------- d-----w- c:\program files\Yontoo

2012-12-07 19:04 . 2012-12-07 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2012-12-04 16:28 . 2012-12-07 20:31 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-12-04 16:10 . 2012-12-04 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-04 16:10 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-04 16:07 . 2012-12-04 16:07 -------- d-----w- c:\program files\CCleaner

2012-12-04 15:45 . 2012-12-04 15:45 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-29 15:40 . 2012-11-29 15:40 -------- d-----w- c:\program files\PrivitizeVPN

2012-11-23 13:51 . 2012-11-23 13:54 -------- d-----w- c:\program files\CDex

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 18:41 . 2012-04-05 09:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-19 18:41 . 2012-01-28 20:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 19:57 . 2001-09-07 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2001-09-07 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-01 10:29 . 2012-10-01 10:29 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-10-01 10:29 . 2012-10-01 10:29 22328 ----a-w- c:\documents and settings\Eigenaar\Application Data\PnkBstrK.sys

2012-10-01 10:29 . 2012-10-01 10:29 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-10-01 10:29 . 2012-10-01 10:29 669184 ----a-w- c:\windows\system32\pbsvc.exe

2012-10-01 10:29 . 2012-10-01 10:29 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-09-24 21:16 . 2012-10-21 11:42 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-11 01:05 . 2012-10-25 17:23 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]

2012-10-13 17:43 364920 ----a-w- c:\program files\Freecorder extension\ScriptHost.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-11-02 32768]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-09 1423360]

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-05-17 121456]

"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2005-11-02 1110079]

"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2005-11-02 188928]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-11-2 450560]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-2 528384]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2003-10-27 16:16 229376 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2012-08-31 00:52 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2012-08-31 00:52 964024 ----a-w- c:\program files\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2005-07-19 09:05 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]

2010-05-13 15:34 110192 ----a-w- c:\program files\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"g:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"g:\\Games klaar om te spelen\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"g:\\Games klaar om te spelen\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"=

"g:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"g:\\Games klaar om te spelen\\Crysis 2\\bin32\\Crysis2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57361:TCP"= 57361:TCP:Pando Media Booster

"57361:UDP"= 57361:UDP:Pando Media Booster

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 3:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 31952]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2-11-2011 21:07 150568]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 301920]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [31-3-2012 20:16 242240]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 2:24 5167736]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 3:53 193288]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [26-9-2012 16:52 105832]

R2 Iprip;RIP-listener;c:\windows\System32\svchost.exe -k netsvcs [7-9-2001 13:00 14336]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4-12-2012 17:10 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4-12-2012 17:10 676936]

R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2-11-2011 22:28 109168]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29-3-2012 18:59 103040]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 12:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 12:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 12:32 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4-12-2012 17:10 22856]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [17-6-2012 16:31 30312]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [27-9-2012 19:28 83168]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [17-6-2012 16:31 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [17-6-2012 16:31 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [17-6-2012 16:31 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [17-6-2012 16:31 114280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [27-9-2012 19:28 181344]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 19:03]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 19:03]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-879983540-839522115-1003Core.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 20:37]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-879983540-839522115-1003UA.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 20:37]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yesoge1u.default\

FF - user.js: extentions.y2layers.installId - a791faf9-3652-4b83-a315-8e7d5fbe4f51

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

FF - user.js: extensions.autoDisableScopes - 14

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-08 21:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1708537768-879983540-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e4,b8,ac,20,79,69,9d,cc,ad,0a,9b,22,13,9d,df,ff,42,0e,e5,fe,9d,12,87,

53,9c,b3,c3,ae,a1,16,9f,2c,e4,30,34,ed,1a,ad,57,66,5f,3e,e6,69,0c,07,d2,28,\

"??"=hex:53,89,b9,a1,b2,8f,7b,20,21,bf,b1,66,d8,41,79,68

.

[HKEY_USERS\S-1-5-21-1708537768-879983540-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:47,f6,d6,01,ba,ae,d2,7e,d9,90,24,9b,37,51,a3,61,63,f2,b8,03,a6,

66,6a,76,d6,c5,57,78,aa,13,54,1a,67,c5,e3,50,fc,de,68,d1,1c,55,6b,7c,c0,d2,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(916)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3064)

c:\docume~1\Eigenaar\LOCALS~1\Temp\IadHide5.dll

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Maxtor\Sync\SyncServices.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Logitech\G-series Software\Applets\LCDClock.exe

c:\program files\Philips Display\SmartControl\DTHtml.exe

c:\program files\Logitech\G-series Software\Applets\LCDMedia.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-08 21:11:24 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-08 20:11

ComboFix2.txt 2012-12-07 15:33

.

Pre-Run: 41.535.488.000 bytes beschikbaar

Post-Run: 41.542.909.952 bytes beschikbaar

.

- - End Of File - - E71F721D00F9CEB5B66D54775BA32E56

[kape]

Dit is wel een heel ander logje dan het vorige, met nog meer ongewenste zaken aan boord.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\PrivitizeVPN

c:\program files\Freecorder extension

c:\program files\Yontoo

c:\documents and settings\All Users\Application Data\Tarma Installer

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]

Firefox::

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yesoge1u.default\

FF - user.js: extentions.y2layers.installId - a791faf9-3652-4b83-a315-8e7d5fbe4f51

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

FF - user.js: extensions.autoDisableScopes - 14

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

9 december 2012 aangepast door kape

[Fresonis]

Ooh dat is niet goed. Dit kan komen doordat ik opzoek was gegaan naar een programma om een youtube filmpje te kunnen downloaden zodat ik het zelf kon gebruiken. Maar blijkbaar waren dit dus foute programma's.

Misschien een tip welk programma dan wel goed is? Mocht je er 1 kennen uiteraard.

Bij jouw bericht staat: Klik hier voor uitleg mbt combofix script gebeuren. Maar er is geen link om aan te klikken, was me ook al opgevallen in je vorige bericht. Just so you know

Hier mijn logje:

ComboFix 12-12-07.01 - Eigenaar 08-12-2012 22:13:42.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3327.2480 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Eigenaar\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\Eigenaar\Local Settings\Temp\IadHide5.dll

c:\program files\Freecorder extension

c:\program files\Freecorder extension\AddonsFramework.dll

c:\program files\Freecorder extension\arrow-dn.gif

c:\program files\Freecorder extension\background.html

c:\program files\Freecorder extension\bg.js

c:\program files\Freecorder extension\ButtonSite.dll

c:\program files\Freecorder extension\clipper.png

c:\program files\Freecorder extension\config.xml

c:\program files\Freecorder extension\content.js

c:\program files\Freecorder extension\convert.png

c:\program files\Freecorder extension\DefSearchService.exe

c:\program files\Freecorder extension\fc7_toolbar_icon-128.png

c:\program files\Freecorder extension\fc7_toolbar_icon-16.png

c:\program files\Freecorder extension\fc7_toolbar_icon-18.png

c:\program files\Freecorder extension\fc7_toolbar_icon-48.png

c:\program files\Freecorder extension\Freecorder.crx

c:\program files\Freecorder extension\help.png

c:\program files\Freecorder extension\icon.ico

c:\program files\Freecorder extension\jquery-1.6.2.min.js

c:\program files\Freecorder extension\jquery-1.7.2.min.js

c:\program files\Freecorder extension\json2.min.js

c:\program files\Freecorder extension\lock.png

c:\program files\Freecorder extension\logo-24.png

c:\program files\Freecorder extension\logo.png

c:\program files\Freecorder extension\mp3_editor.png

c:\program files\Freecorder extension\music.png

c:\program files\Freecorder extension\play-flv.png

c:\program files\Freecorder extension\play.png

c:\program files\Freecorder extension\popup.html

c:\program files\Freecorder extension\popup.js

c:\program files\Freecorder extension\PropertySync.exe

c:\program files\Freecorder extension\PropertySyncPS.dll

c:\program files\Freecorder extension\radio.png

c:\program files\Freecorder extension\RegistryHelper.dll

c:\program files\Freecorder extension\screen.png

c:\program files\Freecorder extension\ScriptHost.dll

c:\program files\Freecorder extension\search.png

c:\program files\Freecorder extension\style.css

c:\program files\Freecorder extension\triangle-1-s.png

c:\program files\Freecorder extension\tv.png

c:\program files\Freecorder extension\uninstall.exe

c:\program files\Freecorder extension\UninstallChromeToolbar.exe

c:\program files\Freecorder extension\UninstallFirefoxToolbar.exe

c:\program files\Freecorder extension\updater.js

c:\program files\Freecorder extension\updaterWrapper.js

c:\program files\Freecorder extension\upgrade.png

c:\program files\Freecorder extension\upgrade2.png

c:\program files\Freecorder extension\vid-history.png

c:\program files\Freecorder extension\video-history.png

c:\program files\Freecorder extension\video.png

c:\program files\Freecorder extension\video_encryptor.png

c:\program files\Freecorder extension\vpl.png

c:\program files\Freecorder extension\youtube-square.png

c:\program files\Freecorder extension\youtube.png

c:\program files\PrivitizeVPN

c:\program files\PrivitizeVPN\PrivitizeVPN.exe

c:\program files\PrivitizeVPN\VPN.dll

c:\program files\Yontoo

c:\program files\Yontoo\OptChrome.exe

c:\program files\Yontoo\YontooIEClient.dll

c:\program files\Yontoo\YontooLayers.crx

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-08 to 2012-12-08 ))))))))))))))))))))))))))))))

.

.

2012-12-07 19:10 . 2012-12-07 19:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Freecorder 7 Video

2012-12-07 19:10 . 2012-12-07 19:10 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Jaksta_Technologies_Pty_L

2012-12-07 19:05 . 2012-12-07 19:05 -------- d-----w- c:\program files\Applian Technologies

2012-12-04 16:28 . 2012-12-08 21:12 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend

2012-12-04 16:10 . 2012-12-04 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-04 16:10 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-04 16:07 . 2012-12-04 16:07 -------- d-----w- c:\program files\CCleaner

2012-12-04 15:45 . 2012-12-04 15:45 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-23 13:51 . 2012-11-23 13:54 -------- d-----w- c:\program files\CDex

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 18:41 . 2012-04-05 09:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-19 18:41 . 2012-01-28 20:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 19:57 . 2001-09-07 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2001-09-07 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-01 10:29 . 2012-10-01 10:29 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-10-01 10:29 . 2012-10-01 10:29 22328 ----a-w- c:\documents and settings\Eigenaar\Application Data\PnkBstrK.sys

2012-10-01 10:29 . 2012-10-01 10:29 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-10-01 10:29 . 2012-10-01 10:29 669184 ----a-w- c:\windows\system32\pbsvc.exe

2012-10-01 10:29 . 2012-10-01 10:29 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-09-24 21:16 . 2012-10-21 11:42 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-11 01:05 . 2012-10-25 17:23 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-11-02 32768]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-09 1423360]

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-05-17 121456]

"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2005-11-02 1110079]

"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2005-11-02 188928]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-11-2 450560]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-2 528384]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2003-10-27 16:16 229376 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2012-08-31 00:52 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2012-08-31 00:52 964024 ----a-w- c:\program files\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2005-07-19 09:05 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]

2010-05-13 15:34 110192 ----a-w- c:\program files\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"g:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"g:\\Games klaar om te spelen\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"g:\\Games klaar om te spelen\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"=

"g:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"g:\\Games klaar om te spelen\\Crysis 2\\bin32\\Crysis2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57361:TCP"= 57361:TCP:Pando Media Booster

"57361:UDP"= 57361:UDP:Pando Media Booster

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 3:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 31952]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2-11-2011 21:07 150568]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 301920]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [31-3-2012 20:16 242240]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 2:24 5167736]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 3:53 193288]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [26-9-2012 16:52 105832]

R2 Iprip;RIP-listener;c:\windows\System32\svchost.exe -k netsvcs [7-9-2001 13:00 14336]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4-12-2012 17:10 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4-12-2012 17:10 676936]

R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2-11-2011 22:28 109168]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29-3-2012 18:59 103040]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 12:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 12:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 12:32 17232]

R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [8-12-2012 22:19 27976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4-12-2012 17:10 22856]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [17-6-2012 16:31 30312]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [27-9-2012 19:28 83168]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [17-6-2012 16:31 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [17-6-2012 16:31 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [17-6-2012 16:31 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [17-6-2012 16:31 114280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [27-9-2012 19:28 181344]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - HITMANPRO36

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 19:03]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 19:03]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-879983540-839522115-1003Core.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 20:37]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-879983540-839522115-1003UA.job

- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 20:37]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\yesoge1u.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Freecorder extension - c:\program files\Freecorder extension\uninstall.exe

AddRemove-Freecorder extension for Chrome - c:\program files\Freecorder extension\UninstallChromeToolbar.exe

AddRemove-Freecorder extension for Firefox - c:\program files\Freecorder extension\UninstallFirefoxToolbar.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-08 22:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1708537768-879983540-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e4,b8,ac,20,79,69,9d,cc,ad,0a,9b,22,13,9d,df,ff,42,0e,e5,fe,9d,12,87,

53,9c,b3,c3,ae,a1,16,9f,2c,e4,30,34,ed,1a,ad,57,66,5f,3e,e6,69,0c,07,d2,28,\

"??"=hex:53,89,b9,a1,b2,8f,7b,20,21,bf,b1,66,d8,41,79,68

.

[HKEY_USERS\S-1-5-21-1708537768-879983540-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:47,f6,d6,01,ba,ae,d2,7e,d9,90,24,9b,37,51,a3,61,63,f2,b8,03,a6,

66,6a,76,d6,c5,57,78,aa,13,54,1a,67,c5,e3,50,fc,de,68,d1,1c,55,6b,7c,c0,d2,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3836)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Maxtor\Sync\SyncServices.exe

c:\program files\Logitech\G-series Software\Applets\LCDClock.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-08 22:21:47 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-08 21:21

ComboFix2.txt 2012-12-08 20:11

ComboFix3.txt 2012-12-07 15:33

.

Pre-Run: 41.495.605.248 bytes beschikbaar

Post-Run: 41.480.794.112 bytes beschikbaar

.

- - End Of File - - 387988CD2952A722D2184C2F1F27C193

8 december 2012 aangepast door Fresonis

[kape]

Hoe staat het nu met de snelheid (of de traagheid) van de PC ?

[Fresonis]

Het gaat nu wel weer goed naar mijn idee, ik heb zojuist nog even wat register fouten hersteld met Ccleaner.

[kape]

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In XP doe je dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !