Ga naar inhoud

Downloaden mislukt; virus gedecteerd

Theo.B

Door Theo.B
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

Theo.B Groentje

Theo.B

Geplaatst:
  • Auteur
Geplaatst:

Dag Kape,

Ik heb AVG verwijderd; Je moet eerst via het configuratiescherm AVG verwijderen en daarna pas de tool, anders blijft het programma staan.

Hieronder de Combofix log.

Ik heb spybot; en kreeg daarin een aantal registerwijzigingen die ik moest goedkeuren. De meeste waren verwijderen van regels uit het register, maar ik heb er 3 tegengehouden waarvan ik niet weet wat ze doen misschien kan jij me dat vertellen.

System startup user entry

Value toevoegen: NoDrives

Browser page

Value toevoegen: HTTP://ie.search.msn.com/{sub_RFC1766}/srchasst/srchcust.htm

Disable registerytool

Value toevoegen: DisableRegistryTools

Ik heb na de uitvoer gekeken of ik weer bijlagen kan openen en dat kan. Dus Top. Weet niet wat de oorzaak was; AVG? Maar dan lijkt het mij sterk dat ik de enige ben. Moet nu nog een nieuw antivirusprogramma installeren. |Avast?

Dan nu de combolog:

ComboFix 13-05-12.01 - student 9 13-05-2013 21:28:02.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2939.1753 [GMT 2:00]

Gestart vanuit: e:\download\systeemonderhoud\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\STUDEN~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll

c:\users\student 9\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll

c:\windows\system32\muzapp.exe

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-04-13 to 2013-05-13 ))))))))))))))))))))))))))))))

.

.

2013-05-13 19:36 . 2013-05-13 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-13 19:36 . 2013-05-13 19:36 -------- d-----w- c:\users\student7\AppData\Local\temp

2013-05-07 21:20 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{381A786C-5362-4C43-A8D6-50F12FA27136}\mpengine.dll

2013-04-24 21:32 . 2013-04-24 21:32 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-04-18 21:25 . 2013-04-18 21:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-04-18 21:15 . 2013-04-18 21:15 -------- d-----w- c:\users\student 9\AppData\Roaming\TuneUp Software

2013-04-18 21:11 . 2013-05-13 19:14 -------- d-----w- c:\programdata\MFAData

2013-04-18 21:11 . 2013-04-18 21:11 -------- d--h--w- c:\programdata\Common Files

2013-04-18 21:11 . 2013-04-18 21:11 -------- d-----w- c:\users\student 9\AppData\Local\MFAData

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-02 00:06 . 2010-03-31 17:50 238872 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NDSTray.exe"="NDSTray.exe" [bU]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-05 30192]

"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]

"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-25 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-08 114688]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"KPN Assistent"="c:\program files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe" [2012-11-28 14160352]

.

c:\users\student7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\users\student 9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ImageMixer 3 SE Camera Monitor Ver.4.lnk - e:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2012-1-25 253952]

Microsoft Office.lnk - e:\program files\Microsoft Office2002\Office10\OSA.EXE [2001-2-13 83360]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-09-26 12:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]

2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-08-19 11:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Inhoud van de 'Gedeelde Taken' map

.

2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 17:49]

.

2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 17:49]

.

2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1001149697-3382961096-2755632298-1001Core.job

- c:\users\student 9\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 23:41]

.

2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1001149697-3382961096-2755632298-1001UA.job

- c:\users\student 9\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 23:41]

.

2013-05-13 c:\windows\Tasks\User_Feed_Synchronization-{4069CDD6-E480-4F2D-8E2C-0D5C7E17EC9E}.job

- c:\windows\system32\msfeedssync.exe [2011-12-06 04:32]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

TCP: DhcpNameServer = 192.168.2.254

TCP: Interfaces\{7482F54D-3C74-4F21-8045-B56DB437FEE8}: NameServer = 192.168.2.254

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe

AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-05-13 21:42

Windows 6.0.6001 Service Pack 1 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Toshiba TEMPRO\TempoSVC.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Voltooingstijd: 2013-05-13 21:49:55 - machine werd herstart

ComboFix-quarantined-files.txt 2013-05-13 19:49

.

Pre-Run: 49.860.177.920 bytes beschikbaar

Post-Run: 49.865.531.392 bytes beschikbaar

.

- - End Of File - - 07B5A286556852B1561F7DA2999485FC

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Er zijn inderdaad meer gelijkaardige problemen met AVG, je bent dus de enige niet.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

En mocht je een andere AV-scanner willen installeren dan is Avast Free alvast een aanrader !

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.