Archief - "Virus van de overheid" - log

Hallo,


In vervolg van dit topic: https://www.beyondgaming.be/archive/software.22/virus-van-de-overheid.871895

Kan iemand hier aub eens naar kijken?

ti:

eXtreme zei:

Ik heb het térug gehad... jeezes christ.

Noch Malwarebytes, noch da rebooten vanaf usb (vanop die site van de overheid) werkten.. Het enigste dat iets vindt en dat werkt, is Trojan Killer. Maar aangezien mijn trial verlopen is, kon ik dus zien dat hij het vond (blijkbaar "rty0_7z.exe"), maar kon het niet verwijderen..




Hoe ik het (nochtans als redelijke computernoob) "verwijderd" heb: ik ging bij msconfig instellen dat hij in veilige modus moest opstarten, en zag bij het tabblad "Opstarten" dat daar het volgende tussen stond:
"Item: Update
Fabrikant: Onbekend
Opdracht: Maarten/AppData/Roaming/rty0_7z.exe
Locatie: HKCU\Software\Microsoft\Windows\CurrentVersion\Run"

En Trojan Killer vindt dit (als enigste, en dat heeft het de vorige keren opgelost, dus zal het wel zijn..):
"Registry: HKCU\Software\...\Run: try0_7z.exe - Trojan.Ap"


Ik heb da bijgevolg gewoon uitgeschakeld, en mijn computer start terug op.. Nu is het gewoon afwachten op de volgende zeker? (gvd) Denk dat ik Trojan Killer wel eens ga aankopen..

Klik om te vergroten...

Mercikes



DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 1.6.0_31
Run by Ben at 11:16:17 on 2012-07-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1907 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={CD76C087-E998-4E2B-BF84-426E5059117F}&mid=b25d52a1fd841e099bd0978adfbf59e6-e486b48de87662a7c3b0622a13811c29331be1c7&lang=en&d s=avgab0&pr=sa&d=2012-07-17 16:39:38&v=11.1.0.12&sap=hp
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uInternet Settings,ProxyOverride = *.local
BHO: PopupBlockerBHO.CPopupBlockerBHO: {0d929918-c804-4756-b0ac-640ef3f061e9} - c:\program files\smartpopupblocker\PopupBlockerBHO.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.29.1\bh\Ba bylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.29.1\Babyl onToolbarTlbr.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\pokerstars.be\PokerStarsUpdate.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74C9E8EC-9E16-417E-AA55-3E237B6370CA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{77C47D02-07E5-4008-A89C-84DF6313B4F0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A2B59C3B-C4D6-42E0-8FB9-7E90A78C295F} : NameServer = 8.8.8.8,8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profi les\n4irfeiu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Yahoo! België
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4bc31e54-f1ed-4e51-b5d9-bf2f6871ed58%7D&mid=b25d52a1fd841e099bd0978adfbf59 e6-e486b48de87662a7c3b0622a13811c29331be1c7&ds=avgab0 &v=11.1.0.12&lang=en&pr=sa&d=2012-07-17%2016%3A39%3A38&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_30 0_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: extensions.BabylonToolbar_i.id - d8b1569600000000000000216b88c698
FF - user.js: extensions.BabylonToolbar_i.hardId - d8b1569600000000000000216b88c698
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15373
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=3012_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - d8b1569600000000000000216b88c698
FF - user.js: extensions.BabylonToolbar.instlDay - 15545
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.121:19:49
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.s ys [2008-10-21 42608]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgi dshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-22 64160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-12 20384]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-2 913752]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-19 655944]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2009-4-21 116104]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\pro gram files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R2 WpsSupplicant;WpsSupplicant;c:\program files\tp-link\tp-link wireless configuration utility\wjath\WpsSupplicant.exe [2012-5-12 61440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ avgidsshimx.sys [2011-12-23 17232]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012-7-19 22344]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2008-4-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b5dedbe75d5a;Google Updateservice (gupdate1c9b5dedbe75d5a);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-6-8 250056]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-12 1434624]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\Flas hUSB.sys [2010-11-23 16896]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\tp-link wireless configuration utility\wps\jswpsapi.exe [2012-5-12 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 113120]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-24 19:24:34 -------- d-----w- c:\users\ben\appdata\roaming\FreeFixer
2012-07-24 19:24:34 -------- d-----w- c:\users\ben\appdata\local\FreeFixer
2012-07-24 19:24:25 -------- d-----w- c:\program files\FreeFixer
2012-07-24 19:21:25 -------- d-----w- c:\programdata\Protexis
2012-07-24 19:20:26 368912 ----a-w- c:\windows\system32\vbar332.dll
2012-07-24 19:20:26 -------- d-----w- c:\program files\Spy Cleaner Gold
2012-07-24 19:19:50 -------- d-----w- c:\users\ben\appdata\roaming\BabylonToolbar
2012-07-24 19:19:50 -------- d-----w- c:\program files\BabylonToolbar
2012-07-24 18:55:35 98816 ----a-w- c:\windows\sed.exe
2012-07-24 18:55:35 518144 ----a-w- c:\windows\SWREG.exe
2012-07-24 18:55:35 256000 ----a-w- c:\windows\PEV.exe
2012-07-24 18:55:35 208896 ----a-w- c:\windows\MBR.exe
2012-07-24 18:55:28 -------- d-s---w- C:\ComboFix
2012-07-24 15:39:28 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-07-19 21:59:49 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-19 11:50:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 11:50:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 10:02:41 -------- d-----w- c:\program files\SmartPopupBlocker
2012-07-17 14:39:36 -------- d-----w- c:\program files\AVG Secure Search
2012-07-12 11:18:59 -------- d-----w- c:\program files\NCH Software
2012-07-12 11:18:57 -------- d-----w- c:\users\ben\appdata\roaming\NCH Software
2012-07-11 20:46:05 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:18:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:18:35 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:18:34 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 12:18:30 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 12:18:30 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 12:18:30 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 10:40:01 -------- d-----w- c:\users\ben\appdata\roaming\AVG2012
2012-07-10 10:38:58 -------- d-----w- c:\users\ben\appdata\local\AVG Secure Search
2012-07-10 10:38:43 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-10 10:38:42 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-10 10:36:52 -------- d-----w- c:\program files\AVG
2012-07-05 08:42:47 -------- d-sh--w- C:\found.000
2012-07-04 17:04:45 -------- d-----w- c:\windows\CheckSur
2012-07-04 12:12:41 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-04 12:12:41 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-04 12:12:40 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-04 12:09:24 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 11:19:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-04 11:19:39 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-04 11:19:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-04 11:19:31 33792 ----a-w- c:\windows\system32\wuapp.exe
.
==================== Find3M ====================
.
2012-07-16 12:19:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 12:19:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:16:51,08 ===============








Attach:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/02/2009 15:17:16
System Uptime: 25/07/2012 10:45:37 (1 hours ago)
.
Motherboard: TOSHIBA | | Satellite P300
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | U2E1 | 2266/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 118 GiB total, 29,323 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 15,999 GiB free.
F: is FIXED (NTFS) - 114 GiB total, 47,335 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 - Nederlands
Advanced SystemCare 5
Apple Application Support
Apple Software Update
ASIO4ALL
ATI Catalyst Install Manager
µTorrent
AVG 2012
AVG Security Toolbar
Babylon toolbar on IE
BabylonObjectInstaller
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Dutch
ccc-core-static
ccc-utility
CCC Help Dutch
CCC Help English
CCleaner
CDDRV_Installer
Compatibiliteitspakket voor het 2007 Microsoft Office system
Conexant HD Audio
DivX Setup
DVD MovieFactory for TOSHIBA
erLT
Eusing Free Registry Cleaner
FL Studio 9
FreeFixer
Geluiddemper v. cd/dvd-station
GMATPrep(TM)
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
hott notes 4
IL Download Manager
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 6
KhalInstallWrapper
Live 8.2.2
Logitech SetPoint
Malwarebytes Anti-Malware versie 1.62.0.1300
Marvell Miniport Driver
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTools
NetWaiting
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
PoiZone
PokerStars.be
Premiumplay Codec-C
Rainlendar2 (remove only)
RealPlayer
Sawer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skins
Skype Click to Call
Skype™ 5.5
Smart Popup Blocker version 1.10
SPSS 16.0
SpywareBlaster 4.3
Switch Sound File Converter
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
TL-WN822N Driver
TOSHIBA-handleidingen
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
Toxic Biohazard
TP-LINK Wireless Configuration Utility
TRDCReminder
Trojan Killer
TRORDCLauncher
TrueSuite Access Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Xvid 1.2.1 final uninstall
.
==== End Of File ===========================

Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.





1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Da had 'k al geprobeerd, in veilige modus, zoals ge zei. Maar in veilige modus kreeg ik mijn virusbescherming precies maar niet uitgeschakeld.. Zal het straks nog eens opnieuw doen.

Probeer dit programmake eens: RogueKiller

Ik gebruik da bijna dagelijks, kan goed overweg met die zever van ecops en toestanden.