GijsM
-
Items
24 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door GijsM
-
-
Hallo Kape
Grote schoonmaak afgerond. Echter iets te vroeg gejuicht, er zijn nog/weer redirects
Gijs
-
Goedenavond Kape,
hieronder emisoftlog:
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 5-1-2012 18:43:01
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 5-1-2012 18:44:25
c:\program files\Enigma Software Group Ontdekt: Trace.Directory.SpyHunter!A2
C:\Documents and Settings\Gijs\Application Data\Sun\Java\Deployment\cache\6.0\14\6427c24e-76fd858a/Translate.class Ontdekt: Virus.Java.Exploit!IK
C:\Documents and Settings\Gijs\Mijn documenten\Documenten gijs\software\donaldduck2.exe Ontdekt: Backdoor.Win32.RShot!IK
Gescand
Bestanden: 152376
Sporen: 403649
Cookies: 451
Processen: 37
Gevonden
Bestanden: 2
Sporen: 1
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 5-1-2012 21:33:57
Scantijd: 2:49:32
C:\Documents and Settings\Gijs\Mijn documenten\Documenten gijs\software\donaldduck2.exe Verwijderd Backdoor.Win32.RShot!IK
C:\Documents and Settings\Gijs\Application Data\Sun\Java\Deployment\cache\6.0\14\6427c24e-76fd858a/Translate.class Verwijderd Virus.Java.Exploit!IK
c:\program files\Enigma Software Group Verwijderd Trace.Directory.SpyHunter!A2
Verwijderd
Bestanden: 2
Sporen: 1
Cookies: 0
Geen redirects meer
-
Goedenavond Kape,
was er ff een paar dagen tussen uit. genoemde actie geprobeerd in zowel veilige als normale modus echter zonder succes
Gijs
-
Goedenavond Asus,
Ben druk bezig in een ander subforum met Kape (virussen en spyware)
Gijs
-
Kape,
zie log hieronder, nog steeds redirects
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 19:20:44
-----------------------------
19:20:44.500 OS Version: Windows 5.1.2600 Service Pack 3
19:20:44.500 Number of processors: 2 586 0x1C02
19:20:44.500 ComputerName: MXXXXX UserName: Gijs
19:20:45.656 Initialze error 0 - driver not loaded
19:21:04.093 Service scanning
19:21:05.750 Modules scanning
19:21:05.750 Disk 0 trace - called modules:
19:21:05.750
19:21:05.750 Scan finished successfully
19:21:35.046 The log file has been saved successfully to "C:\Documents and Settings\Gijs\Bureaublad\aswMBR.txt"
-
Nog steeds, samen met IE fout meldingen:argh:
-
Laatste optie werkt,
Hieronder log.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 30-12-2011 at 11:40:51.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\Gijs\Bureaublad\iExplore.exe
Rkill completed on 30-12-2011 at 11:42:11.
-
Geprobeerd met werkend prog. op stick , maar hij wil op de besmette PC niet scannen (normale en veilige modus)
-
Helaas nog steeds doorverwijzingen.
Daarnaast begint een ander probleem (gisteren gepost op Internet & Netwerk) steeds vervelender te worden.
IE8 geeft haast continue een foutmelding en start dan opnieuw op. kan dat er (ook) mee te maken hebben?
-
Kape,
MBAM gedownload en geupdate. Daarna gestart (snelle scan)
Na het scannen kreeg ik direct een logje, zie onder.
Malwarebytes Anti-Malware 1.60.0.1800
Databaseversie: v2011.12.29.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gijs :: MXXXXX [administrator]
29-12-2011 16:55:40
mbam-log-2011-12-29 (16-55-40).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 170435
Verstreken tijd: 5 minuut/minuten, 33 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
-
Kape,
Helaas beide pogingen om TDSS killer te starten (normale modus en veilige modus )zonder resultaat.
Gijs
-
Kape,
Bijdeze het combofix log.
ComboFix 11-12-28.03 - Gijs 29-12-2011 10:34:28.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1417 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gijs\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gijs\Application Data\HPSU_48BitScanUpdate.log
c:\windows\system32\SET31.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-29 08:27 . 2011-12-29 08:27 -------- d-----w- c:\windows\LastGood
2011-12-27 20:30 . 2011-12-27 20:30 -------- d-----w- c:\documents and settings\Gijs\Local Settings\Application Data\Mozilla
2011-12-27 16:31 . 2011-12-29 09:24 -------- d--h--r- c:\documents and settings\Gijs\Onlangs geopend
2011-12-21 20:13 . 2011-12-21 20:13 -------- d-----w- c:\program files\ESET
2011-12-19 13:08 . 2011-12-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 20:39 . 2011-09-24 09:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2009-03-04 01:59 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 19:27 . 2011-11-16 19:27 388096 ----a-r- c:\documents and settings\Gijs\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-04 19:13 . 2009-03-04 01:59 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-03-04 01:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-03-04 01:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2009-03-04 01:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-03-04 01:59 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2009-03-04 01:59 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 17:33 . 2011-10-27 17:33 643072 ----a-w- c:\windows\AJScreensaver.scr
2011-10-18 11:13 . 2009-03-04 01:59 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-03-03 17:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-07-10 23:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-07-10 23:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-12-21 08:02 . 2011-12-27 20:30 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-19 13:08 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-19 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-31 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-19 892768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snagit 9.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snagit 9.lnk
backup=c:\windows\pss\Snagit 9.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 09:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 13:55 323584 ----a-w- c:\windows\Pixart\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PACTray]
2009-03-23 11:12 327680 ----a-w- c:\windows\Pixart\Pac7302\PACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-08-05 20:53 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-31 13:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmlisten"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"OfcPfwSvc"=2 (0x2)
"ntrtscan"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1ca01a04ea3943e"=2 (0x2)
"ETService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 0:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 5:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 0:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 0:14 295248]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [23-11-2011 2:36 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 5:09 192776]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-8-2010 10:38 92008]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [19-12-2011 14:08 869216]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23-5-2011 0:03 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 0:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 0:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 0:14 16720]
S2 gupdate1ca01a04ea3943e;Google Updateservice (gupdate1ca01a04ea3943e);c:\program files\Google\Update\GoogleUpdate.exe [10-7-2009 21:52 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [3-3-2009 18:26 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23-5-2011 0:03 30944]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-7-2009 21:52 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-29 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Gijs Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-10-26 13:58]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 20:52]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 20:52]
.
2011-12-29 c:\windows\Tasks\User_Feed_Synchronization-{C3146E36-9EF8-4964-868D-6CACC99F4E9A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.kpn.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: vrhm.nl\bhmlogin
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Gijs\Application Data\Mozilla\Firefox\Profiles\plpi6i7g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-29 12:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2011-12-29 12:42:10
ComboFix-quarantined-files.txt 2011-12-29 11:41
ComboFix2.txt 2011-11-16 21:13
.
Pre-Run: 88.938.307.584 bytes beschikbaar
Post-Run: 89.061.470.208 bytes beschikbaar
.
- - End Of File - - 217A372775A5ABF803BE8A8849AD01B1
-
Goedenavond Kape,
MVPS actie uitgevoerd, TDSS gedownload en uitgepak alleen krijg hem niet gestart
Gijs
-
Hallo allemaal,
Ik heb behoorlijk last van een Google redirect "virus?"
Hier onder een HJT logje van zojuist
Iemand een idee?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:13, on 28-12-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Internet, televisie, mobiel en vast bellen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: ::1 localhost #[iPv6]
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247168174955
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247168141080
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca01a04ea3943e) (gupdate1ca01a04ea3943e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
--
End of file - 7823 bytes
-
Ik krijg om de haverklap een foutmelding van Iexplorer waarin de PC aangeeft dat er een bewerkingsfout is opgetreden. Zelfs krijg ik deze als ik Firefox gebruik en IE niet
-
Kape,
Wederom bedankt vor de snelle en goede hulp!
@ Kurrt, heb office 2003, maar het is al opgelost.
Nogmaal bedankt.
-
Sind een paar dagen krijg ik om de haverklap de melding: het bestand Normal bestaat al wilt u het bestaande bestand vervangen.
wat kan ik daar aan doen?
-
Kape,
Vandaag geen muziekjes meer gehoord, Bedankt.
Gijs
-
Zo, het heeft ff geduurd maar hier is ie dan
ComboFix 11-11-16.01 - Gijs 16-11-2011 21:21:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1416 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gijs\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))
.
.
2011-11-16 19:27 . 2011-11-16 19:27 388096 ----a-r- c:\documents and settings\Gijs\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-10 06:20 . 2011-11-10 06:20 -------- d-----w- c:\windows\system32\cache
2011-11-03 21:04 . 2011-11-03 21:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-31 17:21 . 2011-11-16 19:46 -------- d--h--r- c:\documents and settings\Gijs\Onlangs geopend
2011-10-27 17:33 . 2011-10-27 17:33 643072 ----a-w- c:\windows\AJScreensaver.scr
2011-10-26 19:18 . 2011-10-26 19:22 -------- d-----w- c:\documents and settings\Gijs\Application Data\AVG
2011-10-26 19:17 . 2011-11-16 20:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-26 18:45 . 2011-10-26 18:45 -------- d-----w- c:\documents and settings\Nog opruimen
2011-10-26 18:05 . 2011-10-26 18:05 -------- d-----w- c:\documents and settings\Gijs\Application Data\AVG Secure Search
2011-10-26 18:05 . 2011-11-10 06:20 -------- d-----w- c:\program files\AVG Secure Search
2011-10-25 21:36 . 2011-10-31 17:18 -------- d-----w- c:\program files\CCleaner
2011-10-25 21:23 . 2011-11-16 19:18 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-25 20:20 . 2011-11-16 17:56 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-25 20:19 . 2011-10-26 19:16 -------- d-----w- c:\program files\AVG
2011-10-25 20:15 . 2011-11-16 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-25 20:10 . 2009-01-12 17:18 111360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-10-25 18:18 . 2011-10-25 18:18 -------- d-----w- c:\documents and settings\Gijs\Application Data\7art
2011-10-22 11:45 . 2011-10-22 11:56 -------- d-----w- c:\documents and settings\Gijs\Application Data\ElevatedDiagnostics
2011-10-21 18:12 . 2011-10-26 18:05 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-21 18:12 . 2011-10-21 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-21 18:10 . 2011-10-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2009-03-03 17:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-07-10 23:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-07-10 23:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2009-03-04 01:59 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2009-03-04 01:59 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2009-03-04 01:59 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-24 09:17 . 2011-09-24 09:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:09 . 2009-03-04 01:59 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00 . 2009-10-04 15:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:41 . 2009-03-04 01:59 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2009-03-04 01:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2009-03-04 01:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2009-03-04 01:59 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-25_18.47.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 20:51 . 2011-04-18 20:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-11-16 16:00 . 2011-11-16 16:00 16384 c:\windows\temp\Perflib_Perfdata_464.dat
- 2009-11-28 09:20 . 2011-08-12 11:51 18808 c:\windows\system32\spmsg.dll
+ 2009-11-28 09:20 . 2010-07-05 13:21 18808 c:\windows\system32\spmsg.dll
+ 2009-03-04 01:59 . 2011-10-30 09:00 94292 c:\windows\system32\perfc013.dat
+ 2009-03-04 01:59 . 2011-10-30 09:00 73944 c:\windows\system32\perfc009.dat
+ 2011-08-08 04:08 . 2011-08-08 04:08 40016 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-07-10 23:14 . 2011-07-10 23:14 24272 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-10 23:14 . 2011-07-10 23:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys
+ 2011-05-22 23:03 . 2011-05-22 23:03 30944 c:\windows\system32\drivers\avgfwdx.sys
+ 2011-05-22 23:03 . 2011-05-22 23:03 61280 c:\windows\system32\avgfwdx.dll
+ 2011-10-25 20:10 . 2009-01-12 17:18 10240 c:\windows\OPTIONS\CABS\RtNicprop64.DLL
+ 2011-10-25 20:10 . 2008-06-05 20:49 58368 c:\windows\OPTIONS\CABS\lansetx.exe
+ 2011-10-25 20:10 . 2008-06-05 20:49 60928 c:\windows\OPTIONS\CABS\lansetup.exe
+ 2011-10-25 20:10 . 2008-06-05 20:49 56320 c:\windows\OPTIONS\CABS\lansetm.exe
+ 2011-10-25 20:10 . 2008-06-05 20:50 86528 c:\windows\OPTIONS\CABS\lanset64.exe
+ 2011-10-27 05:55 . 2011-10-27 05:55 22016 c:\windows\Installer\1aa8a9.msi
+ 2009-07-09 20:00 . 2011-11-09 21:33 23040 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-07-09 20:00 . 2011-10-13 10:04 23040 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-07-09 20:00 . 2011-10-13 10:04 27136 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 27136 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 11264 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-07-09 20:00 . 2011-10-13 10:04 11264 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-07-09 20:00 . 2011-10-13 10:04 12288 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 12288 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-09-15 21:47 . 2011-09-15 21:47 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-10-25 23:05 . 2011-10-25 23:05 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\Acrofx32.dll
+ 2007-03-05 07:20 . 2007-03-05 07:20 61110 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\XSCAN32.DAT
+ 2007-04-19 12:10 . 2007-04-19 12:10 71008 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\UNBIND.EXE
+ 2007-05-21 10:43 . 2007-05-21 10:43 77152 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWSTRUCT.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 20320 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWRECS.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 51552 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWRECE.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 28000 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWORIENT.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 58720 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWLAY32.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 89440 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWCUTLIN.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 30048 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\THOCRAPI.DLL
+ 2007-04-19 12:10 . 2007-04-19 12:10 65888 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-22 17:07 . 2007-03-22 17:07 69984 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\SENDTO.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 20320 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\REVERSE.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 72536 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\PSOM.DLL
+ 2007-03-22 17:07 . 2007-03-22 17:07 52576 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OUTLWAB.DLL
+ 2007-04-19 11:52 . 2007-04-19 11:52 30560 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OUTLACCT.DLL
+ 2007-03-22 17:30 . 2007-03-22 17:30 99672 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OSA.EXE
+ 2007-03-22 17:06 . 2007-03-22 17:06 46432 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 40972 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2001-10-23 06:13 . 2001-10-23 06:13 53260 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2007-03-22 17:23 . 2007-03-22 17:23 17248 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-04-19 12:10 . 2007-04-19 12:10 80216 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-22 17:29 . 2007-03-22 17:29 44888 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-09 11:23 . 2007-04-09 11:23 25992 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-04-19 11:57 . 2007-04-19 11:57 46432 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-03-22 17:13 . 2007-03-22 17:13 58720 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-03-22 17:13 . 2007-03-22 17:13 45408 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-04-19 12:07 . 2007-04-19 12:07 45408 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOSVFBR.DLL
+ 2007-04-19 12:07 . 2007-04-19 12:07 58720 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOSVABW.DLL
+ 2007-04-19 12:07 . 2007-04-19 12:07 36192 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-22 17:16 . 2007-03-22 17:16 57696 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOMSE.DLL
+ 2007-04-19 12:07 . 2007-04-19 12:07 61280 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-03-22 17:29 . 2007-03-22 17:29 31072 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-03-22 17:29 . 2007-03-22 17:29 20824 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-04-30 13:11 . 2007-04-30 13:11 89440 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2007-04-19 12:00 . 2007-04-19 12:00 43864 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSE7.EXE
+ 2007-04-09 11:23 . 2007-04-09 11:23 46472 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 11:23 . 2007-04-09 11:23 28552 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 11:23 . 2007-04-09 11:23 28040 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 65536 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 18844 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2007-05-21 10:43 . 2007-05-21 10:43 76632 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\FORM.DLL
+ 2007-03-22 17:06 . 2007-03-22 17:06 17248 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\FINDER.EXE
+ 2001-06-05 14:13 . 2001-06-05 14:13 34168 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-03-22 17:23 . 2007-03-22 17:23 19800 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-04-19 11:55 . 2007-04-19 11:55 53088 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-04-19 12:07 . 2007-04-19 12:07 52064 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\BLNMGRPS.DLL
+ 2007-04-19 12:07 . 2007-04-19 12:07 66400 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\BLNMGR.DLL
+ 2007-03-22 17:29 . 2007-03-22 17:29 99160 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 12:10 . 2007-04-19 12:10 45920 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2011-10-25 20:10 . 2009-01-12 17:18 9728 c:\windows\OPTIONS\CABS\RtNicprop32.DLL
+ 2009-07-09 20:00 . 2011-11-09 21:33 4096 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-07-09 20:00 . 2011-10-13 10:04 4096 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-03-05 07:47 . 2007-03-05 07:47 6144 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OCRPS.DLL
+ 2011-04-18 20:51 . 2011-04-18 20:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-10-04 12:07 . 2011-11-03 21:04 701880 c:\windows\system32\Restore\rstrlog.dat
+ 2009-03-04 01:59 . 2011-10-30 09:00 516894 c:\windows\system32\perfh013.dat
+ 2009-03-04 01:59 . 2011-10-30 09:00 448608 c:\windows\system32\perfh009.dat
+ 2011-11-01 06:27 . 2011-11-03 21:05 264616 c:\windows\system32\FNTCACHE.DAT
- 2009-03-03 18:07 . 2011-10-13 10:32 264616 c:\windows\system32\FNTCACHE.DAT
+ 2011-07-10 23:14 . 2011-07-10 23:14 295248 c:\windows\system32\drivers\avgtdix.sys
+ 2011-07-10 23:14 . 2011-07-10 23:14 134608 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2009-03-03 17:13 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-03-03 17:13 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-03-04 01:59 . 2011-09-09 09:12 602624 c:\windows\system32\dllcache\crypt32.dll
+ 2009-03-04 01:59 . 2011-09-28 07:06 602624 c:\windows\system32\dllcache\crypt32.dll
+ 2011-10-25 20:10 . 2009-01-12 17:18 111360 c:\windows\OPTIONS\CABS\Rtenicxp.sys
+ 2011-10-25 20:10 . 2009-01-12 17:18 142336 c:\windows\OPTIONS\CABS\Rtenic64.sys
+ 2011-10-25 20:10 . 2009-01-12 17:18 109696 c:\windows\OPTIONS\CABS\Rtenic.sys
+ 2011-10-25 23:01 . 2011-10-25 23:01 223744 c:\windows\Installer\493607.msi
+ 2008-11-05 10:02 . 2008-11-05 10:02 119296 c:\windows\Installer\493600.msp
+ 2011-10-25 20:19 . 2011-10-25 20:19 219648 c:\windows\Installer\18d800.msi
- 2009-07-09 20:00 . 2011-10-13 10:03 409600 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 409600 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 286720 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-07-09 20:00 . 2011-10-13 10:03 286720 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-07-09 20:00 . 2011-10-13 10:03 249856 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 249856 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-07-09 20:00 . 2011-10-13 10:04 794624 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 794624 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-07-09 20:00 . 2011-10-13 10:03 135168 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-07-09 20:00 . 2011-11-09 21:33 135168 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\a3dutils.dll
+ 2007-05-21 10:43 . 2007-05-21 10:43 504672 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\XPAGE3C.DLL
+ 2007-05-21 10:43 . 2007-05-21 10:43 125280 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\TWCUTCHR.DLL
+ 2007-04-19 12:04 . 2007-04-19 12:04 390496 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\SETLANG.EXE
+ 2007-04-19 12:10 . 2007-04-19 12:10 355680 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\SELFCERT.EXE
+ 2007-03-22 17:09 . 2007-03-22 17:09 394080 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\RTFHTML.DLL
+ 2007-06-06 10:07 . 2007-06-06 10:07 100192 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-03-22 17:05 . 2007-03-22 17:05 434016 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\PP4X322.DLL
+ 2007-03-22 17:06 . 2007-03-22 17:06 245600 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-04-19 11:50 . 2007-04-19 11:50 837472 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-22 17:06 . 2007-03-22 17:06 287576 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 12:00 . 2007-04-19 12:00 489824 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 12:00 . 2007-04-19 12:00 130912 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 12:00 . 2007-04-19 12:00 637792 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 12:03 . 2007-04-19 12:03 648544 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSQRY32.EXE
+ 2007-04-09 11:24 . 2007-04-09 11:24 367496 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-04-09 11:23 . 2007-04-09 11:23 130952 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSPSCAN.EXE
+ 2007-04-09 11:24 . 2007-04-09 11:24 793480 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSPFILT.DLL
+ 2007-03-22 17:04 . 2007-03-22 17:04 130912 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-22 17:04 . 2007-03-22 17:04 109912 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-04-19 12:10 . 2007-04-19 12:10 127840 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2005-05-03 23:06 . 2005-05-03 23:06 199408 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2005-05-03 23:06 . 2005-05-03 23:06 465640 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-04-19 12:00 . 2007-04-19 12:00 476512 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MODHELP.DLL
+ 2007-04-09 11:24 . 2007-04-09 11:24 453512 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-09 11:23 . 2007-04-09 11:23 231816 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 11:24 . 2007-04-09 11:24 758664 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-04-19 12:10 . 2007-04-19 12:10 116576 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 12:16 . 2007-04-19 12:16 807256 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 12:15 . 2007-04-19 12:15 192344 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 289926 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2007-05-10 11:44 . 2007-05-10 11:44 121688 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-22 17:06 . 2007-03-22 17:06 355168 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2011-04-18 20:51 . 2011-04-18 20:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-18 20:51 . 2011-04-18 20:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-11-16 19:27 . 2011-11-16 19:27 1094656 c:\windows\Installer\be1331.msi
+ 2011-11-03 21:14 . 2011-11-03 21:14 4671488 c:\windows\Installer\69aaf.msi
+ 2011-11-03 12:31 . 2011-11-03 12:31 5525504 c:\windows\Installer\34328d8.msp
+ 2011-10-25 20:36 . 2011-10-25 20:36 2309120 c:\windows\Installer\18d826.msi
+ 2011-10-25 20:19 . 2011-10-25 20:19 2185216 c:\windows\Installer\18d804.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32.exe
+ 2007-05-21 10:43 . 2007-05-21 10:43 1209696 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\XIMAGE3B.DLL
+ 2007-05-10 11:42 . 2007-05-10 11:42 2839904 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-04-09 11:24 . 2007-04-09 11:24 1025416 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2006-09-26 20:01 . 2006-09-26 20:01 2113536 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2005-05-03 23:06 . 2005-05-03 23:06 1411816 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-19 11:57 . 2007-04-19 11:57 2152792 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-05-31 11:50 . 2007-05-31 11:50 1168736 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-06-06 10:46 . 2007-06-06 10:46 1961312 c:\windows\Installer\$PatchCache$\Managed\3140211900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2009-07-12 07:38 . 2011-11-09 21:33 50295240 c:\windows\system32\MRT.exe
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\51600c.msp
+ 2011-09-15 16:42 . 2011-09-15 16:42 37952512 c:\windows\Installer\49362b.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 06:20 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-31 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-26 218440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snagit 9.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snagit 9.lnk
backup=c:\windows\pss\Snagit 9.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 09:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 13:55 323584 ----a-w- c:\windows\Pixart\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PACTray]
2009-03-23 11:12 327680 ----a-w- c:\windows\Pixart\Pac7302\PACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-08-05 20:53 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-31 13:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmlisten"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"OfcPfwSvc"=2 (0x2)
"ntrtscan"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1ca01a04ea3943e"=2 (0x2)
"ETService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 0:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 5:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 0:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 0:14 295248]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [24-10-2011 20:29 2398512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 5:09 192776]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-8-2010 10:38 92008]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [26-10-2011 19:05 246600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23-5-2011 0:03 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 0:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 0:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 0:14 16720]
S2 gupdate1ca01a04ea3943e;Google Updateservice (gupdate1ca01a04ea3943e);c:\program files\Google\Update\GoogleUpdate.exe [10-7-2009 21:52 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [3-3-2009 18:26 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23-5-2011 0:03 30944]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-7-2009 21:52 133104]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-16 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Gijs Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-10-26 13:58]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 20:52]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 20:52]
.
2011-11-16 c:\windows\Tasks\User_Feed_Synchronization-{C3146E36-9EF8-4964-868D-6CACC99F4E9A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.kpn.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-HitmanPro35 - c:\program files\Hitman Pro 3.5\HitmanPro35.exe
MSConfigStartUp-OfficeScanNT Monitor - c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-UniblueRegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-16 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3652)
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-11-16 22:12:57
ComboFix-quarantined-files.txt 2011-11-16 21:12
ComboFix2.txt 2011-10-25 19:04
.
Pre-Run: 88.762.998.784 bytes beschikbaar
Post-Run: 89.193.934.848 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 134865112B4177BD777C9891E57B488F
-
Goedenavond Kape,
MVPSA host gedownload en gedraaid, en met een kort check bij een pagina waarbij ik elke keer werd "doorgesluisd" gebeurd dit nu niet meer:-).
Nu verder met combofix?
Gijs
-
Asus, Merci en bedankt tot zover,
Er is naast ongevraagd muziek nog wel meer aan de hand
.Als ik bv een site aanklik na een zoekactie op google wordt ik eerst twee of drie keer "doorgesluist" naar reklame sites
voordat ik de site die ik wil zien te zien krijg.
Ben benieuwd
Gijs
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:28:33, on 16-11-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Internet, televisie, mobiel en vast bellen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247168174955
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247168141080
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca01a04ea3943e) (gupdate1ca01a04ea3943e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
--
End of file - 7703 bytes
-
Als ik online ben word er regelmatig verbinding gemaakt met een internet radio station (denk ik).
er draait dan geen mediaplayer win amp of vlc oid en toch komt er muziek uit mijn systeem
Iemand een idee?
.
google redirect
in Archief Bestrijding malware & virussen
Geplaatst:
Kape,
Zodra ik de download link aanklik word er een bestand genaamd launch.exe gedownload.
als ik launch.exe aanklik sluit het gehele systeem af wegens een fatale fout
heb je een andere link?
Gijs