annemarijke
-
Items
13 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door annemarijke
-
-
Hoop dat je er wijs uit kunt worden, hoop dat mijn "rest"gegevens niet openbaar zijn nu!!!
Kun je me vertellen wat je nu zoal gevonden hebt? wat perifeb zit er nog steeds in namelijk.
Hoop dat je me duidelijkheid kunt geven.
Groetjes Annemarijke
-
1 x teveel geplaatst
-
! x teveel geplaatst
-
Hallo,
Ik snap er niets van die perfib wil er gewoon niet uit, nu heeft ie weer een andere toevoegsel: perifib perfdata_acf.
Volgens mij verdwijt de één en komt er een andere voor in de plaats.
weet jij wat die perifib voor schade kan brengen? hij blijft maar komen.
en het zoek.exe logje kan hem niet vinden terwijl die perifib toch duidelijk in temp zit.
Hierbij het zoek.exe logje
Zoek.exe Version 3.0.0.3 Updated 25-08-2012
Tool run by Administrator on zo 26-08-2012 at 18:36:47,42.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zoek.exe
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4"
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
==== Deleting Files \ Folders ======================
"%windir%\temp\*" not found
"C:\WINDOWS\temp\avginfo.id" deleted
"C:\WINDOWS\temp\defaultCache.reg" deleted
"C:\WINDOWS\temp\dw.log" deleted
"C:\WINDOWS\temp\MpSigStub.log" deleted
"C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not deleted
"C:\WINDOWS\temp\WGAErrLog.txt" deleted
After Reboot
==== Deleting Files / Folders ======================
"C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not found
-
Ik snap er niets van waarom hij die niet kan verwijderen. Volgens log vind ie hem zelfs niet terwijl hij er duidelijk zit in temp.
nu is het weer een perfib data_afc !
Waarschijnlijk gaat de één eruit en komt er weer een nieuwe in.
Weet jij wat perifib doet?
Het zoek.exe logje vervolg hieronder.
Zoek.exe Version 3.0.0.3 Updated 25-08-2012
Tool run by Administrator on zo 26-08-2012 at 18:36:47,42.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zoek.exe
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4"
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
==== Deleting Files \ Folders ======================
"%windir%\temp\*" not found
"C:\WINDOWS\temp\avginfo.id" deleted
"C:\WINDOWS\temp\defaultCache.reg" deleted
"C:\WINDOWS\temp\dw.log" deleted
"C:\WINDOWS\temp\MpSigStub.log" deleted
"C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not deleted
"C:\WINDOWS\temp\WGAErrLog.txt" deleted
After Reboot
==== Deleting Files / Folders ======================
"C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not found
-
Hallo, Hierbij het logje van zoek.exe. de oude perfib met de nummer is eruit, heb nu een andere nummer: b84. stuur tevens een print screen van temp met perfib en de eigenschappen ervan, misschien kun jij door het zien van de gegevens dan iets mee,
Zoek.exe Version 3.0.0.3 Updated 25-08-2012
Tool run by Administrator on zo 26-08-2012 at 9:53:58,31.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zoek.exe
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4"
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
==== Deleting Files \ Folders ======================
"%temp%\*" not found
"%windir%\temp\*" not found
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Arabic.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Czech.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Danish.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dutch.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\English.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Finnish.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\French.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\German.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Greek.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hebrew.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hungarian.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ichcop" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Italian.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Japanese.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Korean.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Norwegian.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ostmp.tmp" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Polish.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Portuguese(Brazil).bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Portuguese.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Russian.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sed.exe" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SimChin.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Spanish.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SWEDISH.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\swreg.exe" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thai.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TradChin.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Turkish.bin" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wget.exe" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF393.tmp" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF483F.tmp" deleted
"C:\WINDOWS\temp\avginfo.id" deleted
"C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat" not deleted
"C:\WINDOWS\temp\Perflib_Perfdata_bac.dat" not deleted
"C:\WINDOWS\temp\WGAErrLog.txt" deleted
"C:\WINDOWS\temp\IXP000.TMP\BBSetup.exe" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BD.tmp" not deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msohtmlclip1" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE" deleted
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wzcfec" deleted
"C:\WINDOWS\temp\E241E1DFBDF14CEDBCDA15DD56168EF4" deleted
"C:\WINDOWS\temp\IXP000.TMP" not deleted
After Reboot
==== Deleting Files / Folders ======================
"C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat" not found
"C:\WINDOWS\temp\Perflib_Perfdata_bac.dat" not found
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BD.tmp" not found
"C:\WINDOWS\temp\IXP000.TMP" not found
-
Hallo,
Heb gedaan wat je vroeg, hieronder dus de logfile.
Maar zoals je in de file leest, kan ie Perflib_Perfdata_41c niet vinden, maar hij zit er wel, zojuist nog gekeken. Hardnekkig ding!!!!had ook al geprobeerd door naamwijziging of knippen voor in de prullenbak, maar geeft steeds aan dat ie door iets in gebruik is!!!!!!!krijg het niet verwijderd en deze Avenger dus ook niet, wat betekent dat ding eigenlijk, wat doet ie? Als ie verder geen kwaad doet, mag ie blijven. maar anders ....weg ermee.
Moet ik trouwens alle bestanden die ik van jouw heb bewaren op het bueaublad?
Vind het echt super dat je me zo helpt, ben je echt dankbaar, ken je niet maar je krijgt toch een virituele knuffel.
Lieve groetjes
Annemarijke
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\temp\Perflib_Perfdata_41c.dat" not found!
Deletion of file "C:\WINDOWS\temp\Perflib_Perfdata_41c.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
-
Hallo, ik merk dat de pc en internetverbinding sneller reageert. Daarvoor mijn hartelijke dank:adore:
, ik neem aan dat de restanten van de virussen nu weg zijn, alleen zie ik bij temp nog steeds Perflib_Perfdata_41c staan!!! Kunnen jullie me zeggen of deze ook een bedreiging is voor mijn internet acites? En vraag ik me af..ben nogal nieuws (leer) chierig, wat zat er nou precies in mijn pc, virussen of andere storingen? Zou heel graag willen weten wat er rondzwierf in mijn pc.ik trof trouwens geen directory aan in system 32
lieve groetjes van
Annemarijke
-
Hierbij de nieuwe combifix en hijack logs,
na het scannen met hijackthis kon ik 03 , 016 DPF imikini en 023 niet vinden om aan te kliken en dus daarmee geen fix checked doen!
Ik snap niet hoe jullie dit hieronder allemaal begrijpen haha, maar goed, ik hoop dat het werkt, kunnen jullie me al vertellen waar het mankement zit? en of het opgelost kan worden?
Ik leg mijn pc in handen van mensen die ik niet ken natuurlijk, maar vertrouw er helemaal op dat jullie te vertrouwen zijn.
groetjes
Annemarijke
ComboFix 12-08-22.03 - Administrator 25-08-2012 10:15:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1271 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
FILE ::
"c:\windows\system32\drivers\iq5c.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\Web Assistant\Firefox\chrome.manifest
c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js
c:\program files\Web Assistant\Firefox\chrome\content\main.js
c:\program files\Web Assistant\Firefox\chrome\content\main.xul
c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js
c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd
c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css
c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js
c:\program files\Web Assistant\Firefox\install.rdf
c:\program files\Web Assistant\InstallerHelper.dll
c:\program files\Web Assistant\libraries\DataExchangeScript.js
c:\program files\Web Assistant\resources\localscript.js
c:\program files\Web Assistant\source.crx
c:\program files\Web Assistant\unins000.dat
c:\program files\Web Assistant\unins000.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAE.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IQ5C.SYS
-------\Legacy_WEB_ASSISTANT_UPDATER
-------\Service_iq5c.sys
-------\Service_Web Assistant Updater
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-25 to 2012-08-25 ))))))))))))))))))))))))))))))
.
.
2012-08-25 08:20 . 2012-08-19 23:53 7023536 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-08-25 08:05 . 2012-08-25 08:08 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-25 07:57 . 2012-08-25 08:08 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend
2012-08-24 12:02 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-24 10:52 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-24 10:52 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-24 10:52 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search
2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG
2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-02 17:38 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-02 13:19 . 2008-04-21 15:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-04-21 12:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-04-21 12:10 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-04-21 12:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-04-21 12:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-04-21 12:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2002-12-31 12:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-21 12:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-04-21 15:07 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-04-21 12:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-04-21 15:18 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-04-21 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2002-12-31 12:00 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 10:25 . 2009-10-04 07:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-08-24_05.53.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-25 08:27 . 2012-08-25 08:27 16384 c:\windows\Temp\Perflib_Perfdata_87c.dat
+ 2012-08-24 10:33 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-08-24 10:33 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2002-12-31 12:00 . 2011-11-20 06:12 60928 c:\windows\system32\packager.exe
+ 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\mshtmled.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\jsproxy.dll
- 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\jsproxy.dll
+ 2002-12-31 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2002-12-31 12:00 . 2008-04-14 17:02 80384 c:\windows\system32\iccvid.dll
+ 2002-12-31 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2009-06-11 06:39 . 2010-05-06 10:37 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 06:39 . 2012-07-02 17:38 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-21 12:10 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2008-04-21 12:10 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-21 12:10 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2011-11-20 06:12 . 2011-11-20 06:12 60928 c:\windows\system32\dllcache\packager.exe
+ 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-21 22:08 . 2010-05-06 10:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-21 22:08 . 2012-07-02 17:38 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2002-12-31 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2002-12-31 12:00 . 2011-10-28 05:32 33280 c:\windows\system32\csrsrv.dll
- 2002-12-31 12:00 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-21 13:43 . 2012-08-25 08:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-25 08:12 . 2010-05-06 10:37 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-25 08:12 . 2009-03-08 02:31 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-25 08:12 . 2009-03-08 02:34 43008 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2002-12-31 12:00 . 2011-03-04 06:36 420864 c:\windows\system32\vbscript.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\occache.dll
- 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\occache.dll
+ 2002-12-31 12:00 . 2010-12-09 15:15 739328 c:\windows\system32\ntdll.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\mstime.dll
- 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\mstime.dll
+ 2002-12-31 12:00 . 2010-12-20 17:25 735232 c:\windows\system32\lsasrv.dll
- 2002-12-31 12:00 . 2009-06-25 08:27 735232 c:\windows\system32\lsasrv.dll
- 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\iepeers.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\iepeers.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\iedkcs32.dll
- 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\iedkcs32.dll
+ 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
+ 2008-04-21 12:10 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-21 12:10 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2008-04-21 12:10 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-21 12:10 . 2011-04-30 03:00 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:56 . 2011-03-04 06:36 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 105984 c:\windows\system32\dllcache\url.dll
- 2002-12-31 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-15 14:55 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\dllcache\occache.dll
- 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-15 05:56 . 2010-12-09 15:15 739328 c:\windows\system32\dllcache\ntdll.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\dllcache\mstime.dll
- 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-21 22:08 . 2012-07-02 17:38 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-15 05:56 . 2010-12-20 17:25 735232 c:\windows\system32\dllcache\lsasrv.dll
- 2009-04-15 05:56 . 2009-06-25 08:27 735232 c:\windows\system32\dllcache\lsasrv.dll
- 2008-05-09 10:56 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:56 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-06-11 06:39 . 2010-05-06 10:36 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-11 06:39 . 2012-07-02 17:38 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\dllcache\iepeers.dll
- 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 05:17 . 2012-07-02 17:38 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 05:17 . 2010-05-06 10:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-08-25 08:12 . 2010-05-06 10:37 916480 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-25 08:12 . 2009-03-08 02:34 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-25 08:12 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-25 08:12 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-25 08:12 . 2010-05-06 10:37 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-25 08:12 . 2010-05-06 10:37 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 599040 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-25 08:12 . 2009-03-08 02:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-25 08:12 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-08-25 08:10 . 2009-03-08 02:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-08-25 08:10 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-08-25 08:10 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-08-25 08:11 . 2010-03-10 06:17 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-08-25 08:11 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-08-25 08:11 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-08-25 08:11 . 2009-12-09 05:55 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2002-12-31 12:00 . 2010-12-09 15:14 2153472 c:\windows\system32\ntoskrnl.exe
+ 2005-04-23 10:06 . 2010-12-09 15:14 2031616 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-21 12:10 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2002-12-31 12:00 . 2012-07-02 17:38 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2002-12-31 12:00 . 2012-07-02 17:38 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-21 22:08 . 2012-07-02 17:38 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\8f57d.msp
+ 2008-04-21 13:43 . 2012-08-25 08:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-21 13:43 . 2010-07-15 06:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-04-21 13:43 . 2012-08-25 08:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-25 08:12 . 2010-05-06 10:37 1209344 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-25 08:12 . 2010-05-06 10:37 5950976 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 1985536 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-04-21 22:08 . 2012-07-02 21:08 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-08-25 08:12 . 2010-05-06 10:36 11076096 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496]
YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - uphcleanhlp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56]
.
2012-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]
.
2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q=
FF - user.js: extensions.Softonic.admin - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-25 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-25 10:33:12 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-25 08:32
ComboFix2.txt 2012-08-24 12:11
ComboFix3.txt 2012-08-24 05:59
.
Pre-Run: 29.009.039.360 bytes beschikbaar
Post-Run: 28.900.728.832 bytes beschikbaar
.
- - End Of File - - F154FD8E9F235296AD35F005758F6EDC
Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:47, on 25-8-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
--
End of file - 12264 bytes
-
Hierbij mijn logs waar jullie naar vroegen i.v.m. mijn vraag omtrent Perflib_Perfdata_41c bedreiging of niet?
Hoop dat jullie mij kunnen helpen. Ben reuze benieuwd, echt super dat jullie dit doen. Hoop snel van jullie te lezen.
Lieve groetjes
Annemarijke
ComboFix 12-08-22.03 - Administrator 24-08-2012 7:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1423 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\0000.wmv
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Administrator\Application Data\SystemProc
c:\documents and settings\Administrator\Bureaublad\Internet Explorer.lnk
c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\igfxtray.exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Administrator\WUP116.tmp
c:\documents and settings\Administrator\WUP12C.tmp
c:\documents and settings\Administrator\WUP151.tmp
c:\documents and settings\Administrator\WUP152.tmp
c:\documents and settings\Administrator\WUP153.tmp
c:\documents and settings\Administrator\WUP154.tmp
c:\documents and settings\Administrator\WUP155.tmp
c:\documents and settings\Administrator\WUP156.tmp
c:\documents and settings\Administrator\WUP157.tmp
c:\documents and settings\Administrator\WUP158.tmp
c:\documents and settings\Administrator\WUP159.tmp
c:\documents and settings\Administrator\WUP15A.tmp
c:\documents and settings\Administrator\WUP15B.tmp
c:\documents and settings\Administrator\WUP15C.tmp
c:\documents and settings\Administrator\WUP15D.tmp
c:\documents and settings\Administrator\WUP15E.tmp
c:\documents and settings\Administrator\WUP15F.tmp
c:\documents and settings\Administrator\WUP160.tmp
c:\documents and settings\Administrator\WUP161.tmp
c:\documents and settings\Administrator\WUP161C.tmp
c:\documents and settings\Administrator\WUP1719.tmp
c:\documents and settings\Administrator\WUP17B1.tmp
c:\documents and settings\Administrator\WUP1900.tmp
c:\documents and settings\Administrator\WUP19D0.tmp
c:\documents and settings\Administrator\WUP19FC.tmp
c:\documents and settings\Administrator\WUP1A.tmp
c:\documents and settings\Administrator\WUP1A19.tmp
c:\documents and settings\Administrator\WUP1A78.tmp
c:\documents and settings\Administrator\WUP1BE3.tmp
c:\documents and settings\Administrator\WUP1C99.tmp
c:\documents and settings\Administrator\WUP1DB7.tmp
c:\documents and settings\Administrator\WUP2023.tmp
c:\documents and settings\Administrator\WUP2306.tmp
c:\documents and settings\Administrator\WUP247D.tmp
c:\documents and settings\Administrator\WUP2735.tmp
c:\documents and settings\Administrator\WUP2B09.tmp
c:\documents and settings\Administrator\WUP2BBE.tmp
c:\documents and settings\Administrator\WUP2CEB.tmp
c:\documents and settings\Administrator\WUP2D6F.tmp
c:\documents and settings\Administrator\WUP3086.tmp
c:\documents and settings\Administrator\WUP3239.tmp
c:\documents and settings\Administrator\WUP33DD.tmp
c:\documents and settings\Administrator\WUP3475.tmp
c:\documents and settings\Administrator\WUP352.tmp
c:\documents and settings\Administrator\WUP3E56.tmp
c:\documents and settings\Administrator\WUP3E79.tmp
c:\documents and settings\Administrator\WUP3FF6.tmp
c:\documents and settings\Administrator\WUP4136.tmp
c:\documents and settings\Administrator\WUP41F4.tmp
c:\documents and settings\Administrator\WUP4BD1.tmp
c:\documents and settings\Administrator\WUP4BF8.tmp
c:\documents and settings\Administrator\WUP4E.tmp
c:\documents and settings\Administrator\WUP4E23.tmp
c:\documents and settings\Administrator\WUP4EF6.tmp
c:\documents and settings\Administrator\WUP4FA0.tmp
c:\documents and settings\Administrator\WUP50F1.tmp
c:\documents and settings\Administrator\WUP5138.tmp
c:\documents and settings\Administrator\WUP534.tmp
c:\documents and settings\Administrator\WUP5666.tmp
c:\documents and settings\Administrator\WUP58DF.tmp
c:\documents and settings\Administrator\WUP59A.tmp
c:\documents and settings\Administrator\WUP5B42.tmp
c:\documents and settings\Administrator\WUP5BA9.tmp
c:\documents and settings\Administrator\WUP5BE.tmp
c:\documents and settings\Administrator\WUP5C43.tmp
c:\documents and settings\Administrator\WUP5E45.tmp
c:\documents and settings\Administrator\WUP5E9.tmp
c:\documents and settings\Administrator\WUP5F14.tmp
c:\documents and settings\Administrator\WUP5F62.tmp
c:\documents and settings\Administrator\WUP6089.tmp
c:\documents and settings\Administrator\WUP629.tmp
c:\documents and settings\Administrator\WUP62A.tmp
c:\documents and settings\Administrator\WUP64F5.tmp
c:\documents and settings\Administrator\WUP68F.tmp
c:\documents and settings\Administrator\WUP70A.tmp
c:\documents and settings\Administrator\WUP70A1.tmp
c:\documents and settings\Administrator\WUP737.tmp
c:\documents and settings\Administrator\WUP73C0.tmp
c:\documents and settings\Administrator\WUP760.tmp
c:\documents and settings\Administrator\WUP79.tmp
c:\documents and settings\Administrator\WUP7A.tmp
c:\documents and settings\Administrator\WUP7B.tmp
c:\documents and settings\Administrator\WUP7C.tmp
c:\documents and settings\Administrator\WUP7D.tmp
c:\documents and settings\Administrator\WUP7E.tmp
c:\documents and settings\Administrator\WUP7F.tmp
c:\documents and settings\Administrator\WUP80.tmp
c:\documents and settings\Administrator\WUP81.tmp
c:\documents and settings\Administrator\WUP82.tmp
c:\documents and settings\Administrator\WUP83.tmp
c:\documents and settings\Administrator\WUP84.tmp
c:\documents and settings\Administrator\WUP85.tmp
c:\documents and settings\Administrator\WUP86.tmp
c:\documents and settings\Administrator\WUP87.tmp
c:\documents and settings\Administrator\WUP88.tmp
c:\documents and settings\Administrator\WUP882.tmp
c:\documents and settings\Administrator\WUP89.tmp
c:\documents and settings\Administrator\WUP89E.tmp
c:\documents and settings\Administrator\WUP8A.tmp
c:\documents and settings\Administrator\WUP8B.tmp
c:\documents and settings\Administrator\WUP8C.tmp
c:\documents and settings\Administrator\WUP8D.tmp
c:\documents and settings\Administrator\WUP8E.tmp
c:\documents and settings\Administrator\WUP8F.tmp
c:\documents and settings\Administrator\WUP90.tmp
c:\documents and settings\Administrator\WUP91.tmp
c:\documents and settings\Administrator\WUP92.tmp
c:\documents and settings\Administrator\WUP93.tmp
c:\documents and settings\Administrator\WUP94.tmp
c:\documents and settings\Administrator\WUP95.tmp
c:\documents and settings\Administrator\WUP96.tmp
c:\documents and settings\Administrator\WUP97.tmp
c:\documents and settings\Administrator\WUP98.tmp
c:\documents and settings\Administrator\WUP99.tmp
c:\documents and settings\Administrator\WUP9A.tmp
c:\documents and settings\Administrator\WUP9B.tmp
c:\documents and settings\Administrator\WUP9C.tmp
c:\documents and settings\Administrator\WUP9D.tmp
c:\documents and settings\Administrator\WUP9E.tmp
c:\documents and settings\Administrator\WUP9F.tmp
c:\documents and settings\Administrator\WUPA0.tmp
c:\documents and settings\Administrator\WUPA1.tmp
c:\documents and settings\Administrator\WUPA2.tmp
c:\documents and settings\Administrator\WUPA5.tmp
c:\documents and settings\Administrator\WUPA7.tmp
c:\documents and settings\Administrator\WUPA8.tmp
c:\documents and settings\Administrator\WUPA9.tmp
c:\documents and settings\Administrator\WUPAA.tmp
c:\documents and settings\Administrator\WUPAB.tmp
c:\documents and settings\Administrator\WUPAC.tmp
c:\documents and settings\Administrator\WUPACF.tmp
c:\documents and settings\Administrator\WUPAD.tmp
c:\documents and settings\Administrator\WUPAE.tmp
c:\documents and settings\Administrator\WUPAF.tmp
c:\documents and settings\Administrator\WUPB0.tmp
c:\documents and settings\Administrator\WUPB1.tmp
c:\documents and settings\Administrator\WUPB2.tmp
c:\documents and settings\Administrator\WUPB3.tmp
c:\documents and settings\Administrator\WUPB36.tmp
c:\documents and settings\Administrator\WUPB4.tmp
c:\documents and settings\Administrator\WUPB5.tmp
c:\documents and settings\Administrator\WUPB6.tmp
c:\documents and settings\Administrator\WUPB7.tmp
c:\documents and settings\Administrator\WUPB8.tmp
c:\documents and settings\Administrator\WUPB9.tmp
c:\documents and settings\Administrator\WUPBA.tmp
c:\documents and settings\Administrator\WUPBB.tmp
c:\documents and settings\Administrator\WUPBC.tmp
c:\documents and settings\Administrator\WUPBCB.tmp
c:\documents and settings\Administrator\WUPBD.tmp
c:\documents and settings\Administrator\WUPBE.tmp
c:\documents and settings\Administrator\WUPBF.tmp
c:\documents and settings\Administrator\WUPC0.tmp
c:\documents and settings\Administrator\WUPC1.tmp
c:\documents and settings\Administrator\WUPC2.tmp
c:\documents and settings\Administrator\WUPC3.tmp
c:\documents and settings\Administrator\WUPC4.tmp
c:\documents and settings\Administrator\WUPC480.tmp
c:\documents and settings\Administrator\WUPC5.tmp
c:\documents and settings\Administrator\WUPC6.tmp
c:\documents and settings\Administrator\WUPC7.tmp
c:\documents and settings\Administrator\WUPC791.tmp
c:\documents and settings\Administrator\WUPD57.tmp
c:\documents and settings\Administrator\WUPDF.tmp
c:\documents and settings\Administrator\WUPE0.tmp
c:\documents and settings\Administrator\WUPE0B0.tmp
c:\documents and settings\Administrator\WUPE1.tmp
c:\documents and settings\Administrator\WUPE2.tmp
c:\documents and settings\Administrator\WUPE3.tmp
c:\documents and settings\Administrator\WUPE4.tmp
c:\documents and settings\Administrator\WUPE5.tmp
c:\documents and settings\Administrator\WUPE6.tmp
c:\documents and settings\Administrator\WUPE7.tmp
c:\documents and settings\Administrator\WUPE8.tmp
c:\documents and settings\Administrator\WUPE85.tmp
c:\documents and settings\Administrator\WUPE8D5.tmp
c:\documents and settings\Administrator\WUPE9.tmp
c:\documents and settings\Administrator\WUPEA.tmp
c:\documents and settings\Administrator\WUPEB.tmp
c:\documents and settings\Administrator\WUPEC.tmp
c:\documents and settings\Administrator\WUPED.tmp
c:\documents and settings\Administrator\WUPEE.tmp
c:\documents and settings\Administrator\WUPEF.tmp
c:\documents and settings\Administrator\WUPF0.tmp
c:\documents and settings\Administrator\WUPF1.tmp
c:\documents and settings\Administrator\WUPF2.tmp
c:\documents and settings\Administrator\WUPF3.tmp
c:\documents and settings\Administrator\WUPF4.tmp
c:\documents and settings\Administrator\WUPF4F8.tmp
c:\documents and settings\Administrator\WUPF5.tmp
c:\documents and settings\Administrator\WUPF6.tmp
c:\documents and settings\Administrator\WUPF7.tmp
c:\documents and settings\Administrator\WUPF751.tmp
c:\documents and settings\Administrator\WUPF8.tmp
c:\documents and settings\Administrator\WUPF9.tmp
c:\documents and settings\Administrator\WUPFA.tmp
c:\documents and settings\Administrator\WUPFA35.tmp
c:\documents and settings\Administrator\WUPFB.tmp
c:\documents and settings\Administrator\WUPFC.tmp
c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk
C:\Install.exe
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\IsUn0413.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\951b6b803687647a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cc8c1434dfe4f922.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Driver
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))))
.
.
2012-08-24 05:10 . 2012-08-24 05:18 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend
2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search
2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG
2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll" [2012-07-10 274536]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496]
YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [29-4-2012 14:32 185856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576]
S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - uphcleanhlp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56]
.
2012-08-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]
.
2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJprBAXQ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5ce368c50000000000000015588deaa4
FF - user.js: extensions.incredibar_i.instlDay - 15459
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:33
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyJprBAXQ
FF - user.js: extensions.incredibar_i.upn2n - 92261838775280566
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00087/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 5ce368c50000000000000015588deaa4
FF - user.js: extensions.Softonic.instlDay - 15459
FF - user.js: extensions.Softonic.vrsn - 1.6.4.3
FF - user.js: extensions.Softonic.vrsni - 1.6.4.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.314:41
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00087
FF - user.js: extensions.Softonic.dfltLng - nl
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-AdobeBridge - (no file)
Notify-__c00778D1 - c:\windows\system32\__c00778D1.dat
Notify-__c00C37A1 - c:\windows\system32\__c00C37A1.dat
Notify-__c00D7980 - c:\windows\system32\__c00D7980.dat
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-24 07:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-24 07:58:59 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-24 05:58
.
Pre-Run: 29.982.203.904 bytes beschikbaar
Post-Run: 29.941.633.024 bytes beschikbaar
.
- - End Of File - - 82D059427ABFAE8E82692B6CABE2AFB4
de Hijack log!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:24:59, on 24-8-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe
C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 12879 bytes
-
Ik heb allerlei trojan psw virussen op mijn pc (gehad)! ik heb jullie combofix gebruikt om deze virussen te verwijderen, met succes leek het, maar de bovenstaande "dat" bestand blijft in temp staan, krijg er niet uit, ik vraag me af is deze een bedreiging, kan ik hem laten staan of moet ie eruit? maar danis de vraag hoe?
groetjes Annemarijke
-
Ik heb allerlei trojan psw virussen op mijn pc (gehad)! ik heb jullie combofix gebruikt om deze virussen te verwijderen, met succes leek het, maar de bovenstaande "dat" bestand blijft in temp staan, krijg er niet uit, ik vraag me af is deze een bedreiging, kan ik hem laten staan of moet ie eruit? maar danis de vraag hoe?
groetjes Annemarijke
, ik neem aan dat de restanten van de virussen nu weg zijn, alleen zie ik bij temp nog steeds Perflib_Perfdata_41c staan!!! Kunnen jullie me zeggen of deze ook een bedreiging is voor mijn internet acites? En vraag ik me af..ben nogal nieuws (leer) chierig, wat zat er nou precies in mijn pc, virussen of andere storingen? Zou heel graag willen weten wat er rondzwierf in mijn pc.
Perflib_Perfdata_41c bedreiging?
in Archief Bestrijding malware & virussen
Geplaatst:
Hallo Kape
Het duurde ff voor ik je terug mail, sorry hiervoor, ik heb helaas nog niet kunnen doen wat je van me vroeg de laatste keer, merk trouwens wederom dat de pc weer supersloom reageert. Heb de AVG scanner erover heen gehaald en zit dus weer vol met trojans, zie hieronder, heb alleen ff een printscreen gemaakt, kun je in iedergeval zien waar het zoal in zit.
[ATTACH]20901[/ATTACH]
Verder heb ik weer vaste ongewenste "klanten"in mijn temp!! [ATTACH]20902[/ATTACH]
Geef de mod een beetje op haha, denk eraan om mijn hele pc ff leg te gooien en alles erop nieuw in, maar ja dat is ook zon een gedoen, dus mijn laatste hoop ben jij.
Hoop dat je me kunt helpen, ik denk namelijk dat er morgen weer meer in temp staat dan nu!!
Groetjes
Annemarijke
trojaans.doc
temp bestanden.doc