Inhoud van ten

10 november 2012

Goedemorgen hierbij het logje van Combofix.

ComboFix 12-11-09.02 - Gebruiker 09-11-2012 13:27:15.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.347 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Mijn documenten\Downloads\ComboFix.exe

AV: AVG Anti-Virus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Gebruiker\Application Data\ACD Systems\ACDSee\ImageDB.ddf

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\msssc.dll

c:\windows\system32\roboot.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-09 to 2012-11-09 ))))))))))))))))))))))))))))))

.

2012-11-09 06:31 . 2012-11-09 06:31 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG2013

2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software

2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\AVG Secure Search

2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG Secure Search

2012-11-09 06:29 . 2012-11-09 06:28 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\program files\AVG Secure Search

2012-11-09 06:28 . 2012-11-09 06:28 -------- d-----w- c:\windows\LastGood

2012-11-09 06:27 . 2012-11-09 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013

2012-11-09 06:27 . 2012-11-09 06:27 -------- d-----w- C:\$AVG

2012-11-09 06:26 . 2012-11-09 06:26 -------- d-----w- c:\program files\AVG

2012-11-09 06:06 . 2012-11-09 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-11-09 06:06 . 2012-11-09 06:34 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013

2012-11-09 06:06 . 2012-11-09 06:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-11-09 06:06 . 2012-11-09 06:06 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\MFAData

2012-11-08 07:47 . 2012-11-08 07:47 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-08 07:47 . 2012-11-08 07:47 -------- d-----w- c:\program files\Trend Micro

2012-11-07 13:18 . 2012-11-07 14:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2012-11-07 13:14 . 2012-11-07 13:14 -------- d-----w- C:\ProgramData

2012-11-07 13:14 . 2012-11-07 13:14 -------- d-----w- C:\Cover DVD1

2012-11-07 10:14 . 2012-11-07 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-11-07 10:14 . 2012-11-07 13:36 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-07 10:14 . 2012-11-07 10:14 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\SUPERAntiSpyware.com

2012-11-07 09:35 . 2012-11-07 10:05 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2012-11-07 08:06 . 2012-11-07 08:06 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\ElevatedDiagnostics

2012-11-05 12:25 . 2003-05-14 20:07 389120 ----a-w- c:\windows\system32\actskn43.ocx

2012-11-05 12:25 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll

2012-11-05 12:25 . 2003-01-26 14:48 147456 ----a-w- c:\windows\system32\Vbzip11.dll

2012-11-05 12:25 . 1999-04-17 22:36 10752 ----a-w- c:\windows\system32\aamd532.dll

2012-11-05 12:25 . 1998-04-23 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll

2012-11-05 12:24 . 2012-11-05 12:24 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Webroot

2012-11-05 12:24 . 2012-11-05 12:24 -------- d-----w- c:\program files\Webroot

2012-11-05 08:12 . 2012-11-05 08:12 -------- d-----w- c:\program files\Enigma Software Group

2012-11-05 08:11 . 2012-11-07 09:36 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2012-11-05 08:11 . 2012-11-07 13:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-11-05 08:05 . 2012-11-07 11:12 -------- d-----w- c:\program files\Best Removal Tool

2012-10-30 08:24 . 2012-10-30 08:24 -------- d-----w- c:\program files\MSXML 4.0

2012-10-28 09:32 . 2012-10-28 09:44 -------- d-----w- c:\windows\Ulead.dat

2012-10-28 09:29 . 2012-10-28 10:09 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\WMTools Downloaded Files

2012-10-28 09:23 . 2000-05-22 21:58 608448 ----a-w- c:\windows\system32\comctl32.ocx

2012-10-28 09:07 . 2012-10-28 09:23 -------- d-----w- c:\program files\Total Video Converter

2012-10-28 09:03 . 2012-10-28 09:03 -------- d-----w- c:\documents and settings\Gebruiker\dwhelper

2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-10-20 06:00 . 2012-10-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2012-10-17 13:12 . 2012-10-17 13:12 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\HP

2012-10-17 13:05 . 2012-10-17 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2012-10-17 13:05 . 2012-10-17 13:05 -------- d-----w- c:\program files\Hewlett-Packard

2012-10-17 13:05 . 2012-10-17 13:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2012-10-17 13:04 . 2012-10-17 13:04 -------- d-----w- c:\program files\Common Files\HP

2012-10-17 13:03 . 2012-10-17 13:05 -------- d-----w- c:\program files\HP

2012-10-17 13:03 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2012-10-17 13:03 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-10-13 11:52 . 2012-10-13 11:53 -------- d-----w- c:\program files\ACD Systems

2012-10-13 11:47 . 2012-10-13 11:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\ACD Systems

2012-10-13 11:13 . 1998-10-30 04:02 11264 ----a-w- c:\windows\system32\Jgid500.dll

2012-10-13 11:13 . 1998-10-30 04:02 11264 ----a-w- c:\windows\system32\Jgar500.dll

2012-10-13 11:13 . 1998-10-30 04:02 144896 ----a-w- c:\windows\system32\Jgdw500.dll

2012-10-13 11:13 . 1998-10-30 04:03 13312 ----a-w- c:\windows\system32\Jgst500.dll

2012-10-13 11:13 . 1998-10-30 04:03 15872 ----a-w- c:\windows\system32\Jgpl500.dll

2012-10-13 11:13 . 1998-10-30 04:02 7168 ----a-w- c:\windows\system32\Jgme500.dll

2012-10-13 11:13 . 1999-12-15 11:18 1056768 ----a-w- c:\windows\system32\Roboex32.dll

2012-10-12 10:09 . 2012-10-12 10:09 -------- d-----w- c:\windows\ShellNew

2012-10-12 09:40 . 2012-10-12 09:40 -------- d-----w- c:\windows\Local Settings

2012-10-12 09:40 . 2012-10-12 09:40 -------- d-----w- c:\program files\Desktop Tray Clock

2012-10-12 09:27 . 2012-10-12 09:27 -------- d-----w- c:\program files\Yz Shadow

2012-10-12 09:24 . 2012-11-07 13:33 -------- d-----w- c:\program files\DVD2SVCD

2012-10-12 09:24 . 2012-10-12 09:24 -------- d-----w- c:\program files\Custom Technology

2012-10-12 09:24 . 2012-10-12 09:24 -------- d-----w- c:\program files\DVD Decrypter

2012-10-12 09:23 . 2001-12-08 18:20 38912 ----a-w- c:\windows\system32\HUFFYUV.DLL

2012-10-12 09:23 . 2012-10-12 09:24 -------- d-----w- c:\program files\AviSynth 2.5

2012-10-12 08:01 . 2012-10-12 08:01 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET

2012-10-12 05:41 . 2012-10-12 05:41 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2012-10-11 13:32 . 2012-10-11 13:32 -------- d-----w- c:\program files\Gophoto.it

2012-10-11 13:28 . 2012-11-08 09:27 -------- d-----w- c:\documents and settings\Gebruiker\Bureaublad

2012-10-11 12:58 . 2012-10-11 12:58 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google

2012-10-11 12:50 . 2012-10-11 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegUse

2012-10-11 12:49 . 2012-10-11 12:53 -------- d-----w- c:\program files\RegUse

2012-10-11 12:31 . 2012-10-11 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2012-10-11 12:30 . 2012-11-01 08:06 -------- d-----w- c:\program files\NCH Software

2012-10-11 12:30 . 2012-10-11 12:54 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\NCH Software

2012-10-11 09:04 . 2012-10-11 13:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-11 09:04 . 2012-10-11 13:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-11 07:56 . 2012-10-11 07:56 -------- d-----w- c:\windows\system32\C2MP

2012-10-11 07:43 . 2012-10-11 07:43 -------- d-----w- c:\program files\Yamicsoft

2012-10-11 07:43 . 2012-10-11 07:43 -------- d-----w- c:\program files\Computer-Expert Group

2012-10-11 07:11 . 2012-10-11 07:11 -------- d--h--w- c:\windows\PIF

2012-10-11 04:55 . 2012-06-04 15:35 222448 ----a-w- c:\windows\system32\muweb.dll

2012-10-11 04:55 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-06 10:40 . 2012-10-06 10:40 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-09-25 05:30 . 2012-09-25 05:30 3915776 ----a-w- c:\windows\system32\ffmpeg.dll

2012-09-25 05:30 . 2012-09-25 05:30 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-09-25 05:29 . 2012-09-25 05:29 3504128 ----a-w- c:\windows\system32\ffdshow.ax

2012-09-25 05:29 . 2012-09-25 05:29 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2012-09-25 05:29 . 2012-09-25 05:29 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2012-09-25 05:29 . 2012-09-25 05:29 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2012-09-25 05:29 . 2012-09-25 05:29 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2012-09-25 05:28 . 2012-09-25 05:28 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2012-09-25 05:28 . 2012-09-25 05:28 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2012-09-25 05:28 . 2012-09-25 05:28 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\system32\VSFilter.dll

2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-08-28 15:17 . 2003-04-08 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2003-04-08 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2012-05-14 09:29 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2003-04-08 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 19:01 . 2012-08-23 19:01 233472 ----a-w- c:\windows\system32\DCBassSourceMod.ax

2012-08-23 13:43 . 2012-08-23 13:43 54328 ----a-w- c:\windows\system32\bass_opus.dll

2012-08-23 06:27 . 2003-04-08 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2002-09-09 13:17 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-24 17:50 . 2012-11-04 09:08 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]

"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]

"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2008-04-26 1006344]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]

"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-09 1020512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\

Yz Shadow.lnk - c:\program files\Yz Shadow\YzShadow.exe [2002-9-30 151552]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Sitecom 300N USB Wireless LAN Utility.lnk - c:\program files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe [2012-10-6 966656]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SITECOM\\300N USB Wireless LAN Utility\\RtWLan.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

.

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21-9-2012 3:46 177376]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14-9-2012 3:05 35552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22-10-2012 13:02 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21-9-2012 3:45 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2-10-2012 3:30 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21-9-2012 3:46 164832]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9-11-2012 7:29 26984]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22-10-2012 13:05 196664]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [9-11-2012 7:29 711112]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [6-10-2012 11:38 594048]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15-10-2012 3:48 55776]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [6-11-2012 19:00 5814392]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - AVGIDSAGENT

*NewlyCreated* - AVGIDSDRIVER

*NewlyCreated* - AVGIDSSHIM

*NewlyCreated* - AVGLDX86

*NewlyCreated* - AVGLOGX

*NewlyCreated* - AVGMFX86

*NewlyCreated* - AVGRKX86

*NewlyCreated* - AVGTDIX

*NewlyCreated* - AVGTP

*NewlyCreated* - AVGWD

*NewlyCreated* - VTOOLBARUPDATER13.2.0

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 13:01]

.

2012-10-18 c:\windows\Tasks\RegUse.job

- c:\program files\RegUse\RegUse.exe [2012-08-16 08:37]

.

2012-11-09 c:\windows\Tasks\User_Feed_Synchronization-{C841954E-20DF-4D8C-9870-18AFD7A87585}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={A6B4900F-ABFC-4E18-A897-8BF73B519067}&mid=f95d026e1c4e47d086c9d145b06fe694-970a07a2be282277a370301e621d5afc54f01036〈=nl&ds=AVG&pr=pr&d=2012-11-09 07:29&v=13.2.0.4&sap=ku&q=

FF - ExtSQL: 2012-10-07 08:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - ExtSQL: 2012-10-12 08:35; YoutubeVideoDownloader@gefruckelt.de; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\YoutubeVideoDownloader@gefruckelt.de.xpi

FF - ExtSQL: 2012-10-18 14:50; onlinehdtv@onlinehd.tv; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\onlinehdtv@onlinehd.tv.xpi

FF - ExtSQL: 2012-10-18 14:50; artur.dubovoy@gmail.com; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\artur.dubovoy@gmail.com.xpi

FF - ExtSQL: 2012-11-01 09:15; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - ExtSQL: 2012-11-04 09:25; stefanvandamme@stefanvd.net; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\stefanvandamme@stefanvd.net.xpi

FF - ExtSQL: 2012-11-09 07:29; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.4

FF - ExtSQL: !HIDDEN! 2012-05-14 14:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-RegistryMechanic - (no file)

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-09 13:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat

het bestand door een ander proces wordt gebruikt.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2012-11-09 13:54:16

ComboFix-quarantined-files.txt 2012-11-09 12:54

.

Pre-Run: 29.407.600.640 bytes beschikbaar

Post-Run: 29.436.334.080 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 31898D16394EED6CFC2A222F5A923755

ComboFix-quarantined-files

2012-11-09 12:51:44 . 2012-11-09 12:51:45 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-RegistryMechanic.reg.dat

2012-11-09 12:40:09 . 2012-11-09 12:40:09 5,037 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-11-09 12:21:37 . 2012-11-09 12:21:38 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-10-13 11:53:17 . 2012-10-13 11:53:17 17,600 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\ACD Systems\ACDSee\ImageDB.ddf.vir

2012-10-08 06:56:34 . 2012-03-14 13:47:42 17,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\roboot.exe.vir

2012-05-14 08:54:57 . 2012-05-14 08:54:57 44 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msssc.dll.vir

2012-05-14 07:26:51 . 2003-04-08 12:00:00 520,192 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\wmpvis.dll.vir

Groet,

Ten

9 november 2012

Ik heb alles gedaan zoals beschreven,maar helaas Claro search is er nog steeds.

Toch bedank

Groet,

Ten

9 november 2012

Thanks Jion:-)

9 november 2012

Ik heb al een logje gemaakt in HijackThis.

kan niemand mij vertellen wat ik daar uit moet verwijderen?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:29:14, on 9-11-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HDDSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Hard Drive Inspector\HDInspector.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Desktop Tray Clock\DTClock.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Yz Shadow\YzShadow.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe

O4 - HKLM\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yz Shadow.lnk = C:\Program Files\Yz Shadow\YzShadow.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Sitecom 300N USB Wireless LAN Utility.lnk = C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350019820671

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (Atomic Clock) - C:\WINDOWS\system32\HDDSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--

End of file - 8493 bytes

Dank Ten

Inloggen

ten

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Berichten die geplaatst zijn door ten

claro search probleem is niet te verwijderen help

claro search probleem is niet te verwijderen help

claro search probleem is niet te verwijderen help

claro search probleem is niet te verwijderen help

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie