YuGiWi

Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: AVG Free 8.5 `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware HijackThis 2.0.2 CCleaner (remove only) EasyCleaner Java 6 Update 11 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) `````````End of Log```````````

ComboFix 09-10-14.09 - pim groen 15-10-2009 13:07.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.456 [GMT 2:00] Gestart vanuit: c:\documents and settings\pim groen\Mijn documenten\mijn af beeldingen\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\pim groen\Mijn documenten\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\PIMGRO~1\LOCALS~1\Temp\catchme.dll c:\documents and settings\pim groen\Local Settings\Application Data\BearShare c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\-xcyKkWONhg.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\0-S_tgTib70.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\06ax9cg-TUk.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\1TTZzrEmD24.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\1YRSYQ0cz1o.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\4h-84J-onB4.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\5QfdX9B2FX8.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\6ZGgsGhzjdY.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\7kPu3_v_P60.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\9MggmbIlIGo.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\9Ydif1ZCUeM.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\aFukryfYm7A.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\AKZ1z1lmOek.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\aZ551ociBT0.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\Bjz4M9bvDvg.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\dlnGZxE22Yg.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\f6fIdJY_rHg.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\FaAr2pzVMoY.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\FF2SMPByW8I.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\iIHJ0qaVHog.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\ioJrEksihkA.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\IRQKnLm9yCc.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\iVEpIDuBFVU.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\K3u9wFFfwzg.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\lYdGS3VvJcM.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\NUWOmlQerio.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\oI-MZ_bnLxY.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\olB2UTCI638.tmp c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\QiqGrFtk_34.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\sFxVjsmrOqI.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\u7_9XuDsOsQ.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\uoQy4YIyP_U.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\Ux7CWY8Ks7Q.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\VuuOI8CAlfw.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\WR7CupLw7QA.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\WtavuRnCdko.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\XKkLm_Mz63I.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\zCg0GZluGoI.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\Zl8WPduPrIg.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Artwork\zu0lZD7q82I.jpeg c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Creatives.xml c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\10.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1040.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1043.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1044.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1050.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1054.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1055.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1057.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1058.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1060.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1062.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1063.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\1070.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\11.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\12.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\13.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\14.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\15.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\16.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\17.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\18.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\19.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\2.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\20.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\21.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\22.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\23.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\24.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\25.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\26.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\27.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\28.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\29.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\3.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\30.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\31.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\32.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\33.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\34.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\35.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\36.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\37.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\38.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\4.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\5.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\6.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\7.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\8.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\CreativesFiles\9.gif c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\Cddb.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\ContentDirs.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\ContentFile.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\DownloadFile.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\PartsHashes.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\Playlists.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\BackUp\VirtualFile.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\Cddb.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\ContentDirs.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\ContentFile.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\DownloadFile.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\PartsHashes.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\Playlists.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\rjn.a92 c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Data\VirtualFile.db c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\player.swf c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\shistory.im c:\documents and settings\pim groen\Local Settings\Application Data\BearShare\Statistics.xml c:\documents and settings\pim groen\Local Settings\temp\catchme.dll c:\program files\BearShare Applications c:\program files\BearShare Applications\BearShare\ammp3.dll c:\program files\BearShare Applications\BearShare\avcodec-51.dll c:\program files\BearShare Applications\BearShare\avformat-51.dll c:\program files\BearShare Applications\BearShare\avutil-49.dll c:\program files\BearShare Applications\BearShare\BearShare.exe c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll c:\program files\BearShare Applications\BearShare\BerkeleyLoader.dll c:\program files\BearShare Applications\BearShare\DiscoveryHelper.dll c:\program files\BearShare Applications\BearShare\FFPage.exe c:\program files\BearShare Applications\BearShare\FixAudioDriverSignature.reg c:\program files\BearShare Applications\BearShare\GIFAnimator.dll c:\program files\BearShare Applications\BearShare\HTML\error.html c:\program files\BearShare Applications\BearShare\HTML\Images\bg-top.jpg c:\program files\BearShare Applications\BearShare\HTML\loading.html c:\program files\BearShare Applications\BearShare\HTML\noInternet.html c:\program files\BearShare Applications\BearShare\HTML\offline.html c:\program files\BearShare Applications\BearShare\HTML\Recommendation_Offline.html c:\program files\BearShare Applications\BearShare\ImageUploader5.ocx c:\program files\BearShare Applications\BearShare\IMTrProgress.dll c:\program files\BearShare Applications\BearShare\IMWebControl.dll c:\program files\BearShare Applications\BearShare\INSTALL.LOG c:\program files\BearShare Applications\BearShare\InstallHelper.dll c:\program files\BearShare Applications\BearShare\Launcher.exe c:\program files\BearShare Applications\BearShare\libungif4.dll c:\program files\BearShare Applications\BearShare\lic_helper.dll c:\program files\BearShare Applications\BearShare\license.txt c:\program files\BearShare Applications\BearShare\NCTAudioCDGrabber2.dll c:\program files\BearShare Applications\BearShare\NCTAudioCDWriter2.dll c:\program files\BearShare Applications\BearShare\NCTAudioCompress3.dll c:\program files\BearShare Applications\BearShare\NCTAudioFile3.dll c:\program files\BearShare Applications\BearShare\NCTAudioFileWMA3.dll c:\program files\BearShare Applications\BearShare\NCTAudioFormatSettings3.dll c:\program files\BearShare Applications\BearShare\NCTDataCDWriter2.dll c:\program files\BearShare Applications\BearShare\ResourcesLOC.dll c:\program files\BearShare Applications\BearShare\Shw32.dll c:\program files\BearShare Applications\BearShare\Skins\Default.skn c:\program files\BearShare Applications\BearShare\Skins\Default.xml c:\program files\BearShare Applications\BearShare\Skins\Images\DefArtwork.jpg c:\program files\BearShare Applications\BearShare\Skins\Images\DefFemale.gif c:\program files\BearShare Applications\BearShare\Skins\Images\DefMale.gif c:\program files\BearShare Applications\BearShare\Skins\Images\FriendshipNotif.jpg c:\program files\BearShare Applications\BearShare\Skins\Images\SendPlaylist.jpg c:\program files\BearShare Applications\BearShare\Skins\Images\TAFLogo.PNG c:\program files\BearShare Applications\BearShare\Skins\Images\ToGoLogo.PNG c:\program files\BearShare Applications\BearShare\Skins\PS.exe c:\program files\BearShare Applications\BearShare\Skins\RemoteSkin.wmz c:\program files\BearShare Applications\BearShare\Skins\Settings.xml c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe c:\program files\BearShare Applications\BearShare\UninstallUsers.exe c:\program files\BearShare Applications\BearShare\UninstBho.exe c:\program files\BearShare Applications\BearShare\UNWISE.EXE c:\program files\BearShare Applications\BearShare\UnwiseLauncher.exe c:\program files\BearShare Applications\BearShare\UpdateInst.exe c:\program files\BearShare Applications\BearShare\WMAProfiles.prx c:\program files\BearShare Applications\BearShare\WMHelper.dll c:\program files\BearShare Applications\BearShare\WMHelper.log c:\windows\TEMP\logishrd\LVPrcInj01.dll . (((((((((((((((((((( Bestanden Gemaakt van 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))) . 2009-10-12 17:28 . 2009-10-12 17:28 0 ----a-w- c:\windows\nsreg.dat 2009-10-12 17:28 . 2009-10-12 17:28 -------- d-----w- c:\documents and settings\pim groen\Local Settings\Application Data\Mozilla 2009-10-12 11:38 . 2009-10-12 11:38 -------- d-----w- c:\program files\Trend Micro 2009-10-09 22:11 . 2009-10-09 22:11 -------- d-----w- c:\documents and settings\pim groen\Application Data\teamspeak2 2009-10-09 22:11 . 2009-10-09 22:11 -------- d-----w- c:\program files\Teamspeak2_RC2 2009-10-08 13:18 . 2009-10-08 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-10-08 13:18 . 2009-10-08 13:19 -------- d-----w- c:\program files\Jasc Software Inc 2009-10-08 13:18 . 2009-10-08 13:18 -------- d-----w- c:\program files\Common Files\Jasc Software Inc 2009-10-08 13:17 . 2009-10-08 13:17 -------- d-----w- c:\documents and settings\pim groen\Application Data\Jasc Software Inc 2009-10-07 12:29 . 2009-10-08 08:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-03 16:33 . 2009-10-03 16:33 -------- d-----w- c:\program files\Vstep 2009-09-27 12:16 . 2009-10-15 11:02 -------- d--h--r- c:\documents and settings\pim groen\Onlangs geopend 2009-09-22 13:07 . 2009-10-07 14:12 -------- d-----w- c:\documents and settings\pim groen\Application Data\ImgBurn 2009-09-22 13:07 . 2009-09-22 13:07 -------- d-----w- c:\program files\ImgBurn 2009-09-22 12:43 . 2009-09-22 12:43 -------- d-----w- c:\documents and settings\pim groen\Application Data\Nero 2009-09-22 12:41 . 2009-09-22 12:42 -------- d-----w- c:\program files\Common Files\Nero 2009-09-22 12:41 . 2009-09-22 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-09-22 11:14 . 2009-09-22 11:14 -------- d-----w- c:\documents and settings\pim groen\Application Data\Ashampoo 2009-09-22 11:13 . 2009-09-22 11:13 -------- d-----w- c:\documents and settings\pim groen\Local Settings\Application Data\ashampoo 2009-09-22 11:13 . 2009-09-22 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2009-09-22 11:13 . 2009-09-22 11:13 -------- d-----w- c:\program files\Ashampoo 2009-09-22 10:39 . 2009-09-22 10:39 -------- d-----w- c:\documents and settings\pim groen\Application Data\GrabIt 2009-09-22 10:36 . 2009-09-22 10:36 -------- d-----w- c:\program files\GrabIt 2009-09-17 11:10 . 2009-09-17 11:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-17 11:10 . 2009-10-15 06:00 -------- d-----w- c:\documents and settings\pim groen\Application Data\skypePM 2009-09-17 11:08 . 2009-10-15 11:10 -------- d-----w- c:\documents and settings\pim groen\Application Data\Skype 2009-09-17 11:07 . 2009-09-17 11:07 -------- d-----w- c:\program files\Common Files\Skype 2009-09-17 11:07 . 2009-09-17 11:07 -------- d-----r- c:\program files\Skype 2009-09-17 11:07 . 2009-09-17 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 11:14 . 2009-09-09 17:46 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-10-15 11:14 . 2009-09-09 17:45 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-10-14 21:45 . 2008-12-03 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-14 11:16 . 2008-11-27 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-12 12:37 . 2009-04-27 11:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-12 09:07 . 2008-11-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-11 22:46 . 2008-11-23 10:58 28264 ----a-w- c:\documents and settings\pim groen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-11 14:45 . 2008-12-03 12:01 -------- d-----w- c:\program files\Microsoft Works 2009-10-08 13:18 . 2008-11-25 20:25 -------- d-----w- c:\program files\Common Files\InstallShield 2009-10-07 12:40 . 2006-03-02 12:00 77164 ----a-w- c:\windows\system32\perfc013.dat 2009-10-07 12:40 . 2006-03-02 12:00 456260 ----a-w- c:\windows\system32\perfh013.dat 2009-10-07 12:28 . 2008-11-26 09:16 -------- d-----w- c:\program files\Windows Live 2009-09-27 11:05 . 2009-04-29 11:42 -------- d-----w- c:\program files\Hyves Desktop 2009-09-22 12:41 . 2008-11-25 21:19 -------- d-----w- c:\program files\Nero 2009-09-13 03:21 . 2009-01-09 12:14 -------- d-----w- c:\documents and settings\pim groen\Application Data\Image Zone Express 2009-09-10 20:05 . 2009-09-10 20:05 -------- d-----w- c:\program files\Elaborate Bytes 2009-09-10 19:35 . 2009-09-10 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft 2009-09-10 19:34 . 2009-09-10 19:34 -------- d-----w- c:\program files\SlySoft 2009-09-10 12:54 . 2009-04-27 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-04-27 11:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 17:47 . 2008-11-25 21:33 -------- d-----w- c:\program files\Logitech 2009-09-09 17:47 . 2009-09-09 17:47 -------- d-----w- c:\documents and settings\pim groen\Application Data\Leadertech 2009-09-09 17:46 . 2008-11-25 21:33 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-09-06 19:01 . 2008-11-27 11:34 -------- d-----w- c:\documents and settings\pim groen\Application Data\Vso 2009-09-06 19:01 . 2008-11-27 11:34 47360 ----a-w- c:\documents and settings\pim groen\Application Data\pcouffin.sys 2009-09-06 18:57 . 2008-11-28 00:29 -------- d-----w- c:\documents and settings\pim groen\Application Data\LimeWire 2009-09-03 09:26 . 2009-09-03 09:14 -------- d-----w- c:\documents and settings\pim groen\Application Data\NewsLeecher 2009-09-03 09:12 . 2009-09-03 09:09 -------- d-----w- c:\program files\FTDv3.8 2009-09-02 18:36 . 2009-09-02 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-02 18:35 . 2009-09-02 18:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-02 18:35 . 2009-09-02 18:35 -------- d-----w- c:\program files\Lavasoft 2009-08-31 20:54 . 2009-06-23 23:38 -------- d-----w- c:\documents and settings\pim groen\Application Data\Save 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-17 06:14 . 2009-01-05 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-17 06:14 . 2009-01-05 14:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-17 06:14 . 2009-01-05 14:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-06 17:24 . 2008-11-23 10:51 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2008-11-23 10:51 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2008-11-23 10:51 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2008-11-23 10:51 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2008-11-23 10:51 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2008-11-26 16:48 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2008-11-26 16:48 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2008-11-23 10:51 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 20:48 . 2009-03-14 09:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-12_17.10.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-15 11:15 . 2009-10-15 11:15 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat + 2008-12-03 12:02 . 2009-10-14 21:45 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - 2008-12-03 12:02 . 2009-10-11 14:46 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2008-12-03 12:02 . 2009-10-14 21:45 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2008-12-03 12:02 . 2009-10-11 14:46 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2008-12-03 12:02 . 2009-10-11 14:46 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-03 12:02 . 2009-10-14 21:45 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2006-10-26 21:58 . 2006-10-26 21:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VPREVIEW.EXE + 2008-12-03 12:02 . 2009-10-14 21:45 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2008-12-03 12:02 . 2009-10-11 14:46 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2008-12-03 12:02 . 2009-10-14 21:45 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2008-12-03 12:02 . 2009-10-11 14:46 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2008-12-03 12:02 . 2009-10-11 14:46 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2008-12-03 12:02 . 2009-10-14 21:45 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2008-12-03 12:02 . 2009-10-11 14:46 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2008-12-03 12:02 . 2009-10-14 21:45 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2009-08-05 05:49 . 2009-08-05 05:49 3457024 c:\windows\Installer\7f6df81.msp + 2009-07-27 02:31 . 2009-07-27 02:31 3738624 c:\windows\Installer\7f6df6d.msp + 2009-08-18 11:08 . 2009-08-18 11:08 1373696 c:\windows\Installer\7f6df5b.msp + 2008-12-03 12:02 . 2009-10-14 21:45 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - 2008-12-03 12:02 . 2009-10-11 14:46 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2008-11-21 01:12 . 2008-11-21 01:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWER.DLL + 2008-10-25 07:35 . 2008-10-25 07:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL + 2009-02-05 09:36 . 2009-02-05 09:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OGL.DLL + 2008-11-20 21:06 . 2008-11-20 21:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\FM20.DLL . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-06 385024] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-01 2023704] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\pim groen\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-17 06:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19657:TCP"= 19657:TCP:BitComet 19657 TCP "19657:UDP"= 19657:UDP:BitComet 19657 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2-9-2009 20:36 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5-1-2009 16:33 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5-1-2009 16:33 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5-1-2009 16:33 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5-1-2009 16:33 297752] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14-3-2009 11:48 54752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3-7-2009 16:49 1028432] S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2009-10-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:36] 2009-10-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 00:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\pim groen\Application Data\Mozilla\Firefox\Profiles\19zuor29.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS VERWIJDERD - - - - AddRemove-BearShare - c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-15 13:16 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(4024) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\IoctlSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Voltooingstijd: 2009-10-15 13:19 - machine werd herstart ComboFix-quarantined-files.txt 2009-10-15 11:19 ComboFix2.txt 2009-10-12 17:12 Pre-Run: 123.069.259.776 bytes beschikbaar Post-Run: 123.055.693.824 bytes beschikbaar 401 --- E O F --- 2009-10-14 21:45 hijack log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:21:44, on 15-10-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 7539 bytes ---------- Post toegevoegd om 11:28 ---------- Vorige post was om 11:22 ---------- Kape, hartelijk dank voor deze oplossing, alles werkt weer zoals het behoort te werken !!! Nogmaals mijn hartelijke dank !!! Was er zelf nooit uitgekomen ;-) Groetjes, Chan

ComboFix 09-10-11.03 - pim groen 12-10-2009 19:05.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.570 [GMT 2:00] Gestart vanuit: c:\documents and settings\pim groen\Mijn documenten\mijn af beeldingen\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ADS - WINDOWS: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\pim groen\Application Data\inst.exe c:\documents and settings\pim groen\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk c:\windows\system32\_004044_.tmp.dll c:\windows\system32\_004045_.tmp.dll c:\windows\system32\_004046_.tmp.dll c:\windows\system32\_004047_.tmp.dll c:\windows\system32\_004054_.tmp.dll c:\windows\system32\_004055_.tmp.dll c:\windows\system32\_004056_.tmp.dll c:\windows\system32\_004057_.tmp.dll c:\windows\system32\_004059_.tmp.dll c:\windows\system32\_004060_.tmp.dll c:\windows\system32\_004063_.tmp.dll c:\windows\system32\_004064_.tmp.dll c:\windows\system32\_004066_.tmp.dll c:\windows\system32\_004067_.tmp.dll c:\windows\system32\_004068_.tmp.dll c:\windows\system32\_004070_.tmp.dll c:\windows\system32\_004073_.tmp.dll c:\windows\system32\_004074_.tmp.dll c:\windows\system32\_004078_.tmp.dll c:\windows\system32\_004079_.tmp.dll c:\windows\system32\_004081_.tmp.dll c:\windows\system32\_004084_.tmp.dll c:\windows\system32\_004086_.tmp.dll c:\windows\system32\_004087_.tmp.dll c:\windows\system32\_004088_.tmp.dll c:\windows\system32\_004089_.tmp.dll c:\windows\system32\_004090_.tmp.dll c:\windows\system32\_004093_.tmp.dll c:\windows\system32\_004094_.tmp.dll c:\windows\system32\_004095_.tmp.dll c:\windows\system32\_004096_.tmp.dll c:\windows\system32\_004097_.tmp.dll c:\windows\system32\_004102_.tmp.dll I:\AUTORUN.INF . (((((((((((((((((((( Bestanden Gemaakt van 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))) . 2009-10-12 11:38 . 2009-10-12 11:38 -------- d-----w- c:\program files\Trend Micro 2009-10-09 22:11 . 2009-10-09 22:11 -------- d-----w- c:\documents and settings\pim groen\Application Data\teamspeak2 2009-10-09 22:11 . 2009-10-09 22:11 -------- d-----w- c:\program files\Teamspeak2_RC2 2009-10-08 13:18 . 2009-10-08 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-10-08 13:18 . 2009-10-08 13:19 -------- d-----w- c:\program files\Jasc Software Inc 2009-10-08 13:18 . 2009-10-08 13:18 -------- d-----w- c:\program files\Common Files\Jasc Software Inc 2009-10-08 13:17 . 2009-10-08 13:17 -------- d-----w- c:\documents and settings\pim groen\Application Data\Jasc Software Inc 2009-10-07 12:29 . 2009-10-08 08:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-03 16:33 . 2009-10-03 16:33 -------- d-----w- c:\program files\Vstep 2009-09-27 12:16 . 2009-10-12 13:41 -------- d--h--r- c:\documents and settings\pim groen\Onlangs geopend 2009-09-24 18:43 . 2009-10-09 20:00 -------- d-----w- c:\documents and settings\pim groen\Local Settings\Application Data\BearShare 2009-09-24 18:43 . 2009-09-24 18:43 -------- d-----w- c:\program files\BearShare Applications 2009-09-22 13:07 . 2009-10-07 14:12 -------- d-----w- c:\documents and settings\pim groen\Application Data\ImgBurn 2009-09-22 13:07 . 2009-09-22 13:07 -------- d-----w- c:\program files\ImgBurn 2009-09-22 12:43 . 2009-09-22 12:43 -------- d-----w- c:\documents and settings\pim groen\Application Data\Nero 2009-09-22 12:41 . 2009-09-22 12:42 -------- d-----w- c:\program files\Common Files\Nero 2009-09-22 12:41 . 2009-09-22 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-09-22 11:14 . 2009-09-22 11:14 -------- d-----w- c:\documents and settings\pim groen\Application Data\Ashampoo 2009-09-22 11:13 . 2009-09-22 11:13 -------- d-----w- c:\documents and settings\pim groen\Local Settings\Application Data\ashampoo 2009-09-22 11:13 . 2009-09-22 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2009-09-22 11:13 . 2009-09-22 11:13 -------- d-----w- c:\program files\Ashampoo 2009-09-22 10:39 . 2009-09-22 10:39 -------- d-----w- c:\documents and settings\pim groen\Application Data\GrabIt 2009-09-22 10:36 . 2009-09-22 10:36 -------- d-----w- c:\program files\GrabIt 2009-09-17 11:10 . 2009-09-17 11:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-17 11:10 . 2009-10-04 14:03 -------- d-----w- c:\documents and settings\pim groen\Application Data\skypePM 2009-09-17 11:08 . 2009-10-04 15:18 -------- d-----w- c:\documents and settings\pim groen\Application Data\Skype 2009-09-17 11:07 . 2009-09-17 11:07 -------- d-----w- c:\program files\Common Files\Skype 2009-09-17 11:07 . 2009-09-17 11:07 -------- d-----r- c:\program files\Skype 2009-09-17 11:07 . 2009-09-17 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 14:30 . 2009-09-09 17:46 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-10-12 14:30 . 2009-09-09 17:45 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-10-12 12:37 . 2009-04-27 11:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-12 09:14 . 2008-11-27 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-12 09:07 . 2008-11-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-11 22:46 . 2008-11-23 10:58 28264 ----a-w- c:\documents and settings\pim groen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-11 14:47 . 2008-12-03 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-11 14:45 . 2008-12-03 12:01 -------- d-----w- c:\program files\Microsoft Works 2009-10-08 13:18 . 2008-11-25 20:25 -------- d-----w- c:\program files\Common Files\InstallShield 2009-10-07 12:40 . 2006-03-02 12:00 77164 ----a-w- c:\windows\system32\perfc013.dat 2009-10-07 12:40 . 2006-03-02 12:00 456260 ----a-w- c:\windows\system32\perfh013.dat 2009-10-07 12:28 . 2008-11-26 09:16 -------- d-----w- c:\program files\Windows Live 2009-09-27 11:05 . 2009-04-29 11:42 -------- d-----w- c:\program files\Hyves Desktop 2009-09-22 12:41 . 2008-11-25 21:19 -------- d-----w- c:\program files\Nero 2009-09-13 03:21 . 2009-01-09 12:14 -------- d-----w- c:\documents and settings\pim groen\Application Data\Image Zone Express 2009-09-10 20:05 . 2009-09-10 20:05 -------- d-----w- c:\program files\Elaborate Bytes 2009-09-10 19:35 . 2009-09-10 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft 2009-09-10 19:34 . 2009-09-10 19:34 -------- d-----w- c:\program files\SlySoft 2009-09-10 12:54 . 2009-04-27 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-04-27 11:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 17:47 . 2008-11-25 21:33 -------- d-----w- c:\program files\Logitech 2009-09-09 17:47 . 2009-09-09 17:47 -------- d-----w- c:\documents and settings\pim groen\Application Data\Leadertech 2009-09-09 17:46 . 2008-11-25 21:33 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-09-06 19:01 . 2008-11-27 11:34 -------- d-----w- c:\documents and settings\pim groen\Application Data\Vso 2009-09-06 19:01 . 2008-11-27 11:34 47360 ----a-w- c:\documents and settings\pim groen\Application Data\pcouffin.sys 2009-09-06 18:57 . 2008-11-28 00:29 -------- d-----w- c:\documents and settings\pim groen\Application Data\LimeWire 2009-09-03 09:26 . 2009-09-03 09:14 -------- d-----w- c:\documents and settings\pim groen\Application Data\NewsLeecher 2009-09-03 09:12 . 2009-09-03 09:09 -------- d-----w- c:\program files\FTDv3.8 2009-09-02 18:36 . 2009-09-02 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-02 18:35 . 2009-09-02 18:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-02 18:35 . 2009-09-02 18:35 -------- d-----w- c:\program files\Lavasoft 2009-08-31 20:54 . 2009-06-23 23:38 -------- d-----w- c:\documents and settings\pim groen\Application Data\Save 2009-08-17 06:14 . 2009-01-05 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-17 06:14 . 2009-01-05 14:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-17 06:14 . 2009-01-05 14:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-06 17:24 . 2008-11-23 10:51 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2008-11-23 10:51 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2008-11-23 10:51 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2008-11-23 10:51 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2008-11-23 10:51 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2008-11-26 16:48 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2008-11-26 16:48 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2008-11-23 10:51 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 20:48 . 2009-03-14 09:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-06 385024] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-01 2023704] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\pim groen\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-17 06:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19657:TCP"= 19657:TCP:BitComet 19657 TCP "19657:UDP"= 19657:UDP:BitComet 19657 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2-9-2009 20:36 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5-1-2009 16:33 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5-1-2009 16:33 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5-1-2009 16:33 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5-1-2009 16:33 297752] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14-3-2009 11:48 54752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3-7-2009 16:49 1028432] S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2009-10-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:36] 2009-10-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 00:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) WebBrowser-{6CD13B54-5834-4B52-A262-42083B08B067} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-Save - c:\program files\Save\SaveUninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-12 19:10 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Voltooingstijd: 2009-10-12 19:12 ComboFix-quarantined-files.txt 2009-10-12 17:11 Pre-Run: 116.841.848.832 bytes beschikbaar Post-Run: 122.762.063.872 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 235 --- E O F --- 2009-10-08 07:22

De nieuwe log file van Hijack This : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:39:46, on 12-10-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 7862 bytes Log van mbam : Malwarebytes' Anti-Malware 1.41 Database versie: 2945 Windows 5.1.2600 Service Pack 3 12-10-2009 15:34:49 mbam-log-2009-10-12 (15-34-49).txt Scan type: Volledige Scan (C:\|I:\|) Objecten gescand: 202299 Verstreken tijd: 55 minute(s), 22 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 9 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 5 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\pim groen\Application Data\Save\SaveUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\pim groen\Local Settings\Temp\NN_MirarBar78_Installer_876992.exe (Adware.Mirar) -> Quarantined and deleted successfully. C:\WINDOWS\system32\win6d.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully. C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. Nog steeds hetzelfde probleem aanwezig :-(

ineens kan ik mijn internet explorer niet meer normaal afsluiten, ik moet dit doen na ellenlang klikken via het taak beheer, heb van alles geprobeerd, maar kom er niet meer uit .. Ook kan ik niet updaten naar explorer 8 omdat hij een update mist, maar kan nergens vinden wat er nu precies gemist wordt, hoop dat jullie me verder kunnen helpen .. Heb een Log bestand gemaakt : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:38:33, on 12-10-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Duxet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file) R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing) O3 - Toolbar: Mirar - {6CD13B54-5834-4B52-A262-42083B08B067} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 9542 bytes