Ga naar inhoud

Perflib_Perfdata_41c bedreiging?


Aanbevolen berichten

Ik heb allerlei trojan psw virussen op mijn pc (gehad)! ik heb jullie combofix gebruikt om deze virussen te verwijderen, met succes leek het, maar de bovenstaande "dat" bestand blijft in temp staan, krijg er niet uit, ik vraag me af is deze een bedreiging, kan ik hem laten staan of moet ie eruit? maar danis de vraag hoe?

groetjes Annemarijke

Link naar reactie
Delen op andere sites


  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Kan je het onderstaande uitvoeren (produceren en posten van een HijackThis-logje) én post eveneens je ComboFix-logje, zo kunnen de malware-specialisten eventjes meekijken naar de actuele stand van zaken ?...

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.


2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)


3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Link naar reactie
Delen op andere sites

Hierbij mijn logs waar jullie naar vroegen i.v.m. mijn vraag omtrent Perflib_Perfdata_41c bedreiging of niet?

Hoop dat jullie mij kunnen helpen. Ben reuze benieuwd, echt super dat jullie dit doen. Hoop snel van jullie te lezen.

Lieve groetjes

Annemarijke

ComboFix 12-08-22.03 - Administrator 24-08-2012 7:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1423 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\0000.wmv

c:\documents and settings\Administrator\Application Data\PriceGong

c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Administrator\Application Data\SystemProc

c:\documents and settings\Administrator\Bureaublad\Internet Explorer.lnk

c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\igfxtray.exe

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Administrator\WUP116.tmp

c:\documents and settings\Administrator\WUP12C.tmp

c:\documents and settings\Administrator\WUP151.tmp

c:\documents and settings\Administrator\WUP152.tmp

c:\documents and settings\Administrator\WUP153.tmp

c:\documents and settings\Administrator\WUP154.tmp

c:\documents and settings\Administrator\WUP155.tmp

c:\documents and settings\Administrator\WUP156.tmp

c:\documents and settings\Administrator\WUP157.tmp

c:\documents and settings\Administrator\WUP158.tmp

c:\documents and settings\Administrator\WUP159.tmp

c:\documents and settings\Administrator\WUP15A.tmp

c:\documents and settings\Administrator\WUP15B.tmp

c:\documents and settings\Administrator\WUP15C.tmp

c:\documents and settings\Administrator\WUP15D.tmp

c:\documents and settings\Administrator\WUP15E.tmp

c:\documents and settings\Administrator\WUP15F.tmp

c:\documents and settings\Administrator\WUP160.tmp

c:\documents and settings\Administrator\WUP161.tmp

c:\documents and settings\Administrator\WUP161C.tmp

c:\documents and settings\Administrator\WUP1719.tmp

c:\documents and settings\Administrator\WUP17B1.tmp

c:\documents and settings\Administrator\WUP1900.tmp

c:\documents and settings\Administrator\WUP19D0.tmp

c:\documents and settings\Administrator\WUP19FC.tmp

c:\documents and settings\Administrator\WUP1A.tmp

c:\documents and settings\Administrator\WUP1A19.tmp

c:\documents and settings\Administrator\WUP1A78.tmp

c:\documents and settings\Administrator\WUP1BE3.tmp

c:\documents and settings\Administrator\WUP1C99.tmp

c:\documents and settings\Administrator\WUP1DB7.tmp

c:\documents and settings\Administrator\WUP2023.tmp

c:\documents and settings\Administrator\WUP2306.tmp

c:\documents and settings\Administrator\WUP247D.tmp

c:\documents and settings\Administrator\WUP2735.tmp

c:\documents and settings\Administrator\WUP2B09.tmp

c:\documents and settings\Administrator\WUP2BBE.tmp

c:\documents and settings\Administrator\WUP2CEB.tmp

c:\documents and settings\Administrator\WUP2D6F.tmp

c:\documents and settings\Administrator\WUP3086.tmp

c:\documents and settings\Administrator\WUP3239.tmp

c:\documents and settings\Administrator\WUP33DD.tmp

c:\documents and settings\Administrator\WUP3475.tmp

c:\documents and settings\Administrator\WUP352.tmp

c:\documents and settings\Administrator\WUP3E56.tmp

c:\documents and settings\Administrator\WUP3E79.tmp

c:\documents and settings\Administrator\WUP3FF6.tmp

c:\documents and settings\Administrator\WUP4136.tmp

c:\documents and settings\Administrator\WUP41F4.tmp

c:\documents and settings\Administrator\WUP4BD1.tmp

c:\documents and settings\Administrator\WUP4BF8.tmp

c:\documents and settings\Administrator\WUP4E.tmp

c:\documents and settings\Administrator\WUP4E23.tmp

c:\documents and settings\Administrator\WUP4EF6.tmp

c:\documents and settings\Administrator\WUP4FA0.tmp

c:\documents and settings\Administrator\WUP50F1.tmp

c:\documents and settings\Administrator\WUP5138.tmp

c:\documents and settings\Administrator\WUP534.tmp

c:\documents and settings\Administrator\WUP5666.tmp

c:\documents and settings\Administrator\WUP58DF.tmp

c:\documents and settings\Administrator\WUP59A.tmp

c:\documents and settings\Administrator\WUP5B42.tmp

c:\documents and settings\Administrator\WUP5BA9.tmp

c:\documents and settings\Administrator\WUP5BE.tmp

c:\documents and settings\Administrator\WUP5C43.tmp

c:\documents and settings\Administrator\WUP5E45.tmp

c:\documents and settings\Administrator\WUP5E9.tmp

c:\documents and settings\Administrator\WUP5F14.tmp

c:\documents and settings\Administrator\WUP5F62.tmp

c:\documents and settings\Administrator\WUP6089.tmp

c:\documents and settings\Administrator\WUP629.tmp

c:\documents and settings\Administrator\WUP62A.tmp

c:\documents and settings\Administrator\WUP64F5.tmp

c:\documents and settings\Administrator\WUP68F.tmp

c:\documents and settings\Administrator\WUP70A.tmp

c:\documents and settings\Administrator\WUP70A1.tmp

c:\documents and settings\Administrator\WUP737.tmp

c:\documents and settings\Administrator\WUP73C0.tmp

c:\documents and settings\Administrator\WUP760.tmp

c:\documents and settings\Administrator\WUP79.tmp

c:\documents and settings\Administrator\WUP7A.tmp

c:\documents and settings\Administrator\WUP7B.tmp

c:\documents and settings\Administrator\WUP7C.tmp

c:\documents and settings\Administrator\WUP7D.tmp

c:\documents and settings\Administrator\WUP7E.tmp

c:\documents and settings\Administrator\WUP7F.tmp

c:\documents and settings\Administrator\WUP80.tmp

c:\documents and settings\Administrator\WUP81.tmp

c:\documents and settings\Administrator\WUP82.tmp

c:\documents and settings\Administrator\WUP83.tmp

c:\documents and settings\Administrator\WUP84.tmp

c:\documents and settings\Administrator\WUP85.tmp

c:\documents and settings\Administrator\WUP86.tmp

c:\documents and settings\Administrator\WUP87.tmp

c:\documents and settings\Administrator\WUP88.tmp

c:\documents and settings\Administrator\WUP882.tmp

c:\documents and settings\Administrator\WUP89.tmp

c:\documents and settings\Administrator\WUP89E.tmp

c:\documents and settings\Administrator\WUP8A.tmp

c:\documents and settings\Administrator\WUP8B.tmp

c:\documents and settings\Administrator\WUP8C.tmp

c:\documents and settings\Administrator\WUP8D.tmp

c:\documents and settings\Administrator\WUP8E.tmp

c:\documents and settings\Administrator\WUP8F.tmp

c:\documents and settings\Administrator\WUP90.tmp

c:\documents and settings\Administrator\WUP91.tmp

c:\documents and settings\Administrator\WUP92.tmp

c:\documents and settings\Administrator\WUP93.tmp

c:\documents and settings\Administrator\WUP94.tmp

c:\documents and settings\Administrator\WUP95.tmp

c:\documents and settings\Administrator\WUP96.tmp

c:\documents and settings\Administrator\WUP97.tmp

c:\documents and settings\Administrator\WUP98.tmp

c:\documents and settings\Administrator\WUP99.tmp

c:\documents and settings\Administrator\WUP9A.tmp

c:\documents and settings\Administrator\WUP9B.tmp

c:\documents and settings\Administrator\WUP9C.tmp

c:\documents and settings\Administrator\WUP9D.tmp

c:\documents and settings\Administrator\WUP9E.tmp

c:\documents and settings\Administrator\WUP9F.tmp

c:\documents and settings\Administrator\WUPA0.tmp

c:\documents and settings\Administrator\WUPA1.tmp

c:\documents and settings\Administrator\WUPA2.tmp

c:\documents and settings\Administrator\WUPA5.tmp

c:\documents and settings\Administrator\WUPA7.tmp

c:\documents and settings\Administrator\WUPA8.tmp

c:\documents and settings\Administrator\WUPA9.tmp

c:\documents and settings\Administrator\WUPAA.tmp

c:\documents and settings\Administrator\WUPAB.tmp

c:\documents and settings\Administrator\WUPAC.tmp

c:\documents and settings\Administrator\WUPACF.tmp

c:\documents and settings\Administrator\WUPAD.tmp

c:\documents and settings\Administrator\WUPAE.tmp

c:\documents and settings\Administrator\WUPAF.tmp

c:\documents and settings\Administrator\WUPB0.tmp

c:\documents and settings\Administrator\WUPB1.tmp

c:\documents and settings\Administrator\WUPB2.tmp

c:\documents and settings\Administrator\WUPB3.tmp

c:\documents and settings\Administrator\WUPB36.tmp

c:\documents and settings\Administrator\WUPB4.tmp

c:\documents and settings\Administrator\WUPB5.tmp

c:\documents and settings\Administrator\WUPB6.tmp

c:\documents and settings\Administrator\WUPB7.tmp

c:\documents and settings\Administrator\WUPB8.tmp

c:\documents and settings\Administrator\WUPB9.tmp

c:\documents and settings\Administrator\WUPBA.tmp

c:\documents and settings\Administrator\WUPBB.tmp

c:\documents and settings\Administrator\WUPBC.tmp

c:\documents and settings\Administrator\WUPBCB.tmp

c:\documents and settings\Administrator\WUPBD.tmp

c:\documents and settings\Administrator\WUPBE.tmp

c:\documents and settings\Administrator\WUPBF.tmp

c:\documents and settings\Administrator\WUPC0.tmp

c:\documents and settings\Administrator\WUPC1.tmp

c:\documents and settings\Administrator\WUPC2.tmp

c:\documents and settings\Administrator\WUPC3.tmp

c:\documents and settings\Administrator\WUPC4.tmp

c:\documents and settings\Administrator\WUPC480.tmp

c:\documents and settings\Administrator\WUPC5.tmp

c:\documents and settings\Administrator\WUPC6.tmp

c:\documents and settings\Administrator\WUPC7.tmp

c:\documents and settings\Administrator\WUPC791.tmp

c:\documents and settings\Administrator\WUPD57.tmp

c:\documents and settings\Administrator\WUPDF.tmp

c:\documents and settings\Administrator\WUPE0.tmp

c:\documents and settings\Administrator\WUPE0B0.tmp

c:\documents and settings\Administrator\WUPE1.tmp

c:\documents and settings\Administrator\WUPE2.tmp

c:\documents and settings\Administrator\WUPE3.tmp

c:\documents and settings\Administrator\WUPE4.tmp

c:\documents and settings\Administrator\WUPE5.tmp

c:\documents and settings\Administrator\WUPE6.tmp

c:\documents and settings\Administrator\WUPE7.tmp

c:\documents and settings\Administrator\WUPE8.tmp

c:\documents and settings\Administrator\WUPE85.tmp

c:\documents and settings\Administrator\WUPE8D5.tmp

c:\documents and settings\Administrator\WUPE9.tmp

c:\documents and settings\Administrator\WUPEA.tmp

c:\documents and settings\Administrator\WUPEB.tmp

c:\documents and settings\Administrator\WUPEC.tmp

c:\documents and settings\Administrator\WUPED.tmp

c:\documents and settings\Administrator\WUPEE.tmp

c:\documents and settings\Administrator\WUPEF.tmp

c:\documents and settings\Administrator\WUPF0.tmp

c:\documents and settings\Administrator\WUPF1.tmp

c:\documents and settings\Administrator\WUPF2.tmp

c:\documents and settings\Administrator\WUPF3.tmp

c:\documents and settings\Administrator\WUPF4.tmp

c:\documents and settings\Administrator\WUPF4F8.tmp

c:\documents and settings\Administrator\WUPF5.tmp

c:\documents and settings\Administrator\WUPF6.tmp

c:\documents and settings\Administrator\WUPF7.tmp

c:\documents and settings\Administrator\WUPF751.tmp

c:\documents and settings\Administrator\WUPF8.tmp

c:\documents and settings\Administrator\WUPF9.tmp

c:\documents and settings\Administrator\WUPFA.tmp

c:\documents and settings\Administrator\WUPFA35.tmp

c:\documents and settings\Administrator\WUPFB.tmp

c:\documents and settings\Administrator\WUPFC.tmp

c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk

C:\Install.exe

c:\program files\ExcellentAdDisplay

c:\program files\ExcellentAdDisplay\uninstall.exe

c:\program files\Incredibar.com

c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf

c:\program files\Web Assistant\ExTEnsion32.dll

c:\windows\IsUn0413.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\951b6b803687647a.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\cc8c1434dfe4f922.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Driver

-------\Service_xcpip

-------\Service_xpsec

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))))

.

.

2012-08-24 05:10 . 2012-08-24 05:18 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012

2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search

2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG

2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll" [2012-07-10 274536]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280]

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496]

YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008]

R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [29-4-2012 14:32 185856]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576]

S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120]

S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - uphcleanhlp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56]

.

2012-08-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJprBAXQ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.incredibar_i.instlDay - 15459

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:33

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJprBAXQ

FF - user.js: extensions.incredibar_i.upn2n - 92261838775280566

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00087/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.Softonic.instlDay - 15459

FF - user.js: extensions.Softonic.vrsn - 1.6.4.3

FF - user.js: extensions.Softonic.vrsni - 1.6.4.3

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.314:41

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00087

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-AdobeBridge - (no file)

Notify-__c00778D1 - c:\windows\system32\__c00778D1.dat

Notify-__c00C37A1 - c:\windows\system32\__c00C37A1.dat

Notify-__c00D7980 - c:\windows\system32\__c00D7980.dat

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-24 07:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(4060)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-24 07:58:59 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-24 05:58

.

Pre-Run: 29.982.203.904 bytes beschikbaar

Post-Run: 29.941.633.024 bytes beschikbaar

.

- - End Of File - - 82D059427ABFAE8E82692B6CABE2AFB4

de Hijack log!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:24:59, on 24-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe

C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--

End of file - 12879 bytes

Link naar reactie
Delen op andere sites


Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\iq5c.sys

Folder::

c:\program files\Web Assistant

c:\program files\Incredibar.com

Driver::

Web Assistant Updater

iq5c.sys

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=-

[-HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[-HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[-HKEY_CLASSES_ROOT\Softonic.dskBnd]

DDS::

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

Firefox::

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJprBAXQ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.incredibar_i.instlDay - 15459

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:33

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJprBAXQ

FF - user.js: extensions.incredibar_i.upn2n - 92261838775280566

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00087/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.Softonic.instlDay - 15459

FF - user.js: extensions.Softonic.vrsn - 1.6.4.3

FF - user.js: extensions.Softonic.vrsni - 1.6.4.3

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.314:41

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00087

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin – false

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Hierbij de nieuwe combifix en hijack logs,

na het scannen met hijackthis kon ik 03 , 016 DPF imikini en 023 niet vinden om aan te kliken en dus daarmee geen fix checked doen!

Ik snap niet hoe jullie dit hieronder allemaal begrijpen haha, maar goed, ik hoop dat het werkt, kunnen jullie me al vertellen waar het mankement zit? en of het opgelost kan worden?

Ik leg mijn pc in handen van mensen die ik niet ken natuurlijk, maar vertrouw er helemaal op dat jullie te vertrouwen zijn.

groetjes

Annemarijke

ComboFix 12-08-22.03 - Administrator 25-08-2012 10:15:27.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1271 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

FILE ::

"c:\windows\system32\drivers\iq5c.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Web Assistant

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Web Assistant\Firefox\chrome.manifest

c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

c:\program files\Web Assistant\Firefox\chrome\content\main.js

c:\program files\Web Assistant\Firefox\chrome\content\main.xul

c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js

c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

c:\program files\Web Assistant\Firefox\install.rdf

c:\program files\Web Assistant\InstallerHelper.dll

c:\program files\Web Assistant\libraries\DataExchangeScript.js

c:\program files\Web Assistant\resources\localscript.js

c:\program files\Web Assistant\source.crx

c:\program files\Web Assistant\unins000.dat

c:\program files\Web Assistant\unins000.exe

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\SET25.tmp

c:\windows\system32\SET26.tmp

c:\windows\system32\SET98.tmp

c:\windows\system32\SETA0.tmp

c:\windows\system32\SETA1.tmp

c:\windows\system32\SETA2.tmp

c:\windows\system32\SETA6.tmp

c:\windows\system32\SETA7.tmp

c:\windows\system32\SETA8.tmp

c:\windows\system32\SETAC.tmp

c:\windows\system32\SETAE.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_IQ5C.SYS

-------\Legacy_WEB_ASSISTANT_UPDATER

-------\Service_iq5c.sys

-------\Service_Web Assistant Updater

-------\Service_xcpip

-------\Service_xpsec

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-25 to 2012-08-25 ))))))))))))))))))))))))))))))

.

.

2012-08-25 08:20 . 2012-08-19 23:53 7023536 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2012-08-25 08:05 . 2012-08-25 08:08 -------- d-----w- c:\windows\LastGood.Tmp

2012-08-25 07:57 . 2012-08-25 08:08 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2012-08-24 12:02 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-08-24 10:52 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-08-24 10:52 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-08-24 10:52 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll

2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012

2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search

2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG

2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-02 17:38 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:38 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-06-02 13:19 . 2008-04-21 15:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2008-04-21 12:10 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2008-04-21 12:10 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2008-04-21 12:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-04-21 12:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2008-04-21 12:10 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2002-12-31 12:00 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2008-04-21 12:10 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2008-04-21 15:07 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2008-04-21 12:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2008-04-21 15:18 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2008-04-21 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2002-12-31 12:00 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 10:25 . 2009-10-04 07:33 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-08-24_05.53.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-25 08:27 . 2012-08-25 08:27 16384 c:\windows\Temp\Perflib_Perfdata_87c.dat

+ 2012-08-24 10:33 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll

+ 2012-08-24 10:33 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll

+ 2002-12-31 12:00 . 2011-11-20 06:12 60928 c:\windows\system32\packager.exe

+ 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\mshtmled.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\jsproxy.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\jsproxy.dll

+ 2002-12-31 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll

- 2002-12-31 12:00 . 2008-04-14 17:02 80384 c:\windows\system32\iccvid.dll

+ 2002-12-31 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys

- 2009-06-11 06:39 . 2010-05-06 10:37 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-06-11 06:39 . 2012-07-02 17:38 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe

+ 2008-04-21 12:10 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe

+ 2011-11-20 06:12 . 2011-11-20 06:12 60928 c:\windows\system32\dllcache\packager.exe

+ 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\dllcache\mshtmled.dll

- 2008-04-21 22:08 . 2010-05-06 10:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-04-21 22:08 . 2012-07-02 17:38 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2002-12-31 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll

+ 2002-12-31 12:00 . 2011-10-28 05:32 33280 c:\windows\system32\csrsrv.dll

- 2002-12-31 12:00 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll

+ 2008-04-21 13:43 . 2012-08-25 08:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll

+ 2012-08-25 08:12 . 2009-03-08 02:31 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll

+ 2012-08-25 08:12 . 2009-03-08 02:34 43008 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll

+ 2002-12-31 12:00 . 2011-03-04 06:36 420864 c:\windows\system32\vbscript.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\occache.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\occache.dll

+ 2002-12-31 12:00 . 2010-12-09 15:15 739328 c:\windows\system32\ntdll.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\mstime.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\mstime.dll

+ 2002-12-31 12:00 . 2010-12-20 17:25 735232 c:\windows\system32\lsasrv.dll

- 2002-12-31 12:00 . 2009-06-25 08:27 735232 c:\windows\system32\lsasrv.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\iepeers.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\iepeers.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\iedkcs32.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\iedkcs32.dll

+ 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe

+ 2008-04-21 12:10 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 916992 c:\windows\system32\dllcache\wininet.dll

+ 2008-04-21 12:10 . 2011-04-30 03:00 758784 c:\windows\system32\dllcache\vgx.dll

+ 2008-05-09 10:56 . 2011-03-04 06:36 420864 c:\windows\system32\dllcache\vbscript.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 105984 c:\windows\system32\dllcache\url.dll

- 2002-12-31 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll

+ 2009-04-15 14:55 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\dllcache\occache.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-04-15 05:56 . 2010-12-09 15:15 739328 c:\windows\system32\dllcache\ntdll.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\dllcache\mstime.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\dllcache\mstime.dll

+ 2008-04-21 22:08 . 2012-07-02 17:38 629760 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-04-15 05:56 . 2010-12-20 17:25 735232 c:\windows\system32\dllcache\lsasrv.dll

- 2009-04-15 05:56 . 2009-06-25 08:27 735232 c:\windows\system32\dllcache\lsasrv.dll

- 2008-05-09 10:56 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll

+ 2008-05-09 10:56 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll

- 2009-06-11 06:39 . 2010-05-06 10:36 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-06-11 06:39 . 2012-07-02 17:38 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\dllcache\iepeers.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-10 05:17 . 2012-07-02 17:38 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-10 05:17 . 2010-05-06 10:36 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 916480 c:\windows\ie8updates\KB2722913-IE8\wininet.dll

+ 2012-08-25 08:12 . 2009-03-08 02:34 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll

+ 2012-08-25 08:12 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll

+ 2012-08-25 08:12 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll

+ 2012-08-25 08:12 . 2010-05-06 10:37 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 599040 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll

+ 2012-08-25 08:12 . 2009-03-08 02:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll

+ 2012-08-25 08:12 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe

+ 2012-08-25 08:10 . 2009-03-08 02:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2012-08-25 08:10 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2012-08-25 08:10 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2012-08-25 08:11 . 2010-03-10 06:17 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll

+ 2012-08-25 08:11 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll

+ 2012-08-25 08:11 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe

+ 2012-08-25 08:11 . 2009-12-09 05:55 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll

+ 2002-12-31 12:00 . 2010-12-09 15:14 2153472 c:\windows\system32\ntoskrnl.exe

+ 2005-04-23 10:06 . 2010-12-09 15:14 2031616 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-21 12:10 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2002-12-31 12:00 . 2012-07-02 17:38 6008320 c:\windows\system32\dllcache\mshtml.dll

+ 2008-04-21 22:08 . 2012-07-02 17:38 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\8f57d.msp

+ 2008-04-21 13:43 . 2012-08-25 08:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 1209344 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll

+ 2012-08-25 08:12 . 2010-05-06 10:37 5950976 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 1985536 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll

+ 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-04-21 22:08 . 2012-07-02 21:08 11111424 c:\windows\system32\dllcache\ieframe.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 11076096 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280]

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496]

YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120]

S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - uphcleanhlp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56]

.

2012-08-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23]

.

2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q=

FF - user.js: extensions.Softonic.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-25 10:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(3212)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-25 10:33:12 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-25 08:32

ComboFix2.txt 2012-08-24 12:11

ComboFix3.txt 2012-08-24 05:59

.

Pre-Run: 29.009.039.360 bytes beschikbaar

Post-Run: 28.900.728.832 bytes beschikbaar

.

- - End Of File - - F154FD8E9F235296AD35F005758F6EDC

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:48:47, on 25-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--

End of file - 12264 bytes

hijack fail.doc

aangepast door annemarijke
Link naar reactie
Delen op andere sites

Dit is (bijna) perfect verlopen :

Download LSPfix.exe en zet het op je bureaublad.

1. Start het programma.

2. Selecteer "I know what I’am doing"

3. Selecteer ALLEEN dit bestand: t7844el32.dll

4. Klik op "remove" zodat het bestand naar het rechter venster gaat.

5. Klik op "Finish"

6. Herstart de PC.

7. Verwijder het bovengenoemde bestand uit de C:\Windows\System32-directory (indien aanwezig).

Link naar reactie
Delen op andere sites


Hallo, ik merk dat de pc en internetverbinding sneller reageert. Daarvoor mijn hartelijke dank:adore::-), ik neem aan dat de restanten van de virussen nu weg zijn, alleen zie ik bij temp nog steeds Perflib_Perfdata_41c staan!!! Kunnen jullie me zeggen of deze ook een bedreiging is voor mijn internet acites? En vraag ik me af..ben nogal nieuws (leer) chierig, wat zat er nou precies in mijn pc, virussen of andere storingen? Zou heel graag willen weten wat er rondzwierf in mijn pc.

ik trof trouwens geen directory aan in system 32

lieve groetjes van

Annemarijke

Link naar reactie
Delen op andere sites

Op je PC zaten diverse sporen van adware en programma's die commerciële informatie (ongewenst) doorsturen. Die zijn nu allemaal verwijderd. Ook een melding van een Trojaan is opgeruimd. Verder was er inderdaad een belemmering in je verbinding met Internet. Voor je Perflib_Perfdata_41c gaan we nog een volgende stap zetten :

  • Download The Avenger by Swandog46 naar je bureaublad.

  • Klik op Avenger.zip
  • Pak het bestand uit naar je bureaublad.
  • Start The Avenger door op het icoontje te dubbelklikken.
  • Vista en Windows 7 ->rechtsklik uitvoeren als Administrator.

Zet een vinkje bij 'Scan for rootkits en vink Automatically disable any rootkits found' uit.

avenger2.jpg

In het venster Input Script here, kopieer en plak je volgende vetgedrukte tekst:

files to delete:

C:\WINDOWS\temp\Perflib_Perfdata_41c.dat

Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/situatie/user. Indien je deze code op een andere computer gebruikt kan het schade toebrengen!

Klik nu op de knop Execute.

Klik Yes om te bevestigen.

Klik Yes wanneer gevraagd wordt om je PC te rebooten.

Je PC zal rebooten, indien niet doe het dan manueel.

Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

De logfile van Avenger staat ook in C:\avenger.txt

P.S. : bij het bestand dat je moest verwijderen moest je niet naar een "directory" zoeken, maar enkel in de map C:\Windows\System32

aangepast door kape
Link naar reactie
Delen op andere sites

Hallo,

Heb gedaan wat je vroeg, hieronder dus de logfile.

Maar zoals je in de file leest, kan ie Perflib_Perfdata_41c niet vinden, maar hij zit er wel, zojuist nog gekeken. Hardnekkig ding!!!!had ook al geprobeerd door naamwijziging of knippen voor in de prullenbak, maar geeft steeds aan dat ie door iets in gebruik is!!!!!!!krijg het niet verwijderd en deze Avenger dus ook niet, wat betekent dat ding eigenlijk, wat doet ie? Als ie verder geen kwaad doet, mag ie blijven. maar anders ....weg ermee.

Moet ik trouwens alle bestanden die ik van jouw heb bewaren op het bueaublad?

Vind het echt super dat je me zo helpt, ben je echt dankbaar, ken je niet maar je krijgt toch een virituele knuffel.

Lieve groetjes

Annemarijke

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "C:\WINDOWS\temp\Perflib_Perfdata_41c.dat" not found!

Deletion of file "C:\WINDOWS\temp\Perflib_Perfdata_41c.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Link naar reactie
Delen op andere sites

Probeer zoek.exe eens:

  • Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
    (hier of hier) kan je lezen hoe je dat doet.
  • Download daarna zoek.exe naar het bureaublad.
    • Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
    • Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.

    [*]Vervolgens zal er na een tijdje een venster geopend worden.

    [*]Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)

    [*]Kopieer nu onderstaande code en plak die in het grote invulvenster:

    %temp%\*;fs
    %windir%\temp\*;fs

    Sluit nu eerst alle overige nog openstaande programmavensters!

    [*]Klik daarna op de knop "Run script".

    [*]Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)

    [*]Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*]Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

 Delen


×
×
  • Nieuwe aanmaken...