Perflib_Perfdata_41c bedreiging?

annemarijke · 24 augustus 2012

Ik heb allerlei trojan psw virussen op mijn pc (gehad)! ik heb jullie combofix gebruikt om deze virussen te verwijderen, met succes leek het, maar de bovenstaande "dat" bestand blijft in temp staan, krijg er niet uit, ik vraag me af is deze een bedreiging, kan ik hem laten staan of moet ie eruit? maar danis de vraag hoe?

groetjes Annemarijke

Asus · 24 augustus 2012

Kan je het onderstaande uitvoeren (produceren en posten van een HijackThis-logje) én post eveneens je ComboFix-logje, zo kunnen de malware-specialisten eventjes meekijken naar de actuele stand van zaken ?...

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

annemarijke · 24 augustus 2012

Hierbij mijn logs waar jullie naar vroegen i.v.m. mijn vraag omtrent Perflib_Perfdata_41c bedreiging of niet?

Hoop dat jullie mij kunnen helpen. Ben reuze benieuwd, echt super dat jullie dit doen. Hoop snel van jullie te lezen.

Lieve groetjes

Annemarijke

ComboFix 12-08-22.03 - Administrator 24-08-2012 7:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1423 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\0000.wmv

c:\documents and settings\Administrator\Application Data\PriceGong

c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Administrator\Application Data\SystemProc

c:\documents and settings\Administrator\Bureaublad\Internet Explorer.lnk

c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\igfxtray.exe

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Administrator\WUP116.tmp

c:\documents and settings\Administrator\WUP12C.tmp

c:\documents and settings\Administrator\WUP151.tmp

c:\documents and settings\Administrator\WUP152.tmp

c:\documents and settings\Administrator\WUP153.tmp

c:\documents and settings\Administrator\WUP154.tmp

c:\documents and settings\Administrator\WUP155.tmp

c:\documents and settings\Administrator\WUP156.tmp

c:\documents and settings\Administrator\WUP157.tmp

c:\documents and settings\Administrator\WUP158.tmp

c:\documents and settings\Administrator\WUP159.tmp

c:\documents and settings\Administrator\WUP15A.tmp

c:\documents and settings\Administrator\WUP15B.tmp

c:\documents and settings\Administrator\WUP15C.tmp

c:\documents and settings\Administrator\WUP15D.tmp

c:\documents and settings\Administrator\WUP15E.tmp

c:\documents and settings\Administrator\WUP15F.tmp

c:\documents and settings\Administrator\WUP160.tmp

c:\documents and settings\Administrator\WUP161.tmp

c:\documents and settings\Administrator\WUP161C.tmp

c:\documents and settings\Administrator\WUP1719.tmp

c:\documents and settings\Administrator\WUP17B1.tmp

c:\documents and settings\Administrator\WUP1900.tmp

c:\documents and settings\Administrator\WUP19D0.tmp

c:\documents and settings\Administrator\WUP19FC.tmp

c:\documents and settings\Administrator\WUP1A.tmp

c:\documents and settings\Administrator\WUP1A19.tmp

c:\documents and settings\Administrator\WUP1A78.tmp

c:\documents and settings\Administrator\WUP1BE3.tmp

c:\documents and settings\Administrator\WUP1C99.tmp

c:\documents and settings\Administrator\WUP1DB7.tmp

c:\documents and settings\Administrator\WUP2023.tmp

c:\documents and settings\Administrator\WUP2306.tmp

c:\documents and settings\Administrator\WUP247D.tmp

c:\documents and settings\Administrator\WUP2735.tmp

c:\documents and settings\Administrator\WUP2B09.tmp

c:\documents and settings\Administrator\WUP2BBE.tmp

c:\documents and settings\Administrator\WUP2CEB.tmp

c:\documents and settings\Administrator\WUP2D6F.tmp

c:\documents and settings\Administrator\WUP3086.tmp

c:\documents and settings\Administrator\WUP3239.tmp

c:\documents and settings\Administrator\WUP33DD.tmp

c:\documents and settings\Administrator\WUP3475.tmp

c:\documents and settings\Administrator\WUP352.tmp

c:\documents and settings\Administrator\WUP3E56.tmp

c:\documents and settings\Administrator\WUP3E79.tmp

c:\documents and settings\Administrator\WUP3FF6.tmp

c:\documents and settings\Administrator\WUP4136.tmp

c:\documents and settings\Administrator\WUP41F4.tmp

c:\documents and settings\Administrator\WUP4BD1.tmp

c:\documents and settings\Administrator\WUP4BF8.tmp

c:\documents and settings\Administrator\WUP4E.tmp

c:\documents and settings\Administrator\WUP4E23.tmp

c:\documents and settings\Administrator\WUP4EF6.tmp

c:\documents and settings\Administrator\WUP4FA0.tmp

c:\documents and settings\Administrator\WUP50F1.tmp

c:\documents and settings\Administrator\WUP5138.tmp

c:\documents and settings\Administrator\WUP534.tmp

c:\documents and settings\Administrator\WUP5666.tmp

c:\documents and settings\Administrator\WUP58DF.tmp

c:\documents and settings\Administrator\WUP59A.tmp

c:\documents and settings\Administrator\WUP5B42.tmp

c:\documents and settings\Administrator\WUP5BA9.tmp

c:\documents and settings\Administrator\WUP5BE.tmp

c:\documents and settings\Administrator\WUP5C43.tmp

c:\documents and settings\Administrator\WUP5E45.tmp

c:\documents and settings\Administrator\WUP5E9.tmp

c:\documents and settings\Administrator\WUP5F14.tmp

c:\documents and settings\Administrator\WUP5F62.tmp

c:\documents and settings\Administrator\WUP6089.tmp

c:\documents and settings\Administrator\WUP629.tmp

c:\documents and settings\Administrator\WUP62A.tmp

c:\documents and settings\Administrator\WUP64F5.tmp

c:\documents and settings\Administrator\WUP68F.tmp

c:\documents and settings\Administrator\WUP70A.tmp

c:\documents and settings\Administrator\WUP70A1.tmp

c:\documents and settings\Administrator\WUP737.tmp

c:\documents and settings\Administrator\WUP73C0.tmp

c:\documents and settings\Administrator\WUP760.tmp

c:\documents and settings\Administrator\WUP79.tmp

c:\documents and settings\Administrator\WUP7A.tmp

c:\documents and settings\Administrator\WUP7B.tmp

c:\documents and settings\Administrator\WUP7C.tmp

c:\documents and settings\Administrator\WUP7D.tmp

c:\documents and settings\Administrator\WUP7E.tmp

c:\documents and settings\Administrator\WUP7F.tmp

c:\documents and settings\Administrator\WUP80.tmp

c:\documents and settings\Administrator\WUP81.tmp

c:\documents and settings\Administrator\WUP82.tmp

c:\documents and settings\Administrator\WUP83.tmp

c:\documents and settings\Administrator\WUP84.tmp

c:\documents and settings\Administrator\WUP85.tmp

c:\documents and settings\Administrator\WUP86.tmp

c:\documents and settings\Administrator\WUP87.tmp

c:\documents and settings\Administrator\WUP88.tmp

c:\documents and settings\Administrator\WUP882.tmp

c:\documents and settings\Administrator\WUP89.tmp

c:\documents and settings\Administrator\WUP89E.tmp

c:\documents and settings\Administrator\WUP8A.tmp

c:\documents and settings\Administrator\WUP8B.tmp

c:\documents and settings\Administrator\WUP8C.tmp

c:\documents and settings\Administrator\WUP8D.tmp

c:\documents and settings\Administrator\WUP8E.tmp

c:\documents and settings\Administrator\WUP8F.tmp

c:\documents and settings\Administrator\WUP90.tmp

c:\documents and settings\Administrator\WUP91.tmp

c:\documents and settings\Administrator\WUP92.tmp

c:\documents and settings\Administrator\WUP93.tmp

c:\documents and settings\Administrator\WUP94.tmp

c:\documents and settings\Administrator\WUP95.tmp

c:\documents and settings\Administrator\WUP96.tmp

c:\documents and settings\Administrator\WUP97.tmp

c:\documents and settings\Administrator\WUP98.tmp

c:\documents and settings\Administrator\WUP99.tmp

c:\documents and settings\Administrator\WUP9A.tmp

c:\documents and settings\Administrator\WUP9B.tmp

c:\documents and settings\Administrator\WUP9C.tmp

c:\documents and settings\Administrator\WUP9D.tmp

c:\documents and settings\Administrator\WUP9E.tmp

c:\documents and settings\Administrator\WUP9F.tmp

c:\documents and settings\Administrator\WUPA0.tmp

c:\documents and settings\Administrator\WUPA1.tmp

c:\documents and settings\Administrator\WUPA2.tmp

c:\documents and settings\Administrator\WUPA5.tmp

c:\documents and settings\Administrator\WUPA7.tmp

c:\documents and settings\Administrator\WUPA8.tmp

c:\documents and settings\Administrator\WUPA9.tmp

c:\documents and settings\Administrator\WUPAA.tmp

c:\documents and settings\Administrator\WUPAB.tmp

c:\documents and settings\Administrator\WUPAC.tmp

c:\documents and settings\Administrator\WUPACF.tmp

c:\documents and settings\Administrator\WUPAD.tmp

c:\documents and settings\Administrator\WUPAE.tmp

c:\documents and settings\Administrator\WUPAF.tmp

c:\documents and settings\Administrator\WUPB0.tmp

c:\documents and settings\Administrator\WUPB1.tmp

c:\documents and settings\Administrator\WUPB2.tmp

c:\documents and settings\Administrator\WUPB3.tmp

c:\documents and settings\Administrator\WUPB36.tmp

c:\documents and settings\Administrator\WUPB4.tmp

c:\documents and settings\Administrator\WUPB5.tmp

c:\documents and settings\Administrator\WUPB6.tmp

c:\documents and settings\Administrator\WUPB7.tmp

c:\documents and settings\Administrator\WUPB8.tmp

c:\documents and settings\Administrator\WUPB9.tmp

c:\documents and settings\Administrator\WUPBA.tmp

c:\documents and settings\Administrator\WUPBB.tmp

c:\documents and settings\Administrator\WUPBC.tmp

c:\documents and settings\Administrator\WUPBCB.tmp

c:\documents and settings\Administrator\WUPBD.tmp

c:\documents and settings\Administrator\WUPBE.tmp

c:\documents and settings\Administrator\WUPBF.tmp

c:\documents and settings\Administrator\WUPC0.tmp

c:\documents and settings\Administrator\WUPC1.tmp

c:\documents and settings\Administrator\WUPC2.tmp

c:\documents and settings\Administrator\WUPC3.tmp

c:\documents and settings\Administrator\WUPC4.tmp

c:\documents and settings\Administrator\WUPC480.tmp

c:\documents and settings\Administrator\WUPC5.tmp

c:\documents and settings\Administrator\WUPC6.tmp

c:\documents and settings\Administrator\WUPC7.tmp

c:\documents and settings\Administrator\WUPC791.tmp

c:\documents and settings\Administrator\WUPD57.tmp

c:\documents and settings\Administrator\WUPDF.tmp

c:\documents and settings\Administrator\WUPE0.tmp

c:\documents and settings\Administrator\WUPE0B0.tmp

c:\documents and settings\Administrator\WUPE1.tmp

c:\documents and settings\Administrator\WUPE2.tmp

c:\documents and settings\Administrator\WUPE3.tmp

c:\documents and settings\Administrator\WUPE4.tmp

c:\documents and settings\Administrator\WUPE5.tmp

c:\documents and settings\Administrator\WUPE6.tmp

c:\documents and settings\Administrator\WUPE7.tmp

c:\documents and settings\Administrator\WUPE8.tmp

c:\documents and settings\Administrator\WUPE85.tmp

c:\documents and settings\Administrator\WUPE8D5.tmp

c:\documents and settings\Administrator\WUPE9.tmp

c:\documents and settings\Administrator\WUPEA.tmp

c:\documents and settings\Administrator\WUPEB.tmp

c:\documents and settings\Administrator\WUPEC.tmp

c:\documents and settings\Administrator\WUPED.tmp

c:\documents and settings\Administrator\WUPEE.tmp

c:\documents and settings\Administrator\WUPEF.tmp

c:\documents and settings\Administrator\WUPF0.tmp

c:\documents and settings\Administrator\WUPF1.tmp

c:\documents and settings\Administrator\WUPF2.tmp

c:\documents and settings\Administrator\WUPF3.tmp

c:\documents and settings\Administrator\WUPF4.tmp

c:\documents and settings\Administrator\WUPF4F8.tmp

c:\documents and settings\Administrator\WUPF5.tmp

c:\documents and settings\Administrator\WUPF6.tmp

c:\documents and settings\Administrator\WUPF7.tmp

c:\documents and settings\Administrator\WUPF751.tmp

c:\documents and settings\Administrator\WUPF8.tmp

c:\documents and settings\Administrator\WUPF9.tmp

c:\documents and settings\Administrator\WUPFA.tmp

c:\documents and settings\Administrator\WUPFA35.tmp

c:\documents and settings\Administrator\WUPFB.tmp

c:\documents and settings\Administrator\WUPFC.tmp

c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk

C:\Install.exe

c:\program files\ExcellentAdDisplay

c:\program files\ExcellentAdDisplay\uninstall.exe

c:\program files\Incredibar.com

c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf

c:\program files\Web Assistant\ExTEnsion32.dll

c:\windows\IsUn0413.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\951b6b803687647a.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\cc8c1434dfe4f922.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Driver

-------\Service_xcpip

-------\Service_xpsec

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))))

.

2012-08-24 05:10 . 2012-08-24 05:18 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012

2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search

2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG

2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll" [2012-07-10 274536]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280]

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496]

YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008]

R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [29-4-2012 14:32 185856]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576]

S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120]

S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - uphcleanhlp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56]

.

2012-08-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJprBAXQ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.incredibar_i.instlDay - 15459

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:33

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJprBAXQ

FF - user.js: extensions.incredibar_i.upn2n - 92261838775280566

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00087/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.Softonic.instlDay - 15459

FF - user.js: extensions.Softonic.vrsn - 1.6.4.3

FF - user.js: extensions.Softonic.vrsni - 1.6.4.3

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.314:41

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00087

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-AdobeBridge - (no file)

Notify-__c00778D1 - c:\windows\system32\__c00778D1.dat

Notify-__c00C37A1 - c:\windows\system32\__c00C37A1.dat

Notify-__c00D7980 - c:\windows\system32\__c00D7980.dat

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-24 07:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(4060)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-24 07:58:59 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-24 05:58

.

Pre-Run: 29.982.203.904 bytes beschikbaar

Post-Run: 29.941.633.024 bytes beschikbaar

.

- - End Of File - - 82D059427ABFAE8E82692B6CABE2AFB4

de Hijack log!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:24:59, on 24-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe

C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--

End of file - 12879 bytes

kape · 25 augustus 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\iq5c.sys

Folder::

c:\program files\Web Assistant

c:\program files\Incredibar.com

Driver::

Web Assistant Updater

iq5c.sys

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=-

[-HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[-HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[-HKEY_CLASSES_ROOT\Softonic.dskBnd]

DDS::

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

Firefox::

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJprBAXQ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.incredibar_i.instlDay - 15459

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:33

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJprBAXQ

FF - user.js: extensions.incredibar_i.upn2n - 92261838775280566

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00087/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - 5ce368c50000000000000015588deaa4

FF - user.js: extensions.Softonic.instlDay - 15459

FF - user.js: extensions.Softonic.vrsn - 1.6.4.3

FF - user.js: extensions.Softonic.vrsni - 1.6.4.3

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.314:41

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00087

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin – false

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

annemarijke · 25 augustus 2012

Hierbij de nieuwe combifix en hijack logs,

na het scannen met hijackthis kon ik 03 , 016 DPF imikini en 023 niet vinden om aan te kliken en dus daarmee geen fix checked doen!

Ik snap niet hoe jullie dit hieronder allemaal begrijpen haha, maar goed, ik hoop dat het werkt, kunnen jullie me al vertellen waar het mankement zit? en of het opgelost kan worden?

Ik leg mijn pc in handen van mensen die ik niet ken natuurlijk, maar vertrouw er helemaal op dat jullie te vertrouwen zijn.

groetjes

Annemarijke

ComboFix 12-08-22.03 - Administrator 25-08-2012 10:15:27.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1271 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

FILE ::

"c:\windows\system32\drivers\iq5c.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Web Assistant

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Web Assistant\Firefox\chrome.manifest

c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

c:\program files\Web Assistant\Firefox\chrome\content\main.js

c:\program files\Web Assistant\Firefox\chrome\content\main.xul

c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js

c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

c:\program files\Web Assistant\Firefox\install.rdf

c:\program files\Web Assistant\InstallerHelper.dll

c:\program files\Web Assistant\libraries\DataExchangeScript.js

c:\program files\Web Assistant\resources\localscript.js

c:\program files\Web Assistant\source.crx

c:\program files\Web Assistant\unins000.dat

c:\program files\Web Assistant\unins000.exe

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\SET25.tmp

c:\windows\system32\SET26.tmp

c:\windows\system32\SET98.tmp

c:\windows\system32\SETA0.tmp

c:\windows\system32\SETA1.tmp

c:\windows\system32\SETA2.tmp

c:\windows\system32\SETA6.tmp

c:\windows\system32\SETA7.tmp

c:\windows\system32\SETA8.tmp

c:\windows\system32\SETAC.tmp

c:\windows\system32\SETAE.tmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IQ5C.SYS

-------\Legacy_WEB_ASSISTANT_UPDATER

-------\Service_iq5c.sys

-------\Service_Web Assistant Updater

-------\Service_xcpip

-------\Service_xpsec

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-25 to 2012-08-25 ))))))))))))))))))))))))))))))

.

2012-08-25 08:20 . 2012-08-19 23:53 7023536 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2012-08-25 08:05 . 2012-08-25 08:08 -------- d-----w- c:\windows\LastGood.Tmp

2012-08-25 07:57 . 2012-08-25 08:08 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2012-08-24 12:02 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-08-24 10:52 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-08-24 10:52 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-08-24 10:52 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll

2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012

2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search

2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG

2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-02 17:38 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:38 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-06-02 13:19 . 2008-04-21 15:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2008-04-21 12:10 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2008-04-21 12:10 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2008-04-21 12:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2008-04-21 12:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2008-04-21 12:10 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2002-12-31 12:00 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2008-04-21 12:10 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2008-04-21 15:07 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2008-04-21 12:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2008-04-21 15:18 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2008-04-21 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2002-12-31 12:00 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 10:25 . 2009-10-04 07:33 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-08-24_05.53.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-25 08:27 . 2012-08-25 08:27 16384 c:\windows\Temp\Perflib_Perfdata_87c.dat

+ 2012-08-24 10:33 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll

+ 2012-08-24 10:33 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll

+ 2002-12-31 12:00 . 2011-11-20 06:12 60928 c:\windows\system32\packager.exe

+ 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\mshtmled.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\jsproxy.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\jsproxy.dll

+ 2002-12-31 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll

- 2002-12-31 12:00 . 2008-04-14 17:02 80384 c:\windows\system32\iccvid.dll

+ 2002-12-31 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys

- 2009-06-11 06:39 . 2010-05-06 10:37 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-06-11 06:39 . 2012-07-02 17:38 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe

+ 2008-04-21 12:10 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe

+ 2011-11-20 06:12 . 2011-11-20 06:12 60928 c:\windows\system32\dllcache\packager.exe

+ 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\dllcache\mshtmled.dll

- 2008-04-21 22:08 . 2010-05-06 10:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-04-21 22:08 . 2012-07-02 17:38 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2002-12-31 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll

+ 2002-12-31 12:00 . 2011-10-28 05:32 33280 c:\windows\system32\csrsrv.dll

- 2002-12-31 12:00 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll

+ 2008-04-21 13:43 . 2012-08-25 08:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll

+ 2012-08-25 08:12 . 2009-03-08 02:31 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll

+ 2012-08-25 08:12 . 2009-03-08 02:34 43008 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll

+ 2002-12-31 12:00 . 2011-03-04 06:36 420864 c:\windows\system32\vbscript.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\occache.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\occache.dll

+ 2002-12-31 12:00 . 2010-12-09 15:15 739328 c:\windows\system32\ntdll.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\mstime.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\mstime.dll

+ 2002-12-31 12:00 . 2010-12-20 17:25 735232 c:\windows\system32\lsasrv.dll

- 2002-12-31 12:00 . 2009-06-25 08:27 735232 c:\windows\system32\lsasrv.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\iepeers.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\iepeers.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\iedkcs32.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\iedkcs32.dll

+ 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe

+ 2008-04-21 12:10 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll

+ 2008-04-21 12:10 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 916992 c:\windows\system32\dllcache\wininet.dll

+ 2008-04-21 12:10 . 2011-04-30 03:00 758784 c:\windows\system32\dllcache\vgx.dll

+ 2008-05-09 10:56 . 2011-03-04 06:36 420864 c:\windows\system32\dllcache\vbscript.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 105984 c:\windows\system32\dllcache\url.dll

- 2002-12-31 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll

+ 2009-04-15 14:55 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\dllcache\occache.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-04-15 05:56 . 2010-12-09 15:15 739328 c:\windows\system32\dllcache\ntdll.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\dllcache\mstime.dll

- 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\dllcache\mstime.dll

+ 2008-04-21 22:08 . 2012-07-02 17:38 629760 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-04-15 05:56 . 2010-12-20 17:25 735232 c:\windows\system32\dllcache\lsasrv.dll

- 2009-04-15 05:56 . 2009-06-25 08:27 735232 c:\windows\system32\dllcache\lsasrv.dll

- 2008-05-09 10:56 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll

+ 2008-05-09 10:56 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll

- 2009-06-11 06:39 . 2010-05-06 10:36 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-06-11 06:39 . 2012-07-02 17:38 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\dllcache\iepeers.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-10 05:17 . 2012-07-02 17:38 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-10 05:17 . 2010-05-06 10:36 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 916480 c:\windows\ie8updates\KB2722913-IE8\wininet.dll

+ 2012-08-25 08:12 . 2009-03-08 02:34 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll

+ 2012-08-25 08:12 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll

+ 2012-08-25 08:12 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll

+ 2012-08-25 08:12 . 2010-05-06 10:37 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 599040 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll

+ 2012-08-25 08:12 . 2009-03-08 02:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll

+ 2012-08-25 08:12 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe

+ 2012-08-25 08:10 . 2009-03-08 02:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2012-08-25 08:10 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2012-08-25 08:10 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2012-08-25 08:11 . 2010-03-10 06:17 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll

+ 2012-08-25 08:11 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll

+ 2012-08-25 08:11 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe

+ 2012-08-25 08:11 . 2009-12-09 05:55 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll

+ 2002-12-31 12:00 . 2010-12-09 15:14 2153472 c:\windows\system32\ntoskrnl.exe

+ 2005-04-23 10:06 . 2010-12-09 15:14 2031616 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-21 12:10 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll

+ 2002-12-31 12:00 . 2012-07-02 17:38 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2002-12-31 12:00 . 2012-07-02 17:38 6008320 c:\windows\system32\dllcache\mshtml.dll

+ 2008-04-21 22:08 . 2012-07-02 17:38 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\8f57d.msp

+ 2008-04-21 13:43 . 2012-08-25 08:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-04-21 13:43 . 2010-07-15 06:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-04-21 13:43 . 2012-08-25 08:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-08-25 08:12 . 2010-05-06 10:37 1209344 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll

+ 2012-08-25 08:12 . 2010-05-06 10:37 5950976 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 1985536 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll

+ 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-04-21 22:08 . 2012-07-02 21:08 11111424 c:\windows\system32\dllcache\ieframe.dll

+ 2012-08-25 08:12 . 2010-05-06 10:36 11076096 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280]

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496]

YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120]

S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - uphcleanhlp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56]

.

2012-08-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23]

.

2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

.

2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q=

FF - user.js: extensions.Softonic.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-25 10:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(3212)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-25 10:33:12 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-25 08:32

ComboFix2.txt 2012-08-24 12:11

ComboFix3.txt 2012-08-24 05:59

.

Pre-Run: 29.009.039.360 bytes beschikbaar

Post-Run: 28.900.728.832 bytes beschikbaar

.

- - End Of File - - F154FD8E9F235296AD35F005758F6EDC

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:48:47, on 25-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe