annemarijke
Lid-
Items
13 -
Registratiedatum
-
Laatst bezocht
annemarijke's prestaties
-
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hallo Kape Het duurde ff voor ik je terug mail, sorry hiervoor, ik heb helaas nog niet kunnen doen wat je van me vroeg de laatste keer, merk trouwens wederom dat de pc weer supersloom reageert. Heb de AVG scanner erover heen gehaald en zit dus weer vol met trojans, zie hieronder, heb alleen ff een printscreen gemaakt, kun je in iedergeval zien waar het zoal in zit. [ATTACH]20901[/ATTACH] Verder heb ik weer vaste ongewenste "klanten"in mijn temp!! [ATTACH]20902[/ATTACH] Geef de mod een beetje op haha, denk eraan om mijn hele pc ff leg te gooien en alles erop nieuw in, maar ja dat is ook zon een gedoen, dus mijn laatste hoop ben jij. Hoop dat je me kunt helpen, ik denk namelijk dat er morgen weer meer in temp staat dan nu!! Groetjes Annemarijke trojaans.doc temp bestanden.doc -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hoop dat je er wijs uit kunt worden, hoop dat mijn "rest"gegevens niet openbaar zijn nu!!! Kun je me vertellen wat je nu zoal gevonden hebt? wat perifeb zit er nog steeds in namelijk. Hoop dat je me duidelijkheid kunt geven. Groetjes Annemarijke -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
1 x teveel geplaatst -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
! x teveel geplaatst -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hallo, Ik snap er niets van die perfib wil er gewoon niet uit, nu heeft ie weer een andere toevoegsel: perifib perfdata_acf. Volgens mij verdwijt de één en komt er een andere voor in de plaats. weet jij wat die perifib voor schade kan brengen? hij blijft maar komen. en het zoek.exe logje kan hem niet vinden terwijl die perifib toch duidelijk in temp zit. Hierbij het zoek.exe logje Zoek.exe Version 3.0.0.3 Updated 25-08-2012 Tool run by Administrator on zo 26-08-2012 at 18:36:47,42. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zoek.exe ==== Suspicious Entries Found ====================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop" "65533:TCP"="65533:TCP:*:Enabled:Services" "52344:TCP"="52344:TCP:*:Enabled:Services" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008" "5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4" "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop" "65533:TCP"="65533:TCP:*:Enabled:Services" "52344:TCP"="52344:TCP:*:Enabled:Services" ==== Deleting Files \ Folders ====================== "%windir%\temp\*" not found "C:\WINDOWS\temp\avginfo.id" deleted "C:\WINDOWS\temp\defaultCache.reg" deleted "C:\WINDOWS\temp\dw.log" deleted "C:\WINDOWS\temp\MpSigStub.log" deleted "C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not deleted "C:\WINDOWS\temp\WGAErrLog.txt" deleted After Reboot ==== Deleting Files / Folders ====================== "C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not found -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Ik snap er niets van waarom hij die niet kan verwijderen. Volgens log vind ie hem zelfs niet terwijl hij er duidelijk zit in temp. nu is het weer een perfib data_afc ! Waarschijnlijk gaat de één eruit en komt er weer een nieuwe in. Weet jij wat perifib doet? Het zoek.exe logje vervolg hieronder. Zoek.exe Version 3.0.0.3 Updated 25-08-2012 Tool run by Administrator on zo 26-08-2012 at 18:36:47,42. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zoek.exe ==== Suspicious Entries Found ====================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop" "65533:TCP"="65533:TCP:*:Enabled:Services" "52344:TCP"="52344:TCP:*:Enabled:Services" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008" "5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4" "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop" "65533:TCP"="65533:TCP:*:Enabled:Services" "52344:TCP"="52344:TCP:*:Enabled:Services" ==== Deleting Files \ Folders ====================== "%windir%\temp\*" not found "C:\WINDOWS\temp\avginfo.id" deleted "C:\WINDOWS\temp\defaultCache.reg" deleted "C:\WINDOWS\temp\dw.log" deleted "C:\WINDOWS\temp\MpSigStub.log" deleted "C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not deleted "C:\WINDOWS\temp\WGAErrLog.txt" deleted After Reboot ==== Deleting Files / Folders ====================== "C:\WINDOWS\temp\Perflib_Perfdata_b84.dat" not found -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hallo, Hierbij het logje van zoek.exe. de oude perfib met de nummer is eruit, heb nu een andere nummer: b84. stuur tevens een print screen van temp met perfib en de eigenschappen ervan, misschien kun jij door het zien van de gegevens dan iets mee, Zoek.exe Version 3.0.0.3 Updated 25-08-2012 Tool run by Administrator on zo 26-08-2012 at 9:53:58,31. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zoek.exe ==== Suspicious Entries Found ====================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop" "65533:TCP"="65533:TCP:*:Enabled:Services" "52344:TCP"="52344:TCP:*:Enabled:Services" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008" "5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4" "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop" "65533:TCP"="65533:TCP:*:Enabled:Services" "52344:TCP"="52344:TCP:*:Enabled:Services" ==== Deleting Files \ Folders ====================== "%temp%\*" not found "%windir%\temp\*" not found "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Arabic.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Czech.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Danish.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dutch.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\English.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Finnish.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\French.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\German.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Greek.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hebrew.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hungarian.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ichcop" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Italian.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Japanese.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Korean.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Norwegian.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ostmp.tmp" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Polish.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Portuguese(Brazil).bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Portuguese.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Russian.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sed.exe" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SimChin.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Spanish.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SWEDISH.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\swreg.exe" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thai.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TradChin.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Turkish.bin" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wget.exe" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF393.tmp" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF483F.tmp" deleted "C:\WINDOWS\temp\avginfo.id" deleted "C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat" not deleted "C:\WINDOWS\temp\Perflib_Perfdata_bac.dat" not deleted "C:\WINDOWS\temp\WGAErrLog.txt" deleted "C:\WINDOWS\temp\IXP000.TMP\BBSetup.exe" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BD.tmp" not deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msohtmlclip1" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE" deleted "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wzcfec" deleted "C:\WINDOWS\temp\E241E1DFBDF14CEDBCDA15DD56168EF4" deleted "C:\WINDOWS\temp\IXP000.TMP" not deleted After Reboot ==== Deleting Files / Folders ====================== "C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat" not found "C:\WINDOWS\temp\Perflib_Perfdata_bac.dat" not found "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BD.tmp" not found "C:\WINDOWS\temp\IXP000.TMP" not found -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hallo, Heb gedaan wat je vroeg, hieronder dus de logfile. Maar zoals je in de file leest, kan ie Perflib_Perfdata_41c niet vinden, maar hij zit er wel, zojuist nog gekeken. Hardnekkig ding!!!!had ook al geprobeerd door naamwijziging of knippen voor in de prullenbak, maar geeft steeds aan dat ie door iets in gebruik is!!!!!!!krijg het niet verwijderd en deze Avenger dus ook niet, wat betekent dat ding eigenlijk, wat doet ie? Als ie verder geen kwaad doet, mag ie blijven. maar anders ....weg ermee. Moet ik trouwens alle bestanden die ik van jouw heb bewaren op het bueaublad? Vind het echt super dat je me zo helpt, ben je echt dankbaar, ken je niet maar je krijgt toch een virituele knuffel. Lieve groetjes Annemarijke Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\temp\Perflib_Perfdata_41c.dat" not found! Deletion of file "C:\WINDOWS\temp\Perflib_Perfdata_41c.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hallo, ik merk dat de pc en internetverbinding sneller reageert. Daarvoor mijn hartelijke dank:adore:, ik neem aan dat de restanten van de virussen nu weg zijn, alleen zie ik bij temp nog steeds Perflib_Perfdata_41c staan!!! Kunnen jullie me zeggen of deze ook een bedreiging is voor mijn internet acites? En vraag ik me af..ben nogal nieuws (leer) chierig, wat zat er nou precies in mijn pc, virussen of andere storingen? Zou heel graag willen weten wat er rondzwierf in mijn pc. ik trof trouwens geen directory aan in system 32 lieve groetjes van Annemarijke -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hierbij de nieuwe combifix en hijack logs, na het scannen met hijackthis kon ik 03 , 016 DPF imikini en 023 niet vinden om aan te kliken en dus daarmee geen fix checked doen! Ik snap niet hoe jullie dit hieronder allemaal begrijpen haha, maar goed, ik hoop dat het werkt, kunnen jullie me al vertellen waar het mankement zit? en of het opgelost kan worden? Ik leg mijn pc in handen van mensen die ik niet ken natuurlijk, maar vertrouw er helemaal op dat jullie te vertrouwen zijn. groetjes Annemarijke ComboFix 12-08-22.03 - Administrator 25-08-2012 10:15:27.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1271 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . FILE :: "c:\windows\system32\drivers\iq5c.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\localscript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000013_.tmp.dll c:\windows\system32\SET25.tmp c:\windows\system32\SET26.tmp c:\windows\system32\SET98.tmp c:\windows\system32\SETA0.tmp c:\windows\system32\SETA1.tmp c:\windows\system32\SETA2.tmp c:\windows\system32\SETA6.tmp c:\windows\system32\SETA7.tmp c:\windows\system32\SETA8.tmp c:\windows\system32\SETAC.tmp c:\windows\system32\SETAE.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_IQ5C.SYS -------\Legacy_WEB_ASSISTANT_UPDATER -------\Service_iq5c.sys -------\Service_Web Assistant Updater -------\Service_xcpip -------\Service_xpsec . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))) . . 2012-08-25 08:20 . 2012-08-19 23:53 7023536 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2012-08-25 08:05 . 2012-08-25 08:08 -------- d-----w- c:\windows\LastGood.Tmp 2012-08-25 07:57 . 2012-08-25 08:08 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2012-08-24 12:02 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-08-24 10:52 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-08-24 10:52 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-08-24 10:52 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search 2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG 2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-02 17:38 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:38 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-06-02 13:19 . 2008-04-21 15:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2008-04-21 12:10 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2008-04-21 12:10 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-04-21 12:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-04-21 12:10 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2008-04-21 12:10 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2002-12-31 12:00 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-04-21 15:07 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2008-04-21 12:10 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-04-21 15:07 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-04-21 12:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2008-04-21 15:18 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2008-04-21 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2002-12-31 12:00 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 10:25 . 2009-10-04 07:33 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys . ((((((((((((((((((((((((((((( SnapShot@2012-08-24_05.53.09 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-25 08:27 . 2012-08-25 08:27 16384 c:\windows\Temp\Perflib_Perfdata_87c.dat + 2012-08-24 10:33 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll + 2012-08-24 10:33 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll + 2002-12-31 12:00 . 2011-11-20 06:12 60928 c:\windows\system32\packager.exe + 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\mshtmled.dll + 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\jsproxy.dll - 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\jsproxy.dll + 2002-12-31 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll - 2002-12-31 12:00 . 2008-04-14 17:02 80384 c:\windows\system32\iccvid.dll + 2002-12-31 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys - 2009-06-11 06:39 . 2010-05-06 10:37 12800 c:\windows\system32\dllcache\xpshims.dll + 2009-06-11 06:39 . 2012-07-02 17:38 12800 c:\windows\system32\dllcache\xpshims.dll + 2008-04-21 12:10 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll + 2008-04-21 12:10 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-21 12:10 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe + 2011-11-20 06:12 . 2011-11-20 06:12 60928 c:\windows\system32\dllcache\packager.exe + 2002-12-31 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\dllcache\mshtmled.dll - 2008-04-21 22:08 . 2010-05-06 10:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-04-21 22:08 . 2012-07-02 17:38 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2002-12-31 12:00 . 2012-07-02 17:38 43520 c:\windows\system32\dllcache\licmgr10.dll - 2002-12-31 12:00 . 2010-05-06 10:36 25600 c:\windows\system32\dllcache\jsproxy.dll + 2002-12-31 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\dllcache\jsproxy.dll - 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll + 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll + 2002-12-31 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll + 2002-12-31 12:00 . 2011-10-28 05:32 33280 c:\windows\system32\csrsrv.dll - 2002-12-31 12:00 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll + 2008-04-21 13:43 . 2012-08-25 08:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-04-21 13:43 . 2010-07-15 06:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-04-21 13:43 . 2012-08-25 08:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-04-21 13:43 . 2010-07-15 06:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-04-21 13:43 . 2012-08-25 08:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-04-21 13:43 . 2010-07-15 06:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2012-08-25 08:12 . 2010-05-06 10:37 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll + 2012-08-25 08:12 . 2009-03-08 02:31 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll + 2012-08-25 08:12 . 2010-05-06 10:36 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll + 2012-08-25 08:12 . 2009-03-08 02:34 43008 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll + 2012-08-25 08:12 . 2010-05-06 10:36 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll + 2002-12-31 12:00 . 2011-03-04 06:36 420864 c:\windows\system32\vbscript.dll + 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\occache.dll - 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\occache.dll + 2002-12-31 12:00 . 2010-12-09 15:15 739328 c:\windows\system32\ntdll.dll + 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\mstime.dll - 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\mstime.dll + 2002-12-31 12:00 . 2010-12-20 17:25 735232 c:\windows\system32\lsasrv.dll - 2002-12-31 12:00 . 2009-06-25 08:27 735232 c:\windows\system32\lsasrv.dll - 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\iepeers.dll + 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\iepeers.dll + 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\iedkcs32.dll - 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\iedkcs32.dll + 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe + 2008-04-21 12:10 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll + 2008-04-21 12:10 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll + 2008-04-21 12:10 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll + 2002-12-31 12:00 . 2012-07-02 17:38 916992 c:\windows\system32\dllcache\wininet.dll + 2008-04-21 12:10 . 2011-04-30 03:00 758784 c:\windows\system32\dllcache\vgx.dll + 2008-05-09 10:56 . 2011-03-04 06:36 420864 c:\windows\system32\dllcache\vbscript.dll + 2002-12-31 12:00 . 2012-07-02 17:38 105984 c:\windows\system32\dllcache\url.dll - 2002-12-31 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll + 2009-04-15 14:55 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll + 2002-12-31 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\dllcache\occache.dll - 2002-12-31 12:00 . 2010-05-06 10:37 206848 c:\windows\system32\dllcache\occache.dll + 2009-04-15 05:56 . 2010-12-09 15:15 739328 c:\windows\system32\dllcache\ntdll.dll + 2002-12-31 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\dllcache\mstime.dll - 2002-12-31 12:00 . 2010-05-06 10:37 611840 c:\windows\system32\dllcache\mstime.dll + 2008-04-21 22:08 . 2012-07-02 17:38 629760 c:\windows\system32\dllcache\msfeeds.dll + 2009-04-15 05:56 . 2010-12-20 17:25 735232 c:\windows\system32\dllcache\lsasrv.dll - 2009-04-15 05:56 . 2009-06-25 08:27 735232 c:\windows\system32\dllcache\lsasrv.dll - 2008-05-09 10:56 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:56 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll - 2009-06-11 06:39 . 2010-05-06 10:36 247808 c:\windows\system32\dllcache\ieproxy.dll + 2009-06-11 06:39 . 2012-07-02 17:38 247808 c:\windows\system32\dllcache\ieproxy.dll + 2002-12-31 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\dllcache\iepeers.dll - 2002-12-31 12:00 . 2010-05-06 10:36 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-06-10 05:17 . 2012-07-02 17:38 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-06-10 05:17 . 2010-05-06 10:36 743424 c:\windows\system32\dllcache\iedvtool.dll + 2002-12-31 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2002-12-31 12:00 . 2010-05-06 10:36 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2002-12-31 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe - 2008-04-21 13:43 . 2010-07-15 06:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-04-21 13:43 . 2012-08-25 08:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-04-21 13:43 . 2010-07-15 06:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-04-21 13:43 . 2012-08-25 08:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-04-21 13:43 . 2010-07-15 06:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-04-21 13:43 . 2012-08-25 08:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-04-21 13:43 . 2010-07-15 06:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-04-21 13:43 . 2012-08-25 08:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-04-21 13:43 . 2012-08-25 08:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-04-21 13:43 . 2010-07-15 06:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-04-21 13:43 . 2010-07-15 06:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-04-21 13:43 . 2012-08-25 08:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-04-21 13:43 . 2010-07-15 06:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-04-21 13:43 . 2012-08-25 08:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2012-08-25 08:12 . 2010-05-06 10:37 916480 c:\windows\ie8updates\KB2722913-IE8\wininet.dll + 2012-08-25 08:12 . 2009-03-08 02:34 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll + 2012-08-25 08:12 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll + 2012-08-25 08:12 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe + 2012-08-25 08:12 . 2010-05-06 10:37 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll + 2012-08-25 08:12 . 2010-05-06 10:37 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll + 2012-08-25 08:12 . 2010-05-06 10:36 599040 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll + 2012-08-25 08:12 . 2009-03-08 02:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll + 2012-08-25 08:12 . 2010-05-06 10:36 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll + 2012-08-25 08:12 . 2010-05-06 10:36 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll + 2012-08-25 08:12 . 2010-05-06 10:36 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll + 2012-08-25 08:12 . 2010-05-06 10:36 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll + 2012-08-25 08:12 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe + 2012-08-25 08:10 . 2009-03-08 02:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll + 2012-08-25 08:10 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll + 2012-08-25 08:10 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe + 2012-08-25 08:11 . 2010-03-10 06:17 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll + 2012-08-25 08:11 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll + 2012-08-25 08:11 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe + 2012-08-25 08:11 . 2009-12-09 05:55 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll + 2002-12-31 12:00 . 2010-12-09 15:14 2153472 c:\windows\system32\ntoskrnl.exe + 2005-04-23 10:06 . 2010-12-09 15:14 2031616 c:\windows\system32\ntkrnlpa.exe + 2008-04-21 12:10 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll + 2002-12-31 12:00 . 2012-07-02 17:38 1212416 c:\windows\system32\dllcache\urlmon.dll + 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\system32\dllcache\ntoskrnl.exe + 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe + 2002-12-31 12:00 . 2012-07-02 17:38 6008320 c:\windows\system32\dllcache\mshtml.dll + 2008-04-21 22:08 . 2012-07-02 17:38 2000384 c:\windows\system32\dllcache\iertutil.dll + 2012-04-04 20:37 . 2012-04-04 20:37 3149824 c:\windows\Installer\8f57d.msp + 2008-04-21 13:43 . 2012-08-25 08:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-04-21 13:43 . 2010-07-15 06:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-04-21 13:43 . 2010-07-15 06:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-04-21 13:43 . 2012-08-25 08:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2012-08-25 08:12 . 2010-05-06 10:37 1209344 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll + 2012-08-25 08:12 . 2010-05-06 10:37 5950976 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll + 2012-08-25 08:12 . 2010-05-06 10:36 1985536 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll + 2008-10-15 18:55 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-10-15 18:55 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-15 18:55 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-10-15 18:55 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-04-21 22:08 . 2012-07-02 21:08 11111424 c:\windows\system32\dllcache\ieframe.dll + 2012-08-25 08:12 . 2010-05-06 10:36 11076096 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280] Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496] YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120] S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - uphcleanhlp . Inhoud van de 'Gedeelde Taken' map . 2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56] . 2012-08-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23] . 2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17] . 2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q= FF - user.js: extensions.Softonic.admin - false . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-25 10:28 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(3212) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Common Files\Teleca Shared\logger.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\UPHClean\uphclean.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe . ************************************************************************** . Voltooingstijd: 2012-08-25 10:33:12 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-25 08:32 ComboFix2.txt 2012-08-24 12:11 ComboFix3.txt 2012-08-24 05:59 . Pre-Run: 29.009.039.360 bytes beschikbaar Post-Run: 28.900.728.832 bytes beschikbaar . - - End Of File - - F154FD8E9F235296AD35F005758F6EDC Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:48:47, on 25-8-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- End of file - 12264 bytes hijack fail.doc -
Perflib_Perfdata_41c bedreiging?
annemarijke reageerde op annemarijke's topic in Archief Bestrijding malware & virussen
Hierbij mijn logs waar jullie naar vroegen i.v.m. mijn vraag omtrent Perflib_Perfdata_41c bedreiging of niet? Hoop dat jullie mij kunnen helpen. Ben reuze benieuwd, echt super dat jullie dit doen. Hoop snel van jullie te lezen. Lieve groetjes Annemarijke ComboFix 12-08-22.03 - Administrator 24-08-2012 7:46.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1423 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\0000.wmv c:\documents and settings\Administrator\Application Data\PriceGong c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml c:\documents and settings\Administrator\Application Data\SystemProc c:\documents and settings\Administrator\Bureaublad\Internet Explorer.lnk c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\igfxtray.exe c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Administrator\WUP116.tmp c:\documents and settings\Administrator\WUP12C.tmp c:\documents and settings\Administrator\WUP151.tmp c:\documents and settings\Administrator\WUP152.tmp c:\documents and settings\Administrator\WUP153.tmp c:\documents and settings\Administrator\WUP154.tmp c:\documents and settings\Administrator\WUP155.tmp c:\documents and settings\Administrator\WUP156.tmp c:\documents and settings\Administrator\WUP157.tmp c:\documents and settings\Administrator\WUP158.tmp c:\documents and settings\Administrator\WUP159.tmp c:\documents and settings\Administrator\WUP15A.tmp c:\documents and settings\Administrator\WUP15B.tmp c:\documents and settings\Administrator\WUP15C.tmp c:\documents and settings\Administrator\WUP15D.tmp c:\documents and settings\Administrator\WUP15E.tmp c:\documents and settings\Administrator\WUP15F.tmp c:\documents and settings\Administrator\WUP160.tmp c:\documents and settings\Administrator\WUP161.tmp c:\documents and settings\Administrator\WUP161C.tmp c:\documents and settings\Administrator\WUP1719.tmp c:\documents and settings\Administrator\WUP17B1.tmp c:\documents and settings\Administrator\WUP1900.tmp c:\documents and settings\Administrator\WUP19D0.tmp c:\documents and settings\Administrator\WUP19FC.tmp c:\documents and settings\Administrator\WUP1A.tmp c:\documents and settings\Administrator\WUP1A19.tmp c:\documents and settings\Administrator\WUP1A78.tmp c:\documents and settings\Administrator\WUP1BE3.tmp c:\documents and settings\Administrator\WUP1C99.tmp c:\documents and settings\Administrator\WUP1DB7.tmp c:\documents and settings\Administrator\WUP2023.tmp c:\documents and settings\Administrator\WUP2306.tmp c:\documents and settings\Administrator\WUP247D.tmp c:\documents and settings\Administrator\WUP2735.tmp c:\documents and settings\Administrator\WUP2B09.tmp c:\documents and settings\Administrator\WUP2BBE.tmp c:\documents and settings\Administrator\WUP2CEB.tmp c:\documents and settings\Administrator\WUP2D6F.tmp c:\documents and settings\Administrator\WUP3086.tmp c:\documents and settings\Administrator\WUP3239.tmp c:\documents and settings\Administrator\WUP33DD.tmp c:\documents and settings\Administrator\WUP3475.tmp c:\documents and settings\Administrator\WUP352.tmp c:\documents and settings\Administrator\WUP3E56.tmp c:\documents and settings\Administrator\WUP3E79.tmp c:\documents and settings\Administrator\WUP3FF6.tmp c:\documents and settings\Administrator\WUP4136.tmp c:\documents and settings\Administrator\WUP41F4.tmp c:\documents and settings\Administrator\WUP4BD1.tmp c:\documents and settings\Administrator\WUP4BF8.tmp c:\documents and settings\Administrator\WUP4E.tmp c:\documents and settings\Administrator\WUP4E23.tmp c:\documents and settings\Administrator\WUP4EF6.tmp c:\documents and settings\Administrator\WUP4FA0.tmp c:\documents and settings\Administrator\WUP50F1.tmp c:\documents and settings\Administrator\WUP5138.tmp c:\documents and settings\Administrator\WUP534.tmp c:\documents and settings\Administrator\WUP5666.tmp c:\documents and settings\Administrator\WUP58DF.tmp c:\documents and settings\Administrator\WUP59A.tmp c:\documents and settings\Administrator\WUP5B42.tmp c:\documents and settings\Administrator\WUP5BA9.tmp c:\documents and settings\Administrator\WUP5BE.tmp c:\documents and settings\Administrator\WUP5C43.tmp c:\documents and settings\Administrator\WUP5E45.tmp c:\documents and settings\Administrator\WUP5E9.tmp c:\documents and settings\Administrator\WUP5F14.tmp c:\documents and settings\Administrator\WUP5F62.tmp c:\documents and settings\Administrator\WUP6089.tmp c:\documents and settings\Administrator\WUP629.tmp c:\documents and settings\Administrator\WUP62A.tmp c:\documents and settings\Administrator\WUP64F5.tmp c:\documents and settings\Administrator\WUP68F.tmp c:\documents and settings\Administrator\WUP70A.tmp c:\documents and settings\Administrator\WUP70A1.tmp c:\documents and settings\Administrator\WUP737.tmp c:\documents and settings\Administrator\WUP73C0.tmp c:\documents and settings\Administrator\WUP760.tmp c:\documents and settings\Administrator\WUP79.tmp c:\documents and settings\Administrator\WUP7A.tmp c:\documents and settings\Administrator\WUP7B.tmp c:\documents and settings\Administrator\WUP7C.tmp c:\documents and settings\Administrator\WUP7D.tmp c:\documents and settings\Administrator\WUP7E.tmp c:\documents and settings\Administrator\WUP7F.tmp c:\documents and settings\Administrator\WUP80.tmp c:\documents and settings\Administrator\WUP81.tmp c:\documents and settings\Administrator\WUP82.tmp c:\documents and settings\Administrator\WUP83.tmp c:\documents and settings\Administrator\WUP84.tmp c:\documents and settings\Administrator\WUP85.tmp c:\documents and settings\Administrator\WUP86.tmp c:\documents and settings\Administrator\WUP87.tmp c:\documents and settings\Administrator\WUP88.tmp c:\documents and settings\Administrator\WUP882.tmp c:\documents and settings\Administrator\WUP89.tmp c:\documents and settings\Administrator\WUP89E.tmp c:\documents and settings\Administrator\WUP8A.tmp c:\documents and settings\Administrator\WUP8B.tmp c:\documents and settings\Administrator\WUP8C.tmp c:\documents and settings\Administrator\WUP8D.tmp c:\documents and settings\Administrator\WUP8E.tmp c:\documents and settings\Administrator\WUP8F.tmp c:\documents and settings\Administrator\WUP90.tmp c:\documents and settings\Administrator\WUP91.tmp c:\documents and settings\Administrator\WUP92.tmp c:\documents and settings\Administrator\WUP93.tmp c:\documents and settings\Administrator\WUP94.tmp c:\documents and settings\Administrator\WUP95.tmp c:\documents and settings\Administrator\WUP96.tmp c:\documents and settings\Administrator\WUP97.tmp c:\documents and settings\Administrator\WUP98.tmp c:\documents and settings\Administrator\WUP99.tmp c:\documents and settings\Administrator\WUP9A.tmp c:\documents and settings\Administrator\WUP9B.tmp c:\documents and settings\Administrator\WUP9C.tmp c:\documents and settings\Administrator\WUP9D.tmp c:\documents and settings\Administrator\WUP9E.tmp c:\documents and settings\Administrator\WUP9F.tmp c:\documents and settings\Administrator\WUPA0.tmp c:\documents and settings\Administrator\WUPA1.tmp c:\documents and settings\Administrator\WUPA2.tmp c:\documents and settings\Administrator\WUPA5.tmp c:\documents and settings\Administrator\WUPA7.tmp c:\documents and settings\Administrator\WUPA8.tmp c:\documents and settings\Administrator\WUPA9.tmp c:\documents and settings\Administrator\WUPAA.tmp c:\documents and settings\Administrator\WUPAB.tmp c:\documents and settings\Administrator\WUPAC.tmp c:\documents and settings\Administrator\WUPACF.tmp c:\documents and settings\Administrator\WUPAD.tmp c:\documents and settings\Administrator\WUPAE.tmp c:\documents and settings\Administrator\WUPAF.tmp c:\documents and settings\Administrator\WUPB0.tmp c:\documents and settings\Administrator\WUPB1.tmp c:\documents and settings\Administrator\WUPB2.tmp c:\documents and settings\Administrator\WUPB3.tmp c:\documents and settings\Administrator\WUPB36.tmp c:\documents and settings\Administrator\WUPB4.tmp c:\documents and settings\Administrator\WUPB5.tmp c:\documents and settings\Administrator\WUPB6.tmp c:\documents and settings\Administrator\WUPB7.tmp c:\documents and settings\Administrator\WUPB8.tmp c:\documents and settings\Administrator\WUPB9.tmp c:\documents and settings\Administrator\WUPBA.tmp c:\documents and settings\Administrator\WUPBB.tmp c:\documents and settings\Administrator\WUPBC.tmp c:\documents and settings\Administrator\WUPBCB.tmp c:\documents and settings\Administrator\WUPBD.tmp c:\documents and settings\Administrator\WUPBE.tmp c:\documents and settings\Administrator\WUPBF.tmp c:\documents and settings\Administrator\WUPC0.tmp c:\documents and settings\Administrator\WUPC1.tmp c:\documents and settings\Administrator\WUPC2.tmp c:\documents and settings\Administrator\WUPC3.tmp c:\documents and settings\Administrator\WUPC4.tmp c:\documents and settings\Administrator\WUPC480.tmp c:\documents and settings\Administrator\WUPC5.tmp c:\documents and settings\Administrator\WUPC6.tmp c:\documents and settings\Administrator\WUPC7.tmp c:\documents and settings\Administrator\WUPC791.tmp c:\documents and settings\Administrator\WUPD57.tmp c:\documents and settings\Administrator\WUPDF.tmp c:\documents and settings\Administrator\WUPE0.tmp c:\documents and settings\Administrator\WUPE0B0.tmp c:\documents and settings\Administrator\WUPE1.tmp c:\documents and settings\Administrator\WUPE2.tmp c:\documents and settings\Administrator\WUPE3.tmp c:\documents and settings\Administrator\WUPE4.tmp c:\documents and settings\Administrator\WUPE5.tmp c:\documents and settings\Administrator\WUPE6.tmp c:\documents and settings\Administrator\WUPE7.tmp c:\documents and settings\Administrator\WUPE8.tmp c:\documents and settings\Administrator\WUPE85.tmp c:\documents and settings\Administrator\WUPE8D5.tmp c:\documents and settings\Administrator\WUPE9.tmp c:\documents and settings\Administrator\WUPEA.tmp c:\documents and settings\Administrator\WUPEB.tmp c:\documents and settings\Administrator\WUPEC.tmp c:\documents and settings\Administrator\WUPED.tmp c:\documents and settings\Administrator\WUPEE.tmp c:\documents and settings\Administrator\WUPEF.tmp c:\documents and settings\Administrator\WUPF0.tmp c:\documents and settings\Administrator\WUPF1.tmp c:\documents and settings\Administrator\WUPF2.tmp c:\documents and settings\Administrator\WUPF3.tmp c:\documents and settings\Administrator\WUPF4.tmp c:\documents and settings\Administrator\WUPF4F8.tmp c:\documents and settings\Administrator\WUPF5.tmp c:\documents and settings\Administrator\WUPF6.tmp c:\documents and settings\Administrator\WUPF7.tmp c:\documents and settings\Administrator\WUPF751.tmp c:\documents and settings\Administrator\WUPF8.tmp c:\documents and settings\Administrator\WUPF9.tmp c:\documents and settings\Administrator\WUPFA.tmp c:\documents and settings\Administrator\WUPFA35.tmp c:\documents and settings\Administrator\WUPFB.tmp c:\documents and settings\Administrator\WUPFC.tmp c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk C:\Install.exe c:\program files\ExcellentAdDisplay c:\program files\ExcellentAdDisplay\uninstall.exe c:\program files\Incredibar.com c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\program files\Web Assistant\ExTEnsion32.dll c:\windows\IsUn0413.exe c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\951b6b803687647a.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\cc8c1434dfe4f922.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Driver -------\Service_xcpip -------\Service_xpsec . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))) . . 2012-08-24 05:10 . 2012-08-24 05:18 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2012-08-04 07:46 . 2012-08-04 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2012-08-04 07:45 . 2012-08-24 05:18 -------- d-----w- c:\program files\AVG Secure Search 2012-08-04 07:44 . 2012-08-04 07:44 -------- d-----w- C:\$AVG 2012-08-04 07:43 . 2012-08-04 07:43 -------- d-----w- c:\program files\AVG . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 06:56 . 2012-04-24 06:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 06:56 . 2012-03-27 11:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 00:15 . 2012-04-29 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [7] 2002-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-05 07:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-07-10 09:23 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll" [2012-07-10 274536] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-05 2074208] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "mnu"="c:\program files\Orange\GLOBAL\Mnu\igomnu.exe" [2006-05-01 437976] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-05 1107552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ Video Converter\MediaTVMonitor.exe [2010-8-27 737280] Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-3-17 151552] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-3-17 106496] YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [5-8-2012 9:53 935008] R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [29-4-2012 14:32 185856] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 14:00 3584] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24-4-2012 8:43 250056] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16-12-2008 10:08 36512] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 10:17 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [18-4-2011 20:46 24576] S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29-4-2012 13:58 113120] S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [27-8-2010 12:05 278016] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - uphcleanhlp . Inhoud van de 'Gedeelde Taken' map . 2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:56] . 2012-08-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 07:23] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17] . 2012-04-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h9ycp18q.default\ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc44cf840-9757-46fa-9f54-0e27a92be407%7D&mid=6a5f77e025ed47d1a387d15c1e690357-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-08-04%2009%3A45%3A42&sap=ku&q= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJprBAXQ&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 5ce368c50000000000000015588deaa4 FF - user.js: extensions.incredibar_i.instlDay - 15459 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:33 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyJprBAXQ FF - user.js: extensions.incredibar_i.upn2n - 92261838775280566 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.newTab - false FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00087/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 5ce368c50000000000000015588deaa4 FF - user.js: extensions.Softonic.instlDay - 15459 FF - user.js: extensions.Softonic.vrsn - 1.6.4.3 FF - user.js: extensions.Softonic.vrsni - 1.6.4.3 FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.314:41 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00087 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKCU-Run-AdobeBridge - (no file) Notify-__c00778D1 - c:\windows\system32\__c00778D1.dat Notify-__c00C37A1 - c:\windows\system32\__c00C37A1.dat Notify-__c00D7980 - c:\windows\system32\__c00D7980.dat AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-24 07:55 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-823518204-152049171-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,43,f5,5f,05,a8,4d,41,ae,e9,bd,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(4060) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Common Files\Teleca Shared\logger.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\UPHClean\uphclean.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-08-24 07:58:59 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-24 05:58 . Pre-Run: 29.982.203.904 bytes beschikbaar Post-Run: 29.941.633.024 bytes beschikbaar . - - End Of File - - 82D059427ABFAE8E82692B6CABE2AFB4 de Hijack log! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:24:59, on 24-8-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrator\Mijn documenten\Nieuwe map\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ Video Converter\MediaTVMonitor.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t7844el32.dll' missing O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208790404968 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208790397921 O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- End of file - 12879 bytes -
Is Perflib_Perfdata_41c bedreiging?
annemarijke plaatste een topic in Archief Bestrijding malware & virussen
Ik heb allerlei trojan psw virussen op mijn pc (gehad)! ik heb jullie combofix gebruikt om deze virussen te verwijderen, met succes leek het, maar de bovenstaande "dat" bestand blijft in temp staan, krijg er niet uit, ik vraag me af is deze een bedreiging, kan ik hem laten staan of moet ie eruit? maar danis de vraag hoe? groetjes Annemarijke -
Perflib_Perfdata_41c bedreiging?
annemarijke plaatste een topic in Archief Bestrijding malware & virussen
Ik heb allerlei trojan psw virussen op mijn pc (gehad)! ik heb jullie combofix gebruikt om deze virussen te verwijderen, met succes leek het, maar de bovenstaande "dat" bestand blijft in temp staan, krijg er niet uit, ik vraag me af is deze een bedreiging, kan ik hem laten staan of moet ie eruit? maar danis de vraag hoe? groetjes Annemarijke
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!