Traag afsluiten.

[computerken]

ComboFix 09-11-25.05 - Opa 26/11/2009 18:15.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.215 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Opa\Mijn documenten\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\emMON.exe

c:\windows\system32\_003608_.tmp.dll

c:\windows\system32\_003611_.tmp.dll

c:\windows\system32\_003614_.tmp.dll

c:\windows\system32\_003764_.tmp.dll

c:\windows\system32\_003765_.tmp.dll

c:\windows\system32\_003766_.tmp.dll

c:\windows\system32\_003767_.tmp.dll

c:\windows\system32\_003774_.tmp.dll

c:\windows\system32\_003775_.tmp.dll

c:\windows\system32\_003776_.tmp.dll

c:\windows\system32\_003777_.tmp.dll

c:\windows\system32\_003779_.tmp.dll

c:\windows\system32\_003780_.tmp.dll

c:\windows\system32\_003783_.tmp.dll

c:\windows\system32\_003784_.tmp.dll

c:\windows\system32\_003786_.tmp.dll

c:\windows\system32\_003787_.tmp.dll

c:\windows\system32\_003788_.tmp.dll

c:\windows\system32\_003790_.tmp.dll

c:\windows\system32\_003791_.tmp.dll

c:\windows\system32\_003793_.tmp.dll

c:\windows\system32\_003797_.tmp.dll

c:\windows\system32\_003798_.tmp.dll

c:\windows\system32\_003800_.tmp.dll

c:\windows\system32\_003801_.tmp.dll

c:\windows\system32\_003803_.tmp.dll

c:\windows\system32\_003805_.tmp.dll

c:\windows\system32\_003806_.tmp.dll

c:\windows\system32\_003807_.tmp.dll

c:\windows\system32\_003808_.tmp.dll

c:\windows\system32\_003809_.tmp.dll

c:\windows\system32\_003812_.tmp.dll

c:\windows\system32\_003814_.tmp.dll

c:\windows\system32\_003815_.tmp.dll

c:\windows\system32\_003816_.tmp.dll

c:\windows\system32\_003820_.tmp.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-26 to 2009-11-26 ))))))))))))))))))))))))))))))

.

2009-11-26 17:29 . 2009-11-26 17:29 -------- d--h--r- c:\documents and settings\Opa\Onlangs geopend

2009-11-26 12:26 . 2009-11-26 12:26 -------- d-----w- c:\documents and settings\Opa\Application Data\Malwarebytes

2009-11-26 12:26 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-26 12:26 . 2009-11-26 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-26 12:26 . 2009-11-26 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-26 12:26 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-26 12:11 . 2009-11-15 23:33 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

2009-11-26 12:11 . 2009-11-15 23:33 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe

2009-11-26 12:11 . 2009-11-15 23:33 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe

2009-11-20 21:15 . 2009-11-20 21:15 -------- d-----w- c:\program files\DVD Shrink

2009-11-15 23:21 . 2009-11-15 23:21 -------- d-----w- c:\documents and settings\Opa\Application Data\AVGTOOLBAR

2009-11-15 22:47 . 2009-11-15 22:47 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-15 22:42 . 2009-11-18 11:24 -------- d-----w- C:\$AVG8.VAULT$

2009-11-15 22:42 . 2009-11-15 22:42 -------- d-----w- c:\documents and settings\Opa\Application Data\AVG8

2009-11-14 20:20 . 2009-11-15 22:13 -------- d-----w- c:\program files\UPHClean

2009-11-07 14:38 . 2009-11-07 14:38 152576 ----a-w- c:\documents and settings\Opa\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-07 13:13 . 2009-11-22 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-11-07 13:10 . 2009-11-15 22:40 -------- d-----w- c:\program files\iPod

2009-11-07 13:10 . 2009-11-15 22:41 -------- d-----w- c:\program files\iTunes

2009-11-05 11:24 . 2009-11-15 22:40 -------- d-----w- c:\program files\iPod(3)

2009-11-05 11:24 . 2009-11-15 22:40 -------- d-----w- c:\program files\iTunes(3)

2009-11-02 12:42 . 2009-11-02 13:04 -------- d-----w- C:\$AVG

2009-11-02 12:40 . 2009-11-22 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-11-01 22:30 . 2009-11-01 22:30 -------- d-----w- c:\documents and settings\Opa\Local Settings\Application Data\Temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-26 12:05 . 2007-07-03 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-15 23:33 . 2008-05-25 08:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-15 23:33 . 2008-05-25 08:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-15 23:33 . 2007-07-03 21:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-15 23:33 . 2008-05-25 08:58 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-15 22:46 . 2007-07-03 21:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-15 22:40 . 2007-07-05 15:33 -------- d-----w- c:\program files\Common Files\Apple

2009-11-07 14:39 . 2007-08-28 11:27 -------- d-----w- c:\program files\Java

2009-11-07 13:13 . 2008-10-16 10:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-03 16:28 . 2007-06-03 16:57 -------- d-----w- c:\program files\Belgacom

2009-11-02 12:41 . 2008-05-25 08:58 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll

2009-11-02 12:40 . 2008-05-25 08:58 -------- d-----w- c:\program files\AVG

2009-10-25 07:44 . 2001-09-07 12:00 90586 ----a-w- c:\windows\system32\perfc013.dat

2009-10-25 07:44 . 2001-09-07 12:00 508910 ----a-w- c:\windows\system32\perfh013.dat

2009-10-14 21:31 . 2007-06-02 10:43 -------- d-----w- c:\program files\Common Files\Adobe

2009-10-11 03:17 . 2008-11-07 13:22 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-27 08:46 . 2008-09-24 14:54 20352 ---ha-w- c:\windows\system32\mlfcache.dat

2009-09-25 17:24 . 2009-09-25 17:24 81768 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-09-25 12:51 . 2009-09-25 12:51 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

2009-09-14 12:16 . 2006-06-14 09:53 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys

2009-09-11 14:20 . 2007-06-02 11:43 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:05 . 2007-06-02 11:43 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:32 . 2007-06-02 11:43 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:32 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:32 . 2007-06-02 11:43 17408 ----a-w- c:\windows\system32\corpol.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-05-10 598920]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2003-06-20 118784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-15 23:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Opa\\Mijn documenten\\internet downloads\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Documents and Settings\\Opa\\Bureaublad\\Ongebruikte bureaubladpictogrammen\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/05/2008 9:58 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/05/2008 9:58 108552]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/11/2009 0:33 297752]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]

S2 gupdate1c986ca5e7458ae;Google Update Service (gupdate1c986ca5e7458ae);c:\program files\Google\Update\GoogleUpdate.exe [4/02/2009 14:13 133104]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp

.

Inhoud van de 'Gedeelde Taken' map

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 13:13]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 13:13]

2009-11-26 c:\windows\Tasks\User_Feed_Synchronization-{A8717693-F6D0-43BE-AF51-D03CA6A47835}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.nedsites.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{45EA41AA-9206-4330-B8B5-E6790C9565D5} - (no file)

HKLM-Run-emMON - emMON.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-11-26 18:28

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(704)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1524)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\WgaTray.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\System32\HPZipm12.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Voltooingstijd: 2009-11-26 18:33 - machine werd herstart

ComboFix-quarantined-files.txt 2009-11-26 17:33

Pre-Run: 55.721.893.888 bytes beschikbaar

Post-Run: 55.588.593.664 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - A03307C6628139681D698EF29F758F7C

[kape]

Flink wat weggeruimd. Maakt dat enig verschil ?

[computerken]

Wel,ik zou moeten zeggen dat het naar het raster toe,toch wel veel rapper gaat,indien het deze avond bij het afsluiten,ook zo is,dan denk ik dat de problemen opgelost zijn.

Met heel veel dank !!!!!!

Groeten.

[kape]

Laat nog iets weten, als je zeker bent. Want dan moet er nog wat opgeruimd worden

[computerken]

Ik moet u spijtig genoeg laten weten dat het hoera geroep een beetje te vroeg is gekomen,want de problemen zijn er terug.

[kape]

Vreesde ik al, want het lijkt niet echt een malwareprobleem te zijn (ondanks het feit dat er hier en daar wel wat opgeschoond werd door de verschillende tooltjes). Maar waar moeten we het dan wel zoeken ?

[stegisoft]

Uw Ccleaner wordt ook opgestart met de computer.

Schakel die optie eens uit en test het eens.

[computerken]

Bedankt voor de reactie.

Maar hoe moet ik Ccleaner uitschakelen bij opstarten a.u.b.?

[stegisoft]

Start Ccleaner

Klik op optie

Klik op instelling

Vink uit: computer automatisch schoonmaken bij opstarten.

[computerken]

Met Ccleaner uit te schakelen is er spijtig genoeg helemaal niets veranderd,de miserie is er nog steeds.