windows live messenger 2009 slaat spontaan vast of valt ineens weg

[ruud jansen]

Ok Angel,

Dat zal ik eens doen; is het misschien een idee om hier zo'n hijackthis-log te plaatsen?

Gr. Ruud

---------- Post toegevoegd om 00:10 ---------- Vorige post was om 23:55 ----------

Hoi Angel,

Hieronder het resultaat, onderstaande programma's staan d'r al heel lang op en hebben nooit problemen opgeleverd.

Gr. Ruud

Detection Statistics:

17 Applications Detected in Total

9 Insecure Versions Detected

8 Patched Versions Detected

Running For:

12 Minutes, 9 Seconds

Errors with the scan:

0 Errors Detected, scan result should be correct

Scan Options:

Enable thorough system inspection

Display only insecure programs

Status / Currently Processing:

Detection completed successfully

Programs / Result Version Detected Status

Adobe Reader 6.x 6.0.1.1091

Adobe Reader 7.x 7.0.0.1333

Adobe Reader 8.x 8.1.0.137

Apple iTunes 4.x 4.6.0.15

Apple Quicktime 6.x 6.5.1.17

Mozilla Firefox 3.0.x 3.0.4

Winamp 5.x 5.1.3.387

Adobe Flash Player 10.x 10.0.12.36 (ActiveX)

Macromedia Flash Player 6.x 6.0.79.0

[Gast Angel_]

Die HJT log is een goed idee, Ruud.

Het kan nooit kwaad.

Het zal wel Kape zijn die het logje gaat nakijken, hij is de Expert.

Je zal dus wat geduld moeten hebben, tot hij Online is.

Groetjes

Angel

[ruud jansen]

Ok Angel, alvast bedankt,

Gr. Ruud

Logfile of random's system information tool 1.06 (written by random/random)

Run by ruud at 2009-12-01 23:42:41

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 55 GB (58%) free of 95 GB

Total RAM: 511 MB (2% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:49, on 1-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\windows\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\AGRSMMSG.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\windows\system32\rundll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\windows\system32\mmc.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\windows\system32\taskmgr.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\windows\system32\mmc.exe

C:\Documents and Settings\ruud\Mijn documenten\downloads\RSIT.exe

C:\Documents and Settings\ruud\Mijn documenten\downloads\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\ruud.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=presario&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com

O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com

O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com

O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com

O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com

O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com

O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com

O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com

O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com

O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com

O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com

O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com

O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com

O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com

O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net

O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net

O1 - Hosts: 82.43.229.238 test2.winmxgroup.net

O1 - Hosts: 205.238.40.1 test3.winmxgroup.net

O1 - Hosts: 205.238.40.2 test4.winmxgroup.net

O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net

O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net

O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net

O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net

O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: E-mail.lnk = ?

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk.disabled

O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Office.lnk.disabled

O4 - Global Startup: Nokia Nseries PC Suite.lnk.disabled

O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229098692046

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: TipCtrl - Utipu inc. - C:\Program Files\uTIPu\TipCtrl.exe

--

End of file - 14174 bytes

======Scheduled tasks folder======

C:\windows\tasks\GlaryInitialize.job

C:\windows\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"=C:\windows\AGRSMMSG.exe [2004-09-04 88363]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]

"SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2009-03-12 326792]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen 3.1"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-27 1073152]

"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-12-01 3883856]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

BTTray.lnk.disabled - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

HP Digital Imaging Monitor.lnk.disabled - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

Microsoft Office.lnk.disabled - C:\Program Files\Microsoft Office\Office\OSA9.EXE

Nokia Nseries PC Suite.lnk.disabled - C:\Program Files\Nokia\NNPCS\RunLauncher.exe

C:\Documents and Settings\ruud\Menu Start\Programma's\Opstarten

E-mail.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\windows\system32\avgrsstx.dll [2009-01-31 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"

"C:\Documents and Settings\ruud\Local Settings\Temp\Tijdelijke map 1 voor winmx354beta4.zip\WinMX.exe"="C:\Documents and Settings\ruud\Local Settings\Temp\Tijdelijke map 1 voor winmx354beta4.zip\WinMX.exe:*:Enabled:WinMX Application"

"C:\Documents and Settings\ruud\Local Settings\Temp\Tijdelijke map 4 voor winmx354beta4.zip\WinMX.exe"="C:\Documents and Settings\ruud\Local Settings\Temp\Tijdelijke map 4 voor winmx354beta4.zip\WinMX.exe:*:Enabled:WinMX Application"

"C:\Documents and Settings\ruud\Local Settings\Temp\Tijdelijke map 2 voor winmx354beta4.zip\WinMX.exe"="C:\Documents and Settings\ruud\Local Settings\Temp\Tijdelijke map 2 voor winmx354beta4.zip\WinMX.exe:*:Enabled:WinMX Application"

"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp"="C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Program Files\LimeWire Plus\LimeWire.exe"="C:\Program Files\LimeWire Plus\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-12-01 23:42:41 ----D---- C:\rsit

2009-11-25 15:16:01 ----HDC---- C:\windows\$NtUninstallKB976098-v2$

2009-11-25 15:15:04 ----HDC---- C:\windows\$NtUninstallKB973687$

2009-11-25 14:25:23 ----D---- C:\Program Files\CCleaner

2009-11-16 12:12:21 ----D---- C:\Documents and Settings\ruud\Application Data\GlarySoft

2009-11-16 11:56:20 ----D---- C:\Program Files\Glary Utilities

2009-11-15 12:06:02 ----HDC---- C:\windows\$NtUninstallKB969947$

2009-11-12 20:26:20 ----HDC---- C:\windows\$NtUninstallKB961503$

2009-11-07 11:26:45 ----D---- C:\Program Files\Windows Journal Viewer

2009-11-06 22:40:11 ----D---- C:\Program Files\Microsoft Silverlight

2009-11-06 22:32:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2009-11-06 22:22:53 ----D---- C:\Program Files\Microsoft

2009-11-06 22:20:44 ----D---- C:\Program Files\Windows Live SkyDrive

2009-11-06 22:05:40 ----D---- C:\Program Files\Common Files\Windows Live

2009-11-04 01:44:02 ----A---- C:\windows\system32\javaws.exe

2009-11-04 01:44:01 ----A---- C:\windows\system32\javaw.exe

2009-11-04 01:43:58 ----A---- C:\windows\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-12-01 23:43:48 ----D---- C:\windows\Prefetch

2009-12-01 23:43:27 ----D---- C:\windows\Temp

2009-12-01 20:18:10 ----D---- C:\windows\system32\CatRoot2

2009-12-01 20:18:08 ----SD---- C:\windows\Tasks

2009-12-01 20:17:03 ----D---- C:\Program Files\SPAMfighter

2009-12-01 20:13:54 ----A---- C:\windows\SchedLgU.Txt

2009-12-01 15:26:04 ----D---- C:\Documents and Settings\ruud\Application Data\Zipeg

2009-12-01 15:12:14 ----D---- C:\windows\Help

2009-11-30 15:40:47 ----D---- C:\Program Files\SpeedFan

2009-11-30 07:26:12 ----SHD---- C:\windows\Installer

2009-11-30 07:25:44 ----SHD---- C:\Config.Msi

2009-11-30 07:25:44 ----D---- C:\Program Files\Opera

2009-11-29 15:19:22 ----D---- C:\Program Files\a-squared Free

2009-11-27 14:20:20 ----D---- C:\windows\Microsoft.NET

2009-11-27 13:07:39 ----D---- C:\windows\system32

2009-11-27 12:29:59 ----D---- C:\Documents and Settings\ruud\Application Data\LimeWirePlus

2009-11-27 12:24:11 ----D---- C:\WINDOWS

2009-11-27 12:12:09 ----RSD---- C:\windows\assembly

2009-11-27 09:57:07 ----D---- C:\Program Files\Windows Live

2009-11-27 09:52:47 ----D---- C:\windows\system32\DirectX

2009-11-27 09:51:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-11-27 09:47:13 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-11-25 16:28:19 ----HD---- C:\windows\inf

2009-11-25 15:36:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-25 15:36:08 ----D---- C:\windows\Minidump

2009-11-25 15:15:51 ----A---- C:\windows\imsins.BAK

2009-11-25 15:15:19 ----RSHDC---- C:\windows\system32\dllcache

2009-11-25 15:12:21 ----HD---- C:\windows\$hf_mig$

2009-11-25 15:11:50 ----D---- C:\windows\WinSxS

2009-11-25 14:25:23 ----RD---- C:\Program Files

2009-11-20 19:27:18 ----A---- C:\windows\win.ini

2009-11-16 09:24:11 ----D---- C:\Program Files\Unlocker

2009-11-15 16:33:11 ----D---- C:\Program Files\Common Files

2009-11-15 12:10:16 ----D---- C:\windows\ie7updates

2009-11-15 12:03:56 ----D---- C:\windows\system32\CatRoot

2009-11-15 11:40:27 ----D---- C:\windows\system32\config

2009-11-15 11:39:54 ----D---- C:\windows\system32\wbem

2009-11-15 11:39:54 ----D---- C:\windows\Registration

2009-11-05 18:36:21 ----A---- C:\windows\system32\MRT.exe

2009-11-04 01:39:51 ----D---- C:\Program Files\Java

2009-11-02 20:42:06 ----N---- C:\windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2009-09-15 27408]

R1 AmdK8;Stuurprogramma voor AMD Athlon64-processor; C:\windows\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]

R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2009-09-15 114768]

R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2009-09-15 52368]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2009-01-31 27656]

R1 AvgTdiX;AVG8 Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2009-01-31 107272]

R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.sys []

R1 WmiAcpi;Microsoft Windows Beheerinterface voor ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2009-09-15 94160]

R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2004-02-02 100384]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2004-09-04 1268204]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\windows\system32\DRIVERS\Apfiltr.sys [2003-10-08 94601]

R3 Arp1394;1394 ARP-clientprotocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-09-15 23152]

R3 BCM43XX;Stuurprogramma voor BCM 802.11b netwerkadapter; C:\windows\system32\DRIVERS\bcmwl5.sys [2004-08-05 341760]

R3 btaudio;Bluetooth Audio Device; C:\windows\system32\drivers\btaudio.sys [2004-06-02 16896]

R3 BTDriver;Bluetooth Virtual Communications Driver; C:\windows\system32\DRIVERS\btport.sys [2004-06-02 30235]

R3 BTWDNDIS;Bluetooth LAN Access Server; C:\windows\system32\DRIVERS\btwdndis.sys [2004-06-02 147864]

R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\windows\System32\Drivers\btwusb.sys [2004-06-02 53816]

R3 CmBatt;Stuurprogramma voor Microsoft ACPI-besturingsmethode-accu; C:\windows\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 dfmirage;dfmirage; C:\windows\system32\DRIVERS\dfmirage.sys [2008-10-30 31896]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-05 13872]

R3 hidusb;Microsoft HID Class-stuurprogramma; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Stuurprogramma voor muis-HID; C:\windows\system32\DRIVERS\mouhid.sys [2004-08-04 12288]

R3 NIC1394;1394-stuurprogramma; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2004-04-08 1382634]

R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\windows\system32\DRIVERS\R8139n51.SYS [2003-10-24 46976]

R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2004-01-13 612032]

R3 tiumfwl;tiumfwl; C:\windows\system32\drivers\tiumfwl.sys [2003-02-19 42092]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S1 AvgLdx86;AVG AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]

S3 BthEnum;Stuurprogramma voor Bluetooth-aanvraagblok; C:\windows\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BTHMODEM;Communicatiestuurprogramma voor Bluetooth-modem; C:\windows\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]

S3 BthPan;Bluetooth-apparaat (PAN - Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Poortstuurprogramma voor Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-06-14 272640]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio's; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Closed Caption-decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video-verbinding; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]

S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]

S3 ovt519;TRUST 320 SPACEC@M; C:\windows\System32\Drivers\ov519vid.sys [2003-05-06 163072]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]

S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]

S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]

S3 WSTCODEC;World Standard Teletext-codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-11-15 1858144]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]

R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2008-04-14 14336]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-06-03 163840]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2004-04-08 73728]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2009-03-12 184968]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]

S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]

S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]

S3 aspnet_state;ASP.NET-statusservice; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 CobianBackupAmanita;Cobian Backup 9 service; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPodService;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-09 401408]

S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]

S3 TipCtrl;TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [2009-10-19 318088]

S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

2 december 2009 aangepast door ruud jansen

[kape]

Dit wat je HJT-logje betreft :

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - Global Startup: BTTray.lnk.disabled

O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk.disabled

O4 - Global Startup: Nokia Nseries PC Suite.lnk.disabled

Klik op 'Fix checked' om de items te verwijderen.

Mag aannemen dat alle items in je Host-files bewust aanwezig zijn ?

En dan hebben we nog die dubbele antivirusscanner : AVG en AVAST. Geen goed idee om deze samen te laten runnen.

[ruud jansen]

Hoi Kape,

Alvast bedankt voor de snelle reactie!

AVG is al een hele tijd geleden verwijderd; wat d'r nog instaat zijn niet meer werkende restanten.

De door jou aangegeven files zal ik eens verwijderen.

Ik ben benieuwd of WLM dan wel goed werkt.

Gr. Ruud

[kape]

En dat vraagje over die Host-files ? Neem aan dat dit wel OK is, maar dan weet je zelf ongetwijfeld waar deze vandaan komen ?

Ondertussen mag je ook het volgende nog even doen :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[ruud jansen]

Als ComboFix klaar is post ik het, is aant draaien.

---------- Post toegevoegd om 15:30 ---------- Vorige post was om 15:22 ----------

Hier is dan het log van Combofix:

ComboFix 09-12-02.01 - ruud 02-12-2009 15:07.1.1 - x86

Gestart vanuit: c:\documents and settings\ruud\Mijn documenten\downloads\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091202-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\ruud\Local Settings\Temporary Internet Files\bmp1320.tmp

c:\recycler\S-1-5-21-4364546919-5534997583-500861197-7402

c:\recycler\S-1-5-21-7338170345-1075603872-482753547-2650

c:\windows\system32\rpcss(2)(2).dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-02 to 2009-12-02 ))))))))))))))))))))))))))))))

.

2009-12-02 13:00 . 2009-12-02 13:20 -------- d-----w- c:\program files\Messenger Plus! Live

2009-12-02 12:38 . 2009-08-19 21:03 188416 ----a-w- c:\documents and settings\ruud\Application Data\Zipeg\100406\100407\A-Patch143b3_WLM9.exe

2009-12-02 07:17 . 2009-08-19 21:03 188416 ------w- c:\documents and settings\ruud\Application Data\Zipeg\100404\100405\A-Patch143b3_WLM9.exe

2009-12-02 06:49 . 2009-12-02 06:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-12-02 06:45 . 2009-12-02 06:50 -------- d-----w- c:\program files\Windows Live

2009-12-01 22:42 . 2009-12-01 22:45 -------- d-----w- C:\rsit

2009-12-01 12:41 . 2009-08-19 21:03 188416 ------w- c:\documents and settings\ruud\Application Data\Zipeg\100399\100401\A-Patch143b3_WLM9.exe

2009-11-25 14:43 . 2009-08-19 21:03 188416 ----a-w- c:\documents and settings\ruud\Application Data\Zipeg\100202\100203\A-Patch143b3_WLM9.exe

2009-11-25 13:25 . 2009-11-25 13:25 -------- d-----w- c:\program files\CCleaner

2009-11-18 10:48 . 2006-06-24 03:22 304722 ------w- c:\documents and settings\ruud\Application Data\Zipeg\100196\100197\messpatch-g4-80792.exe

2009-11-16 11:12 . 2009-11-16 11:12 -------- d-----w- c:\documents and settings\ruud\Application Data\GlarySoft

2009-11-16 10:56 . 2009-11-16 10:56 -------- d-----w- c:\program files\Glary Utilities

2009-11-15 10:39 . 2009-11-15 10:39 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-07 10:26 . 2009-11-07 10:26 -------- d-----w- c:\program files\Windows Journal Viewer

2009-11-06 22:05 . 2009-08-19 21:03 188416 ----a-w- c:\documents and settings\ruud\Application Data\Zipeg\100059\100062\A-Patch143b3_WLM9.exe

2009-11-06 21:44 . 2009-12-02 13:31 -------- d-----w- c:\documents and settings\ruud\Tracing

2009-11-06 21:40 . 2009-11-15 11:14 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-06 21:22 . 2009-11-06 21:38 -------- d-----w- c:\program files\Microsoft

2009-11-06 21:20 . 2009-11-06 21:20 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-11-06 21:05 . 2009-11-06 21:05 -------- d-----w- c:\program files\Common Files\Windows Live

2009-11-04 00:22 . 2009-11-04 00:22 152576 ----a-w- c:\documents and settings\ruud\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-04 00:22 . 2009-11-04 00:22 79488 ----a-w- c:\documents and settings\ruud\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-02 13:31 . 2009-05-14 17:20 -------- d-----w- c:\program files\SPAMfighter

2009-12-02 12:43 . 2008-12-12 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-02 12:38 . 2009-10-08 17:10 -------- d-----w- c:\documents and settings\ruud\Application Data\Zipeg

2009-11-30 14:40 . 2008-12-15 20:08 -------- d-----w- c:\program files\SpeedFan

2009-11-30 06:25 . 2008-12-19 18:16 -------- d-----w- c:\program files\Opera

2009-11-29 14:19 . 2008-12-23 00:07 -------- d-----w- c:\program files\a-squared Free

2009-11-28 10:00 . 2009-04-24 00:27 117760 ----a-w- c:\documents and settings\ruud\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-27 11:29 . 2008-12-17 13:42 -------- d-----w- c:\documents and settings\ruud\Application Data\LimeWirePlus

2009-11-18 02:01 . 2009-11-18 03:04 217596 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1043.dat

2009-11-16 08:24 . 2009-04-22 18:45 -------- d-----w- c:\program files\Unlocker

2009-11-04 00:39 . 2008-12-12 16:34 -------- d-----w- c:\program files\Java

2009-11-02 19:42 . 2009-10-03 00:18 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-26 12:35 . 2004-08-04 12:00 91018 ----a-w- c:\windows\system32\perfc013.dat

2009-10-26 12:35 . 2004-08-04 12:00 509462 ----a-w- c:\windows\system32\perfh013.dat

2009-10-23 12:14 . 2009-06-22 13:56 -------- d-----w- c:\program files\uTIPu

2009-10-21 13:45 . 2009-10-19 09:48 -------- d-----w- c:\program files\Screen Recorder

2009-10-20 10:38 . 2009-10-20 10:38 -------- d-----w- c:\program files\AviSynth 2.5

2009-10-20 10:34 . 2009-10-20 10:34 -------- d-----w- c:\program files\eRightSoft

2009-10-19 15:44 . 2009-10-19 15:44 -------- d-----w- c:\program files\NCH Swift Sound

2009-10-11 03:17 . 2008-12-12 16:47 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 17:10 . 2008-12-12 23:01 -------- d-----w- c:\program files\Zipeg

2009-10-08 17:08 . 2008-12-12 23:02 -------- d-----w- c:\documents and settings\ruud\Application Data\com.zipeg

2009-09-17 18:59 . 2009-01-25 10:03 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-09-15 10:59 . 2009-04-20 12:13 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-15 10:56 . 2009-04-20 12:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-09-15 10:56 . 2009-04-20 12:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-09-15 10:55 . 2009-04-20 12:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-15 10:55 . 2009-04-20 12:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-15 10:54 . 2009-04-20 12:15 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-15 10:54 . 2009-04-20 12:15 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-15 10:53 . 2009-04-20 12:15 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-09-15 10:53 . 2009-04-20 12:14 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-11 14:20 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 12:54 . 2008-12-21 14:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2008-12-21 14:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 21:05 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2006-05-03 09:06 . 2009-10-20 10:35 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 . 2009-10-20 10:35 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 . 2009-10-20 10:35 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-12-02 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe update delay 60" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-09-04 88363]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 13:56 352256 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-01-31 07:23 10520 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Apoint"=c:\program files\Apoint2K\Apoint.exe

"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe

"eabconfg.cpl"=c:\program files\HPQ\Quick Launch Buttons\EabServr.exe /Start

"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"nwiz"=nwiz.exe /install

"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

"Cobian Backup 9 interface"="c:\program files\Cobian Backup 9\cbInterface.exe" -service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\WinMX\\WinMX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20-4-2009 1:14 PM 114768]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12-12-2008 5:19 PM 107272]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4-12-2008 1:50 PM 8944]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [4-12-2008 1:50 PM 55024]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [23-12-2008 1:07 AM 1858144]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20-4-2009 1:14 PM 20560]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-3-2009 9:44 AM 184968]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 7:19 PM 13592]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [30-10-2008 12:05 AM 31896]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12-12-2008 5:19 PM 325128]

S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14-12-2008 8:19 AM 903960]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14-12-2008 8:19 AM 298264]

S3 CobianBackupAmanita;Cobian Backup 9 service;c:\program files\Cobian Backup 9\cbService.exe [10-7-2009 6:07 PM 583168]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4-12-2008 1:50 PM 7408]

S3 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [19-10-2009 7:45 PM 318088]

.

Inhoud van de 'Gedeelde Taken' map

2009-12-02 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-11-16 09:21]

2009-12-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\ruud\Application Data\Mozilla\Firefox\Profiles\h5q3apzr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-Broadcom 802.11b Network Adapter - c:\windows\system32\BCMWLU00.exe verbose

AddRemove-NVIDIA nForce Drivers - c:\windows\system32\nvuninst.exe Uninstall

AddRemove-SPAMfighter - c:\program files\SPAMfighter\uninstall.exe Remove

AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-02 15:22

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(764)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Voltooingstijd: 2009-12-02 15:26

ComboFix-quarantined-files.txt 2009-12-02 14:26

Pre-Run: 62.105.796.608 bytes beschikbaar

Post-Run: 64.400.699.392 bytes beschikbaar

- - End Of File - - 0F4B8E00CB728510CD0C8E497AB0BE10

[ruud jansen]

Wat ik trouwens zo vreselijk vreemd vind, is dat ik op beide pc's (die overigens niet gekoppeld zijn, dus los van elkaar functioneren) het probleem heb dat WLM ineens wegvalt of vastslaat terwijl ik d'r op internet niets over tegenkom.

[kape]

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\avgtdix.sys

c:\windows\system32\drivers\avgldx86.sys

c:\program files\AVG\AVG8\avgemc.exe

c:\program files\AVG\AVG8\avgwdsvc.exe

Folder::

c:\program files\AVG

Driver::

AvgLdx86

AvgTdiX

avg8emc

avg8wd

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AVG8_TRAY"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat dan even weten hoe het met de problemen staat ?

[ruud jansen]

Volgens Combofix is AVG inderdaad nog op de een of andere manier actief; dit is dan al zeker een jaar het geval, al van ver voor de problemen met WLM; deze zijn er pas sinds sinds de update van 8.5 naar 9.

Combofix is nu opnieuw aan't scannen; ik post het nieuwe log hier wel.

Of de problemen nu zijn opgelost, kan ik pas na verloop van tijd zeggen; soms slaat WLM binnen een half uur vast, soms gaat het ook 12 uur goed...

2 december 2009 aangepast door ruud jansen