Spyware striker pro

[HVA]

Inderdaad, ik had eerst op uitvoeren geklikt. Hieronder de beide logs.

Nogmaals bedankt!!

ComboFix 10-01-28.05 - krikke 29/01/2010 9:41.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.204 [GMT 1:00]

Gestart vanuit: c:\documents and settings\krikke\Mijn documenten\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\krikke\LOCALS~1\Temp\jna5504723313127421780.tmp

c:\documents and settings\krikke\err.log

c:\documents and settings\krikke\Local Settings\Temp\jna5504723313127421780.tmp

c:\program files\INSTAFINK

c:\program files\INSTAFINK\Cache\ErrorLog.txt

c:\program files\INSTAFINK\Cache\instafinktb0302.cfg

c:\program files\INSTAFINK\InstaFinderK_inst.exe

c:\program files\INSTAFINK\Uninstall.exe

c:\windows\system32\setup.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))))

.

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\documents and settings\krikke\Application Data\Malwarebytes

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-01-27 12:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-27 12:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-27 07:40 . 2010-01-27 07:40 -------- d-----w- c:\program files\TrendMicro

2010-01-23 18:29 . 2010-01-23 18:29 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-01-23 18:28 . 2010-01-23 18:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert

2010-01-23 18:28 . 2010-01-23 18:28 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2010-01-23 18:27 . 2010-01-23 18:27 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-01-23 17:15 . 2010-01-23 17:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-23 17:13 . 2010-01-23 17:13 -------- d-----w- c:\documents and settings\krikke\Local Settings\Application Data\Threat Expert

2010-01-23 15:41 . 2010-01-23 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt Software

2010-01-23 15:41 . 2010-01-23 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ascentive

2010-01-23 15:37 . 2009-10-06 10:27 86016 ----a-w- c:\windows\system32\SQLiteWrapper.dll

2010-01-23 15:37 . 2009-10-06 10:27 223232 ----a-w- c:\windows\system32\sqlite3.dll

2010-01-23 15:37 . 2009-10-06 10:27 32768 ----a-w- c:\windows\system32\Password.dll

2010-01-23 15:22 . 2009-10-06 10:27 307200 ----a-w- c:\windows\system32\AscSQLite.dll

2010-01-23 15:22 . 2008-11-06 15:04 36864 ----a-w- c:\windows\system32\ascbalon.dll

2010-01-23 15:22 . 2009-10-06 10:27 217088 ----a-w- c:\windows\system32\AscConTest.dll

2010-01-23 15:21 . 2010-01-27 12:23 -------- d-----w- c:\program files\Ascentive

2010-01-20 16:27 . 2010-01-28 19:41 -------- d--h--r- c:\documents and settings\krikke\Onlangs geopend

2010-01-20 16:05 . 2010-01-20 16:05 -------- d-----w- c:\program files\Fighters

2010-01-13 12:07 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-29 08:59 . 2007-08-17 14:48 -------- d-----w- c:\documents and settings\krikke\Application Data\LimeWire

2010-01-27 07:41 . 2010-01-27 07:41 388096 ----a-r- c:\documents and settings\krikke\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-26 16:34 . 2005-02-05 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-26 08:15 . 2009-02-02 14:48 98304 ----a-w- c:\windows\DUMP5505.tmp

2010-01-24 00:49 . 2009-10-27 11:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp

2010-01-21 19:01 . 2009-11-10 07:11 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 19:40 . 2006-07-21 14:24 -------- d-----w- c:\program files\Google

2010-01-10 22:46 . 2009-11-26 20:25 -------- d-----w- c:\program files\LimeWire

2009-12-21 19:10 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-14 21:26 . 2004-08-04 12:00 477390 ----a-w- c:\windows\system32\perfc013.dat

2009-12-14 21:26 . 2004-08-04 12:00 1275696 ----a-w- c:\windows\system32\perfh013.dat

2009-12-14 21:18 . 2009-12-14 21:18 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2009-12-14 21:18 . 2009-12-14 21:18 1936 ----a-w- c:\windows\system32\drivers\PAGEDFRG.SYS

2009-11-26 20:47 . 2009-11-26 20:47 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-26 20:45 . 2009-11-26 20:45 152576 ----a-w- c:\documents and settings\krikke\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-26 20:44 . 2009-11-26 20:26 79488 ----a-w- c:\documents and settings\krikke\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-06 15:46 . 2009-11-06 15:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-11-06 15:46 . 2009-11-06 15:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-06 15:46 . 2009-11-06 15:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-06 15:46 . 2009-11-06 15:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-06 15:46 . 2009-11-06 15:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-06 15:45 . 2009-11-06 15:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2009-11-06 15:45 . 2009-11-06 15:45 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2009-02-13 22:30 . 2009-02-13 22:30 5162 ----a-w- c:\program files\r1200rt (100 x 75).jpg

2009-02-13 22:28 . 2009-02-13 22:25 3060 ----a-w- c:\program files\154 (90 x 75).jpg

2007-04-03 15:08 . 2007-04-03 15:08 2285 ----a-w- c:\program files\Poda Island (80 x 68).jpg

2007-04-03 15:07 . 2007-04-03 15:04 3211 ----a-w- c:\program files\1601 (80 x 80).jpg

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VoipStunt"="c:\program files\voipstunt.com\voipstunt\voipstunt.exe" [2009-11-28 9109296]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2009-11-10 3239936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]

"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2004-07-24 405504]

"JMAP5289"="c:\program files\ULI5289\JMAP5289.exe" [2004-07-19 28672]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-06-02 77824]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"VMSnap3"="c:\windows\VMSnap3.EXE" [2007-01-08 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]

"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-26 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\krikke\Menu Start\Programma's\Opstarten\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearch.exe [2005-9-20 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 15:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\Sop Cast\\SopCast.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [5/02/2005 22:06 7040]

R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [5/02/2005 22:06 7168]

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [22/07/2009 17:23 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/11/2009 16:46 12552]

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [5/02/2005 21:56 49101]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [5/02/2005 17:50 44928]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/11/2009 16:46 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/11/2009 16:46 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/11/2009 16:46 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2009 16:46 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [6/11/2009 16:46 1370488]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [22/07/2009 17:23 5641736]

R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [22/07/2009 17:23 571912]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/03/2009 15:20 54752]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [6/11/2009 16:45 29208]

R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [22/07/2009 17:23 121352]

R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [22/07/2009 17:23 30216]

R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [22/07/2009 17:23 27232]

R3 JM5289;JM5289;\??\c:\documents and settings\krikke\JM5289.sys --> c:\documents and settings\krikke\JM5289.sys [?]

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [5/02/2005 22:04 29696]

R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [17/08/2007 9:53 428160]

S2 gupdate1c98e18712b2202;Google Updateservice (gupdate1c98e18712b2202);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 21:19 133104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [6/11/2009 16:45 29208]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [24/06/2009 10:16 114304]

S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 22:48 704864]

.

Inhoud van de 'Gedeelde Taken' map

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:19]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:19]

2010-01-27 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-29 c:\windows\Tasks\SLOW-PCfighter-krikke-Startup.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-01-18 14:00]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.nieuwsblad.be/index.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title = Telenet Internet

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll/search.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: Dexia netbanking - hxxp://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab

DPF: Microsoft XML Parser for Java

.

- - - - ORPHANS VERWIJDERD - - - -

Notify-WgaLogon - (no file)

SafeBoot-SBAMSvc

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-01-29 09:57

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\documents and settings\krikke\Application Data\LimeWire\mozilla-profile\parent.lock 0 bytes

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(928)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3624)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\windows\SOUNDMAN.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe

c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearchIndexer.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Voltooingstijd: 2010-01-29 10:10:35 - machine werd herstart

ComboFix-quarantined-files.txt 2010-01-29 09:10

Pre-Run: 175.359.086.592 bytes beschikbaar

Post-Run: 175.459.717.120 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F732C76363E16E7FAE8825B25D4DE89C

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 10:17:08, on 29/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\ULI5289\ALi5289.exe

C:\Program Files\ULI5289\JMAP5289.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\VMSnap3.EXE

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\program files\voipstunt.com\voipstunt\voipstunt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Ascentive\Performance Center\ApcMain.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearch.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearchIndexer.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe

O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll/search.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be

O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136568899265

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://tools.ebay.be/easylister/components/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

O23 - Service: Google Updateservice (gupdate1c98e18712b2202) (gupdate1c98e18712b2202) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 11041 bytes

[kape]

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\DUMP5505.tmp

Folder::

c:\documents and settings\All Users\Application Data\Ascentive

c:\program files\Ascentive

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Performance Center"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[HVA]

De beide logjes:

ComboFix 10-01-28.05 - krikke 29/01/2010 11:25:22.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.198 [GMT 1:00]

Gestart vanuit: c:\documents and settings\krikke\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\krikke\Bureaublad\CFScript.txt..txt

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

FILE ::

"c:\windows\DUMP5505.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\krikke\LOCALS~1\Temp\jna8065030466398609717.tmp

c:\documents and settings\All Users\Application Data\Ascentive

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\APConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\AutoUpdater\SPSDD.csv

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\AutoUpdater\SPSDDActivity.log

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\CountScans.XML

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\EmailAVConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012316444001.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012316544202.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012317090903.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012318581800.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012401500601.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012401500702.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012408324400.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012408373100.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012501085801.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012501085902.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012510445800.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012607581900.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012608150000.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012608313500.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012608420700.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012609190000.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012610194100.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012617353800.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012708052800.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Events\EV2010012713145901.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\History\20100123170902.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Logs\SBAMSvcLog.csv

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\Logs\Spyware Striker Pro.csv

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\RegistrationConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\ScanConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\ServiceConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\SoftwareUpdateConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\ThreatDefinitionsConfig.xml

c:\documents and settings\All Users\Application Data\Ascentive\AntiMalware\WSCConfig.xml

c:\documents and settings\krikke\Local Settings\Temp\jna8065030466398609717.tmp

c:\program files\Ascentive

c:\program files\Ascentive\Performance Center\APCLang.dll

c:\program files\Ascentive\Performance Center\ApcMain.exe

c:\program files\Ascentive\Performance Center\GUID

c:\program files\Ascentive\Performance Center\SOUND.WAV

c:\program files\Ascentive\Performance Centertemp.htm

c:\windows\DUMP5505.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))))

.

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\documents and settings\krikke\Application Data\Malwarebytes

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-01-27 12:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-27 12:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-27 07:40 . 2010-01-27 07:40 -------- d-----w- c:\program files\TrendMicro

2010-01-23 18:29 . 2010-01-23 18:29 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-01-23 18:28 . 2010-01-23 18:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert

2010-01-23 18:28 . 2010-01-23 18:28 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2010-01-23 18:27 . 2010-01-23 18:27 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-01-23 17:15 . 2010-01-23 17:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-23 17:13 . 2010-01-23 17:13 -------- d-----w- c:\documents and settings\krikke\Local Settings\Application Data\Threat Expert

2010-01-23 15:41 . 2010-01-23 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt Software

2010-01-23 15:37 . 2009-10-06 10:27 86016 ----a-w- c:\windows\system32\SQLiteWrapper.dll

2010-01-23 15:37 . 2009-10-06 10:27 223232 ----a-w- c:\windows\system32\sqlite3.dll

2010-01-23 15:37 . 2009-10-06 10:27 32768 ----a-w- c:\windows\system32\Password.dll

2010-01-23 15:22 . 2009-10-06 10:27 307200 ----a-w- c:\windows\system32\AscSQLite.dll

2010-01-23 15:22 . 2008-11-06 15:04 36864 ----a-w- c:\windows\system32\ascbalon.dll

2010-01-23 15:22 . 2009-10-06 10:27 217088 ----a-w- c:\windows\system32\AscConTest.dll

2010-01-20 16:27 . 2010-01-29 10:19 -------- d--h--r- c:\documents and settings\krikke\Onlangs geopend

2010-01-20 16:05 . 2010-01-20 16:05 -------- d-----w- c:\program files\Fighters

2010-01-13 12:07 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\documents and settings\krikke\jm5289.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-29 10:41 . 2007-08-17 14:48 -------- d-----w- c:\documents and settings\krikke\Application Data\LimeWire

2010-01-27 07:41 . 2010-01-27 07:41 388096 ----a-r- c:\documents and settings\krikke\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-26 16:34 . 2005-02-05 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-24 00:49 . 2009-10-27 11:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp

2010-01-21 19:01 . 2009-11-10 07:11 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 19:40 . 2006-07-21 14:24 -------- d-----w- c:\program files\Google

2010-01-10 22:46 . 2009-11-26 20:25 -------- d-----w- c:\program files\LimeWire

2009-12-21 19:10 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-14 21:26 . 2004-08-04 12:00 477390 ----a-w- c:\windows\system32\perfc013.dat

2009-12-14 21:26 . 2004-08-04 12:00 1275696 ----a-w- c:\windows\system32\perfh013.dat

2009-12-14 21:18 . 2009-12-14 21:18 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2009-12-14 21:18 . 2009-12-14 21:18 1936 ----a-w- c:\windows\system32\drivers\PAGEDFRG.SYS

2009-11-26 20:47 . 2009-11-26 20:47 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-26 20:45 . 2009-11-26 20:45 152576 ----a-w- c:\documents and settings\krikke\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-26 20:44 . 2009-11-26 20:26 79488 ----a-w- c:\documents and settings\krikke\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-21 16:03 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-06 15:46 . 2009-11-06 15:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-11-06 15:46 . 2009-11-06 15:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-06 15:46 . 2009-11-06 15:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-06 15:46 . 2009-11-06 15:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-06 15:46 . 2009-11-06 15:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-06 15:45 . 2009-11-06 15:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2009-11-06 15:45 . 2009-11-06 15:45 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2009-02-13 22:30 . 2009-02-13 22:30 5162 ----a-w- c:\program files\r1200rt (100 x 75).jpg

2009-02-13 22:28 . 2009-02-13 22:25 3060 ----a-w- c:\program files\154 (90 x 75).jpg

2007-04-03 15:08 . 2007-04-03 15:08 2285 ----a-w- c:\program files\Poda Island (80 x 68).jpg

2007-04-03 15:07 . 2007-04-03 15:04 3211 ----a-w- c:\program files\1601 (80 x 80).jpg

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VoipStunt"="c:\program files\voipstunt.com\voipstunt\voipstunt.exe" [2009-11-28 9109296]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]

"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2004-07-24 405504]

"JMAP5289"="c:\program files\ULI5289\JMAP5289.exe" [2004-07-19 28672]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-06-02 77824]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"VMSnap3"="c:\windows\VMSnap3.EXE" [2007-01-08 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]

"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-26 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\krikke\Menu Start\Programma's\Opstarten\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearch.exe [2005-9-20 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-06 15:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\Sop Cast\\SopCast.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [5/02/2005 22:06 7040]

R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [5/02/2005 22:06 7168]

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [22/07/2009 17:23 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/11/2009 16:46 12552]

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [5/02/2005 21:56 49101]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [5/02/2005 17:50 44928]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/11/2009 16:46 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/11/2009 16:46 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/11/2009 16:46 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/11/2009 16:46 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [6/11/2009 16:46 1370488]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [22/07/2009 17:23 5641736]

R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [22/07/2009 17:23 571912]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/03/2009 15:20 54752]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [6/11/2009 16:45 29208]

R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [22/07/2009 17:23 121352]

R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [22/07/2009 17:23 30216]

R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [22/07/2009 17:23 27232]

R3 JM5289;JM5289;\??\c:\documents and settings\krikke\JM5289.sys --> c:\documents and settings\krikke\JM5289.sys [?]

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [5/02/2005 22:04 29696]

R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [17/08/2007 9:53 428160]

S2 gupdate1c98e18712b2202;Google Updateservice (gupdate1c98e18712b2202);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 21:19 133104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [6/11/2009 16:45 29208]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [24/06/2009 10:16 114304]

S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 22:48 704864]

.

Inhoud van de 'Gedeelde Taken' map

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:19]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:19]

2010-01-27 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-29 c:\windows\Tasks\SLOW-PCfighter-krikke-Startup.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-01-18 14:00]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.nieuwsblad.be/index.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title = Telenet Internet

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll/search.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: Dexia netbanking - hxxp://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab

DPF: Microsoft XML Parser for Java

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-01-29 11:39

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(928)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2960)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\windows\SOUNDMAN.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe

c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearchIndexer.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Voltooingstijd: 2010-01-29 11:52:15 - machine werd herstart

ComboFix-quarantined-files.txt 2010-01-29 10:52

ComboFix2.txt 2010-01-29 09:10

Pre-Run: 175.450.079.232 bytes beschikbaar

Post-Run: 175.412.846.592 bytes beschikbaar

- - End Of File - - D9F810AFFF070482260B7CD1837CBA9E

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 11:56:08, on 29/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ULI5289\ALi5289.exe

C:\Program Files\ULI5289\JMAP5289.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\VMSnap3.EXE

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

C:\program files\voipstunt.com\voipstunt\voipstunt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearch.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearchIndexer.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe

O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-be\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\nl-be\msntb.dll/search.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be

O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136568899265

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://tools.ebay.be/easylister/components/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

O23 - Service: Google Updateservice (gupdate1c98e18712b2202) (gupdate1c98e18712b2202) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 10947 bytes

[kape]

Dit ziet er goed uit Nog problemen met ongewenste opstartende programma's van Ascentive ?

[HVA]

Neen, geen opstartende programma's van ascentive meer. Nogmaals bedankt!!

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !