Ga naar inhoud

problemen met internetexplorer en hangup computer


Jion

Aanbevolen berichten

ComboFix 12-06-08.01 - mike 08-06-2012 16:57:47.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.830 [GMT 2:00]

Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-08 to 2012-06-08 ))))))))))))))))))))))))))))))

.

.

2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro

2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java

2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle

2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java

2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll

2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx

2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll

2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx

2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx

2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache

2012-06-05 12:04 . 2012-06-08 14:57 -------- d-----w- C:\QUARANTINE

2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle

2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee

2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee

2012-06-05 10:45 . 2012-06-05 10:45 -------- d-----w- c:\program files\AVG Secure Search

2012-06-05 10:28 . 2012-06-08 12:05 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend

2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW

2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET

2012-06-04 12:41 . 2012-06-04 12:41 -------- d-----w- c:\documents and settings\mike\Application Data\AVG2012

2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search

2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\documents and settings\mike\Application Data\AVG Secure Search

2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-06-04 12:38 . 2012-06-05 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-06-04 12:37 . 2012-06-08 09:05 -------- d-----w- c:\program files\AVG

2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE

2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache

2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8

2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter

2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon

2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll

2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll

2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll

2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll

2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll

2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL

2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING

2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL

2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL

2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon

2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip

2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip

2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-07_09.44.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-08 14:38 . 2012-06-08 14:38 16384 c:\windows\Temp\Perflib_Perfdata_4f0.dat

- 2003-08-04 13:12 . 2011-12-01 11:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2003-08-04 13:12 . 2012-06-07 13:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2003-08-04 13:12 . 2012-06-07 13:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2003-08-04 13:12 . 2011-12-01 11:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2003-08-04 13:12 . 2011-12-01 11:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2012-06-07 13:10 . 2012-06-07 13:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2012-06-07 12:35 . 2012-06-07 12:35 19968 c:\windows\Installer\3e552.msi

+ 2012-06-07 13:04 . 2012-06-07 13:04 22016 c:\windows\Installer\1c47d1.msi

+ 2012-06-07 12:59 . 2012-06-07 12:59 24064 c:\windows\Installer\1c47ca.msi

+ 2012-06-05 09:20 . 2012-06-07 12:40 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\Acrofx32.dll

+ 2007-03-22 17:07 . 2007-03-22 17:07 78168 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\RM.DLL

+ 2007-03-22 17:07 . 2007-03-22 17:07 41824 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL

+ 2007-03-22 17:05 . 2007-03-22 17:05 97632 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL

+ 2007-04-19 11:53 . 2007-04-19 11:53 69984 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL

+ 2007-03-22 17:13 . 2007-03-22 17:13 23904 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL

+ 2007-03-22 17:07 . 2007-03-22 17:07 80224 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL

+ 2007-03-22 17:07 . 2007-03-22 17:07 91488 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL

- 2012-06-05 09:20 . 2012-06-06 01:08 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-09-03 09:51 . 2009-09-03 09:51 630784 c:\windows\Installer\3e5cc.msp

+ 2007-10-06 06:45 . 2007-10-06 06:45 203264 c:\windows\Installer\3e4ee.msp

+ 2008-07-28 12:45 . 2008-07-28 12:45 162304 c:\windows\Installer\3e476.msp

+ 2010-11-12 10:13 . 2010-11-12 10:13 883712 c:\windows\Installer\3e461.msp

+ 2012-06-05 09:20 . 2012-06-07 12:40 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2012-06-05 09:20 . 2012-06-07 12:40 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2012-06-05 09:20 . 2012-06-06 01:08 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\a3dutils.dll

+ 2007-03-22 17:22 . 2007-03-22 17:22 103264 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL

+ 2007-05-10 11:34 . 2007-05-10 11:34 562528 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL

+ 2007-05-31 11:36 . 2007-05-31 11:36 612184 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL

+ 2007-05-31 11:35 . 2007-05-31 11:35 133976 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL

+ 2007-04-19 11:53 . 2007-04-19 11:53 149856 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL

+ 2007-05-31 11:42 . 2007-05-31 11:42 200032 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE

+ 2007-04-19 11:53 . 2007-04-19 11:53 106336 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL

+ 2007-04-19 11:53 . 2007-04-19 11:53 109408 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL

+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL

+ 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL

+ 2007-04-19 11:54 . 2007-04-19 11:54 183136 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL

+ 2012-06-06 01:06 . 2012-06-06 01:06 103776 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL

+ 2007-04-19 11:53 . 2007-04-19 11:53 127328 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL

+ 2007-04-19 12:09 . 2007-04-19 12:09 167256 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL

+ 2007-04-19 11:53 . 2007-04-19 11:53 137568 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL

+ 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL

+ 2003-07-15 09:18 . 2003-07-15 09:18 141360 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.5614\ATP.DLL

+ 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2012-06-07 12:29 . 2012-06-07 12:29 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2009-08-04 17:52 . 2009-08-04 17:52 1193832 c:\windows\system32\FM20.DLL

+ 2012-01-30 18:46 . 2012-01-30 18:46 7069184 c:\windows\Installer\4081908.msp

+ 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\4081907.msp

+ 2010-08-05 10:59 . 2010-08-05 10:59 4033536 c:\windows\Installer\3e63a.msp

+ 2009-10-16 16:07 . 2009-10-16 16:07 6115328 c:\windows\Installer\3e618.msp

+ 2010-10-22 13:45 . 2010-10-22 13:45 8444928 c:\windows\Installer\3e602.msp

+ 2009-08-20 03:02 . 2009-08-20 03:02 5204992 c:\windows\Installer\3e5b7.msp

+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\3e5a0.msp

+ 2009-07-01 11:21 . 2009-07-01 11:21 8891904 c:\windows\Installer\3e585.msp

+ 2012-01-30 18:46 . 2012-01-30 18:46 7069184 c:\windows\Installer\3e56b.msp

+ 2008-01-14 14:53 . 2008-01-14 14:53 5213696 c:\windows\Installer\3e569.msp

+ 2011-05-17 16:28 . 2011-05-17 16:28 6862848 c:\windows\Installer\3e54b.msp

+ 2011-04-29 11:04 . 2011-04-29 11:04 5053440 c:\windows\Installer\3e535.msp

+ 2009-12-16 20:58 . 2009-12-16 20:58 5382144 c:\windows\Installer\3e51d.msp

+ 2012-04-09 14:50 . 2012-04-09 14:50 6829568 c:\windows\Installer\3e504.msp

+ 2012-03-19 20:02 . 2012-03-19 20:02 6695936 c:\windows\Installer\3e4e7.msp

+ 2008-10-25 07:15 . 2008-10-25 07:15 6227456 c:\windows\Installer\3e4d1.msp

+ 2011-10-31 10:37 . 2011-10-31 10:37 4146688 c:\windows\Installer\3e4bb.msp

+ 2011-05-23 12:15 . 2011-05-23 12:15 3617792 c:\windows\Installer\3e48c.msp

+ 2010-08-25 15:06 . 2010-08-25 15:06 6479360 c:\windows\Installer\3e448.msp

+ 2012-04-17 10:11 . 2012-04-17 10:11 7681024 c:\windows\Installer\3e432.msp

+ 2010-03-30 10:34 . 2010-03-30 10:34 3826688 c:\windows\Installer\3e41c.msp

+ 2012-01-30 18:46 . 2012-01-30 18:46 7069184 c:\windows\Installer\25c623d.msp

+ 2012-06-07 12:58 . 2012-06-07 12:58 2309120 c:\windows\Installer\1c47c0.msi

+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32.exe

+ 2007-05-09 15:19 . 2007-05-09 15:19 2585936 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL

+ 2007-04-19 11:49 . 2007-04-19 11:49 1661280 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE

+ 2007-05-31 11:35 . 2007-05-31 11:35 6420320 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE

+ 2007-05-10 11:45 . 2007-05-10 11:45 8069464 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL

+ 2007-03-14 11:10 . 2007-03-14 11:10 7255384 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL

+ 2007-05-31 11:43 . 2007-05-31 11:43 7613280 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL

+ 2007-04-19 12:09 . 2007-04-19 12:09 1061720 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL

+ 2007-05-10 11:35 . 2007-05-10 11:35 6747480 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE

+ 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE

+ 2007-04-30 12:57 . 2007-04-30 12:57 7084384 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE

+ 2007-06-06 08:53 . 2007-06-06 08:53 1195888 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\FM20.DLL

+ 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\40818fa.msp

+ 2011-07-26 14:33 . 2011-07-26 14:33 10984448 c:\windows\Installer\3e5e2.msp

+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\3e5a1.msp

+ 2009-07-01 11:19 . 2009-07-01 11:19 10607104 c:\windows\Installer\3e586.msp

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\3e553.msp

+ 2012-03-28 16:10 . 2012-03-28 16:10 12098048 c:\windows\Installer\3e4a2.msp

+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\3514a.msp

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\25c623a.msp

+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32.dll

+ 2007-05-31 11:37 . 2007-05-31 11:37 12310368 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE

+ 2007-06-18 15:16 . 2007-06-18 15:16 12259160 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSO.DLL

+ 2007-05-31 11:41 . 2007-05-31 11:41 10352472 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

.

d:\menu start\Programma's\Opstarten\

WindowsUpdate56629[1].exe [2004-11-9 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"win-xp"=winis.exe

"nwiz"=nwiz.exe /installquiet

"ATIModeChange"=Ati2mdxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4-6-2012 14:39 932736]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696]

S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]

S3 efipsk;efipsk;\??\c:\docume~1\mike\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\mike\LOCALS~1\Temp\efipsk.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664]

S3 kaspersky1;kaspersky1;\??\c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys --> c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: getmirar.com\click

Trusted Zone: mirarsearch.com\click

Trusted Zone: mirarsearch.com\redirect

Trusted Zone: net-nucleus.com\awbeta

TCP: DhcpNameServer = 192.168.2.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-08 17:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1,

83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\

"??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*]

"datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81,

f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\

"rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(716)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(1472)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-06-08 17:11:00

ComboFix-quarantined-files.txt 2012-06-08 15:10

ComboFix2.txt 2012-06-07 09:52

.

- - End Of File - - 59F5CE745071518396A894518D6A7156

Er zitten inderdaad nog steeds onderdelen van Norton en AVG in je log, volledig verwijderd zullen deze dus nog niet zijn.

Gebruik voor beiden eerst deze Removal Tools :

- Norton Removal Tool

- AVG Removal Tool

Link naar reactie
Delen op andere sites

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

d:\menu start\Programma's\Opstarten\indowsUpdate56629[1].exe

c:\windows\album95.zip

c:\windows\album77.zip

Folder::

c:\documents and settings\mike\Application Data\AVG2012

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search

c:\documents and settings\mike\Application Data\AVG Secure Search

c:\documents and settings\All Users\Application Data\AVG Secure Search

c:\program files\Common Files\AVG Secure Search

c:\documents and settings\All Users\Application Data\AVG2012

c:\program files\AVG

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::

efipsk

vToolbarUpdater11.0.2

DDS::

Trusted Zone: getmirar.com\click

Trusted Zone: mirarsearch.com\click

Trusted Zone: mirarsearch.com\redirect

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:35:38, on 9-6-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Startup: WindowsUpdate56629[1].exe

O4 - User Startup: WindowsUpdate56629[1].exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 5181 bytes

ComboFix 12-06-08.01 - mike 09-06-2012 17:12:46.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.787 [GMT 2:00]

Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

FILE ::

"c:\windows\album77.zip"

"c:\windows\album95.zip"

"d:\menu start\Programma's\Opstarten\indowsUpdate56629[1].exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\AVG Secure Search

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome.manifest

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome\avg.jar

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\components\toolbarhomeApi.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\icon.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\install.rdf

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avg.xml

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avgJsm.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Bindings.xml

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.css

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.xul

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\HistoryCleaner.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\IOJsm.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Preferences.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\propertiesJsm.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\about.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\active-threats18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\ajax-loader.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\calc.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\CleanHistory.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\close.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\current.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\currently-safe18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\Facebook.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedback.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedicon.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\help.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon_search.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\information-24.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\labs.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\loader.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\note.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\questionmarkIcon.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\search.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\SecuredSearch.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\speed-test.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\surf-with-caution18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\updating18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\weather.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\window-close.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\windows.png

c:\documents and settings\All Users\Application Data\AVG2012

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\admin.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\advisor.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\changecfgreg.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\csl.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\erd.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\except.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\idp2.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\krnl.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mail.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrv.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrvvsapi.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\malrep.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\rsexcludes.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\scan.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\sched.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\setup.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\spsrv.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\update.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\updatecomps.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\user.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\falsealarm.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\krnlall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\pctuneupall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\srmall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\updateall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\userall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\md5Cache.dat

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\quarantinedList.zip

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\ShortcutCache.dat

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\userList.zip

c:\documents and settings\All Users\Application Data\AVG2012\log\avgadvisor.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfgex.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.6

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgemc.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgexc.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagentremoved.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgldr.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.6

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrkt.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgscan.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.6

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrmac.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log

c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log

c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\history.xml

c:\documents and settings\All Users\Application Data\AVG2012\log\vault.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\scanlogs\srm.idx

c:\documents and settings\mike\Application Data\AVG Secure Search

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\287204568329e189.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47__exp__1338908414

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\2c53092c95605355.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60__exp__1338908417

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\3917078cb68ec657.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3__exp__1338908413

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766__exp__1338981356

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3__exp__1338908418

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701__exp__1338908418

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d2e94710a5708128.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d79b9dfe81484ec4.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee__exp__1338908418

c:\documents and settings\mike\Application Data\AVG2012

c:\documents and settings\mike\Application Data\AVG2012\cfgall\usergui.cfg

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_04_05_40_27.db

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_06_04_17_27.db

c:\program files\Common Files\AVG Secure Search

c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.0.2\CommonInstaller.exe

c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini

c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.0.2\ScriptHelper.exe

c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll

c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll

c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.0.2\toolband

c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\UpdaterConfig.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_EFIPSK

-------\Legacy_VTOOLBARUPDATER11.0.2

-------\Service_efipsk

-------\Service_vToolbarUpdater11.0.2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-09 to 2012-06-09 ))))))))))))))))))))))))))))))

.

.

2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro

2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java

2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle

2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java

2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll

2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx

2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll

2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx

2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx

2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache

2012-06-05 12:04 . 2012-06-09 15:12 -------- d-----w- C:\QUARANTINE

2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle

2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee

2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee

2012-06-05 10:45 . 2012-06-05 10:45 -------- d-----w- c:\program files\AVG Secure Search

2012-06-05 10:28 . 2012-06-09 15:03 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend

2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW

2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET

2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE

2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache

2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8

2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter

2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon

2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll

2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll

2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll

2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll

2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll

2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL

2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING

2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL

2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL

2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon

2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip

2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip

2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-06-08_15.08.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-09 15:26 . 2012-06-09 15:26 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20d7b7f.msp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

.

d:\menu start\Programma's\Opstarten\

WindowsUpdate56629[1].exe [2004-11-9 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"win-xp"=winis.exe

"nwiz"=nwiz.exe /installquiet

"ATIModeChange"=Ati2mdxx.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696]

S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664]

S3 kaspersky1;kaspersky1;\??\c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys --> c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: net-nucleus.com\awbeta

TCP: DhcpNameServer = 192.168.2.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-09 17:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1,

83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\

"??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*]

"datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81,

f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\

"rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(2196)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\McAfee\VirusScan Enterprise\Scriptcl.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-09 17:34:37 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-09 15:34

ComboFix2.txt 2012-06-08 15:16

ComboFix3.txt 2012-06-07 09:52

.

- - End Of File - - 97C047787C33DE77A83E08BE2B27D791

ComboFix 12-06-08.01 - mike 09-06-2012 17:12:46.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.787 [GMT 2:00]

Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

FILE ::

"c:\windows\album77.zip"

"c:\windows\album95.zip"

"d:\menu start\Programma's\Opstarten\indowsUpdate56629[1].exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\AVG Secure Search

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome.manifest

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome\avg.jar

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\components\toolbarhomeApi.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\icon.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\install.rdf

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avg.xml

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avgJsm.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Bindings.xml

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.css

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.xul

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\HistoryCleaner.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\IOJsm.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.dtd

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.properties

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Preferences.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\propertiesJsm.js

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\about.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\active-threats18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\ajax-loader.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\calc.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\CleanHistory.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\close.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\current.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\currently-safe18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\Facebook.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedback.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedicon.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\help.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon_search.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\information-24.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\labs.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\loader.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\note.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\questionmarkIcon.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\search.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\SecuredSearch.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\speed-test.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\surf-with-caution18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\updating18.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\weather.gif

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\window-close.png

c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\windows.png

c:\documents and settings\All Users\Application Data\AVG2012

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\admin.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\advisor.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\changecfgreg.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\csl.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\erd.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\except.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\idp2.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\krnl.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mail.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrv.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrvvsapi.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\malrep.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\rsexcludes.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\scan.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\sched.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\setup.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\spsrv.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\update.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\updatecomps.cfg

c:\documents and settings\All Users\Application Data\AVG2012\Cfg\user.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\falsealarm.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\krnlall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\pctuneupall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\srmall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\updateall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\cfgall\userall.cfg

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\md5Cache.dat

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\quarantinedList.zip

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\ShortcutCache.dat

c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\userList.zip

c:\documents and settings\All Users\Application Data\AVG2012\log\avgadvisor.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfgex.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.6

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgemc.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgexc.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagentremoved.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgldr.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.6

c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrkt.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgscan.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.4

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.5

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.6

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrmac.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.3

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.1

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.2

c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log

c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log

c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\log\history.xml

c:\documents and settings\All Users\Application Data\AVG2012\log\vault.log.lock

c:\documents and settings\All Users\Application Data\AVG2012\scanlogs\srm.idx

c:\documents and settings\mike\Application Data\AVG Secure Search

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\287204568329e189.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47__exp__1338908414

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\2c53092c95605355.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60__exp__1338908417

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\3917078cb68ec657.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3__exp__1338908413

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766__exp__1338981356

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3__exp__1338908418

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5__exp__1338908416

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701__exp__1338908418

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de__exp__1338908415

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d2e94710a5708128.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d79b9dfe81484ec4.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee.fb

c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee__exp__1338908418

c:\documents and settings\mike\Application Data\AVG2012

c:\documents and settings\mike\Application Data\AVG2012\cfgall\usergui.cfg

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_04_05_40_27.db

c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_06_04_17_27.db

c:\program files\Common Files\AVG Secure Search

c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.0.2\CommonInstaller.exe

c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini

c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.0.2\ScriptHelper.exe

c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll

c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll

c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.0.2\toolband

c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\UpdaterConfig.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_EFIPSK

-------\Legacy_VTOOLBARUPDATER11.0.2

-------\Service_efipsk

-------\Service_vToolbarUpdater11.0.2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-09 to 2012-06-09 ))))))))))))))))))))))))))))))

.

.

2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro

2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java

2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle

2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java

2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll

2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx

2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll

2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx

2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx

2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache

2012-06-05 12:04 . 2012-06-09 15:12 -------- d-----w- C:\QUARANTINE

2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle

2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee

2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee

2012-06-05 10:45 . 2012-06-05 10:45 -------- d-----w- c:\program files\AVG Secure Search

2012-06-05 10:28 . 2012-06-09 15:03 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend

2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW

2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET

2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE

2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache

2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8

2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter

2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon

2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll

2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll

2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll

2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll

2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll

2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL

2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING

2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL

2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL

2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon

2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip

2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip

2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-06-08_15.08.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-09 15:26 . 2012-06-09 15:26 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20d7b7f.msp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

.

d:\menu start\Programma's\Opstarten\

WindowsUpdate56629[1].exe [2004-11-9 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"win-xp"=winis.exe

"nwiz"=nwiz.exe /installquiet

"ATIModeChange"=Ati2mdxx.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696]

S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664]

S3 kaspersky1;kaspersky1;\??\c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys --> c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: net-nucleus.com\awbeta

TCP: DhcpNameServer = 192.168.2.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-09 17:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1,

83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\

"??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*]

"datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81,

f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\

"rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(2196)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\McAfee\VirusScan Enterprise\Scriptcl.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-09 17:34:37 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-09 15:34

ComboFix2.txt 2012-06-08 15:16

ComboFix3.txt 2012-06-07 09:52

.

- - End Of File - - 97C047787C33DE77A83E08BE2B27D791

aangepast door kape
Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\album95.zip

c:\windows\album77.zip

d:\menu start\Programma's\Opstarten\WindowsUpdate56629[1].exe

c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys

Folder::

c:\program files\AVG Secure Search

Driver::

kaspersky1

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-06-10.01 - mike 11-06-2012 13:15:27.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.653 [GMT 2:00]

Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\mike\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

FILE ::

"c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys"

"c:\windows\album77.zip"

"c:\windows\album95.zip"

"d:\menu start\Programma's\Opstarten\WindowsUpdate56629[1].exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AVG Secure Search

c:\program files\AVG Secure Search\about.gif

c:\program files\AVG Secure Search\active-threats18.gif

c:\program files\AVG Secure Search\avguidx.dll

c:\program files\AVG Secure Search\calc.gif

c:\program files\AVG Secure Search\CleanHistory.gif

c:\program files\AVG Secure Search\configuration.xml

c:\program files\AVG Secure Search\current.gif

c:\program files\AVG Secure Search\currently-safe18.gif

c:\program files\AVG Secure Search\Facebook.gif

c:\program files\AVG Secure Search\favicon.ico

c:\program files\AVG Secure Search\feedback.gif

c:\program files\AVG Secure Search\help.gif

c:\program files\AVG Secure Search\icon18.gif

c:\program files\AVG Secure Search\iGearedHelper.dll

c:\program files\AVG Secure Search\labs.gif

c:\program files\AVG Secure Search\Licenses\hmac.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-bsdiff.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-bzip.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-sparsehash.txt

c:\program files\AVG Secure Search\lip.exe

c:\program files\AVG Secure Search\MigrationTool.exe

c:\program files\AVG Secure Search\note.gif

c:\program files\AVG Secure Search\PostInstall.exe

c:\program files\AVG Secure Search\radio\bg.gif

c:\program files\AVG Secure Search\radio\play.gif

c:\program files\AVG Secure Search\radio\play_hover.gif

c:\program files\AVG Secure Search\radio\radio.html

c:\program files\AVG Secure Search\radio\radio.js

c:\program files\AVG Secure Search\radio\stations.xml

c:\program files\AVG Secure Search\radio\stop.gif

c:\program files\AVG Secure Search\radio\stop_hover.gif

c:\program files\AVG Secure Search\radio\v_minus.gif

c:\program files\AVG Secure Search\radio\v_minus_1.gif

c:\program files\AVG Secure Search\radio\v_plus.gif

c:\program files\AVG Secure Search\radio\v_plus_1.gif

c:\program files\AVG Secure Search\radio\vol_line_emp.gif

c:\program files\AVG Secure Search\radio\vol_line_full.gif

c:\program files\AVG Secure Search\radio\vol_line_half.gif

c:\program files\AVG Secure Search\remote_configuration.xml

c:\program files\AVG Secure Search\search.gif

c:\program files\AVG Secure Search\SecuredSearch.gif

c:\program files\AVG Secure Search\setup.bmp

c:\program files\AVG Secure Search\speed-test.gif

c:\program files\AVG Secure Search\surf-with-caution18.gif

c:\program files\AVG Secure Search\toolbar.zip

c:\program files\AVG Secure Search\Uninstall.exe

c:\program files\AVG Secure Search\updating18.gif

c:\program files\AVG Secure Search\vprot.exe

c:\program files\AVG Secure Search\weather.gif

c:\program files\AVG Secure Search\windows.gif

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_KASPERSKY1

-------\Service_kaspersky1

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-11 to 2012-06-11 ))))))))))))))))))))))))))))))

.

.

2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro

2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java

2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle

2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java

2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll

2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx

2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll

2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx

2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx

2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache

2012-06-05 12:04 . 2012-06-11 11:15 -------- d-----w- C:\QUARANTINE

2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle

2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee

2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee

2012-06-05 10:28 . 2012-06-11 10:53 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend

2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW

2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET

2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE

2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache

2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8

2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP

2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter

2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon

2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll

2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll

2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll

2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll

2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON

2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL

2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL

2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll

2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL

2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING

2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL

2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL

2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon

2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip

2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip

2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-06-08_15.08.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-11 11:28 . 2012-06-11 11:28 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\734ce53.msp

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20e7792.msp

+ 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20d7b7f.msp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

.

d:\menu start\Programma's\Opstarten\

WindowsUpdate56629[1].exe [2004-11-9 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"win-xp"=winis.exe

"nwiz"=nwiz.exe /installquiet

"ATIModeChange"=Ati2mdxx.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696]

S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: net-nucleus.com\awbeta

TCP: DhcpNameServer = 192.168.2.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-11 13:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1,

83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\

"??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9

.

[HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*]

"datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81,

f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\

"rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(720)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(1384)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-11 13:35:55 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-11 11:35

ComboFix2.txt 2012-06-09 15:34

ComboFix3.txt 2012-06-08 15:16

ComboFix4.txt 2012-06-07 09:52

.

- - End Of File - - D19B1FC09F32128BBB1C741A376DFC1C

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\album95.zip

c:\windows\album77.zip

d:\menu start\Programma's\Opstarten\WindowsUpdate56629[1].exe

c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys

Folder::

c:\program files\AVG Secure Search

Driver::

kaspersky1

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download Soluto. (klik er op)

Klik op I Agree – Install. Wacht in het scherm wat daarop volgt. Na 30 seconden verdwijnt dit scherm en installeert Soluto verder. Tijdens dit proces kan je je pc normaal gebruiken.

Als je wilt zien hoever Soluto is met installeren druk je met de rechtermuisknop op het icoontje soluto.png rechts onderin op de taakbalk en kies je voor ‘Open’.

Als de installatie voltooid is zal Soluto vragen om opnieuw op te starten. Sla alle programma’s die je open hebt staan op, en klik op Reboot PC Now.

Als de pc opnieuw opgestart is open je Soluto en klik je op ‘Chop Boot’. Daar kan je programma’s uitsluiten van het opstarten.

Voor een uitgebreide handleiding hierover klik je Hier. (klik er op)

Link naar reactie
Delen op andere sites

geeft als melding:

windows kan het bestand combofix/uninstall niet vinden

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download Soluto. (klik er op)

Klik op I Agree – Install. Wacht in het scherm wat daarop volgt. Na 30 seconden verdwijnt dit scherm en installeert Soluto verder. Tijdens dit proces kan je je pc normaal gebruiken.

Als je wilt zien hoever Soluto is met installeren druk je met de rechtermuisknop op het icoontje soluto.png rechts onderin op de taakbalk en kies je voor ‘Open’.

Als de installatie voltooid is zal Soluto vragen om opnieuw op te starten. Sla alle programma’s die je open hebt staan op, en klik op Reboot PC Now.

Als de pc opnieuw opgestart is open je Soluto en klik je op ‘Chop Boot’. Daar kan je programma’s uitsluiten van het opstarten.

Voor een uitgebreide handleiding hierover klik je Hier. (klik er op)

---------- Post toegevoegd om 11:48 ---------- Vorige post was om 11:45 ----------

In de map Qoobox zit een map met de naam backenv die kan niet verwijderd worden?

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download Soluto. (klik er op)

Klik op I Agree – Install. Wacht in het scherm wat daarop volgt. Na 30 seconden verdwijnt dit scherm en installeert Soluto verder. Tijdens dit proces kan je je pc normaal gebruiken.

Als je wilt zien hoever Soluto is met installeren druk je met de rechtermuisknop op het icoontje soluto.png rechts onderin op de taakbalk en kies je voor ‘Open’.

Als de installatie voltooid is zal Soluto vragen om opnieuw op te starten. Sla alle programma’s die je open hebt staan op, en klik op Reboot PC Now.

Als de pc opnieuw opgestart is open je Soluto en klik je op ‘Chop Boot’. Daar kan je programma’s uitsluiten van het opstarten.

Voor een uitgebreide handleiding hierover klik je Hier. (klik er op)

Link naar reactie
Delen op andere sites

kan combofix/uninstall niet vinden en kan Qoobox ook niet verwijderen??

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download Soluto. (klik er op)

Klik op I Agree – Install. Wacht in het scherm wat daarop volgt. Na 30 seconden verdwijnt dit scherm en installeert Soluto verder. Tijdens dit proces kan je je pc normaal gebruiken.

Als je wilt zien hoever Soluto is met installeren druk je met de rechtermuisknop op het icoontje soluto.png rechts onderin op de taakbalk en kies je voor ‘Open’.

Als de installatie voltooid is zal Soluto vragen om opnieuw op te starten. Sla alle programma’s die je open hebt staan op, en klik op Reboot PC Now.

Als de pc opnieuw opgestart is open je Soluto en klik je op ‘Chop Boot’. Daar kan je programma’s uitsluiten van het opstarten.

Voor een uitgebreide handleiding hierover klik je Hier. (klik er op)

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.