Shaggy1986
-
Items
7 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Shaggy1986
-
-
ik krijg hem nog steeds
-
hier het logbestand van autofix:
ComboFix 11-06-24.02 - MSK 24-06-2011 21:33:59.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.4095.2607 [GMT 2:00]
Gestart vanuit: G:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\burnlib.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\dsp_sps.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_aacplus.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_flac.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_flake.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_lame.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_vorbis.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_wav.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_wma.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_crasher.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_dropbox.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_ff.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_hotkeys.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_jumpex.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_ml.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_orgler.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_tray.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_undo.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_avi.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_cdda.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_dshow.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_flac.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_flv.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_linein.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_midi.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mkv.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mod.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mp3.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mp4.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_nsv.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_swf.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_vorbis.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wav.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wave.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wm.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wv.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_addons.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_autotag.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_bookmarks.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_dash.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_disc.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_history.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_impex.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_local.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_nowplaying.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_online.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_orb.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_playlists.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_plg.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_pmp.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_rg.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_transcode.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_wire.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ombrowser.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\out_disk.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\out_ds.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\out_wave.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\playlist.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_activesync.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_ipod.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_njb.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_p4s.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_usb.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\tagz.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\vis_avs.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\vis_milk2.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\vis_nsfs.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\winamp.lng
c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\winampa.lng
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 ))))))))))))))))))))))))))))))
.
.
2011-06-24 19:40 . 2011-06-24 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-24 11:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-24 11:33 . 2011-06-24 11:33 -------- d-----w- c:\programdata\Malwarebytes
2011-06-24 11:33 . 2011-06-24 11:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-24 11:33 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 06:52 . 2011-06-24 06:52 -------- d-----w- c:\program files\ESET
2011-06-24 06:12 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{486EE331-FD72-4181-B2E7-E1C632A87D17}\mpengine.dll
2011-06-23 11:52 . 2011-06-23 11:52 -------- d-----w- c:\program files (x86)\2K Sports
2011-06-21 12:51 . 2011-06-21 12:51 -------- d-----w- c:\program files (x86)\EA Sports
2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\program files (x86)\Creative
2011-06-20 10:12 . 2007-07-03 11:11 1503232 ------w- c:\windows\SysWow64\adi_oal.dll
2011-06-20 10:12 . 2007-07-03 11:14 1828352 ------w- c:\windows\system32\adi_oal.dll
2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-06-20 10:12 . 2008-05-14 13:11 58880 ----a-w- c:\windows\SysWow64\SFFXComm.dll
2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\programdata\SonicFocus
2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\program files (x86)\Analog Devices
2011-06-20 06:41 . 2011-06-20 06:41 -------- d-----w- c:\program files\Common Files\Logitech
2011-06-20 06:41 . 2011-06-20 06:41 -------- d-----w- c:\program files\Logitech
2011-06-18 11:30 . 2011-06-18 11:30 -------- d-----w- c:\programdata\Codemasters
2011-06-18 11:29 . 2011-06-18 11:29 -------- d-----w- c:\windows\SysWow64\xlive
2011-06-18 11:29 . 2011-06-18 11:29 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-06-18 11:20 . 2011-06-18 11:20 -------- d-----w- c:\program files (x86)\BRS
2011-06-18 11:20 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-06-18 11:20 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-06-18 11:20 . 2011-06-18 11:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-18 11:20 . 2011-06-18 11:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-18 11:20 . 2011-06-18 11:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-18 11:20 . 2011-06-18 11:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-18 11:20 . 2011-06-18 11:20 -------- d-----w- c:\program files (x86)\OpenAL
2011-06-18 11:20 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp195B.tmp
2011-06-18 11:19 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-06-18 11:19 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-06-18 11:19 . 2010-06-02 02:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-06-18 11:19 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-06-18 11:19 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-06-18 11:19 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-06-18 11:19 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-06-18 11:19 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-06-18 11:15 . 2011-06-18 11:15 -------- d-----w- c:\program files (x86)\Codemasters
2011-06-18 10:38 . 2011-06-18 10:38 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-06-18 10:38 . 2011-06-18 10:38 -------- d-----w- c:\windows\Sun
2011-06-15 16:11 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-06-15 15:18 . 2011-06-15 15:18 -------- d-----w- c:\program files (x86)\Storm Frontline Nation
2011-06-15 14:02 . 2010-05-20 22:57 80944 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-06-15 14:02 . 2010-05-20 22:57 68656 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-06-15 14:01 . 2010-05-20 22:56 334384 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-06-15 14:01 . 2010-05-20 22:56 399920 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-06-15 14:01 . 2010-05-20 22:54 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-06-15 14:01 . 2010-05-20 19:19 24112 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-06-15 14:00 . 2010-05-20 22:57 968752 ----a-w- c:\windows\system32\vnetlib64.dll
2011-06-15 14:00 . 2010-05-20 22:55 31792 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-06-15 14:00 . 2010-05-20 21:40 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-06-15 14:00 . 2011-06-15 14:00 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-06-15 14:00 . 2011-06-24 19:42 -------- d-----w- c:\programdata\VMware
2011-06-15 14:00 . 2011-06-15 14:00 -------- d-----w- c:\program files (x86)\VMware
2011-06-15 13:52 . 2011-06-15 13:52 -------- d-----w- c:\programdata\launcher
2011-06-15 13:52 . 2011-06-15 13:52 -------- d-----w- c:\programdata\explauncher
2011-06-15 13:51 . 2011-06-15 13:51 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-15 13:51 . 2010-01-17 11:10 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-06-15 13:50 . 2011-06-15 13:50 -------- d-----w- c:\program files (x86)\Paragon Software
2011-06-15 13:28 . 2008-02-14 02:57 13576 ----a-w- c:\windows\SysWow64\wnaspi32.dll
2011-06-15 10:57 . 2011-06-15 10:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-14 19:10 . 2011-06-14 19:10 551896 ----a-w- c:\windows\system32\appdrvrem01.exe
2011-06-14 19:10 . 2011-06-14 19:10 3854000 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2011-06-14 16:54 . 2011-06-14 16:54 828912 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-14 16:53 . 2011-06-14 16:54 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-06-14 16:53 . 2011-06-14 16:53 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-06-14 16:38 . 2011-06-14 17:08 -------- d-----w- c:\program files (x86)\Cyanide
2011-06-14 13:08 . 2011-06-14 13:08 -------- d-sh--w- c:\programdata\DSS
2011-06-14 13:04 . 2008-03-05 14:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2011-06-14 11:36 . 2011-06-15 13:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-06-14 11:14 . 2011-06-14 11:14 -------- d-----w- c:\program files (x86)\QuickPar
2011-06-14 10:01 . 2011-06-14 10:01 -------- d-----w- c:\program files (x86)\AltBinz
2011-06-14 09:56 . 2011-06-14 09:56 -------- d-----w- c:\program files (x86)\SpotLite
2011-06-13 21:04 . 2011-06-14 09:55 -------- d-----w- c:\programdata\Spotnet
2011-06-13 21:00 . 2011-06-13 21:00 -------- d-----w- c:\windows\system32\appmgmt
2011-06-13 20:45 . 2011-06-13 21:02 -------- d-----w- c:\program files (x86)\Notepad++
2011-06-13 20:45 . 2011-06-13 20:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-13 20:45 . 2011-06-13 20:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-13 20:45 . 2011-06-13 20:45 -------- d-----w- c:\program files (x86)\Java
2011-06-13 16:40 . 2011-06-13 16:40 -------- d-----w- c:\programdata\Sony Ericsson
2011-06-13 16:40 . 2011-06-13 16:40 -------- d-----w- c:\program files (x86)\Sony Ericsson
2011-06-13 16:26 . 2011-06-13 16:26 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2011-06-13 16:22 . 2011-06-13 16:22 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-06-13 16:22 . 2011-06-13 16:22 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2011-06-13 15:11 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-06-13 15:11 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2011-06-13 15:10 . 2011-06-13 15:10 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-06-13 15:10 . 2011-06-13 15:10 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-06-13 15:10 . 2011-06-13 15:11 -------- d-----w- c:\program files (x86)\Winamp
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files (x86)\Kerio
2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-06-13 14:37 . 2011-06-13 14:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\windows\PCHEALTH
2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-13 14:36 . 2011-06-13 14:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-06-13 14:35 . 2011-06-13 14:35 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-06-13 14:35 . 2011-06-23 07:37 -------- d-----w- c:\programdata\Microsoft Help
2011-06-13 14:35 . 2011-06-13 14:35 -------- d-----r- C:\MSOCache
2011-06-13 14:30 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-06-13 14:30 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-13 14:17 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-06-13 14:17 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-06-13 14:11 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-13 14:11 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-06-13 14:10 . 2011-06-13 13:14 -------- d-----w- c:\windows\Panther
2011-06-13 14:09 . 2011-06-13 14:09 -------- d-----w- c:\windows\system32\oem
2011-06-13 14:03 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-06-13 14:00 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-13 14:00 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-13 14:00 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-13 14:00 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-13 14:00 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-13 14:00 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-13 14:00 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-13 14:00 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-13 14:00 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-13 14:00 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-13 13:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-06-13 13:54 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\en
2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\en-US
2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\0409
2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\wbem\en-US
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 06:49 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-20 06:49 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-25 07:25 . 2009-07-13 21:59 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp194B.tmp
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-09-02 1302528]
.
c:\users\MSK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Winamp.lnk - c:\program files (x86)\Winamp\winamp.exe [2010-12-9 1595744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Alt.Binz.lnk - c:\program files (x86)\AltBinz\altbinz.exe [2007-9-27 1069568]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe [2011-6-13 303456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2767330528-3365173347-2677098965-1001Core.job
- c:\users\MSK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 14:27]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2767330528-3365173347-2677098965-1001UA.job
- c:\users\MSK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 14:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
LSP: N:\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{644F1613-7BCB-472E-A4F3-79A92940C244}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.424.0"
"UniqueId"="0018EDA84E04345A"
"ScannerBuild"=dword:00001283
"ScannerVersionId"=dword:00000f9d
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Voltooingstijd: 2011-06-24 21:46:23 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-24 19:46
.
Pre-Run: 599.347.597.312 bytes beschikbaar
Post-Run: 599.410.327.552 bytes beschikbaar
.
- - End Of File - - 6266BF8692B8F3D410EC601F5AF94C06
-
Ik heb MBAM laten draaien. Hier volgt het log bestand:
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: 6937
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
24-6-2011 13:38:20
mbam-log-2011-06-24 (13-38-20).txt
Scantype: Snelle scan
Objecten gescand: 178570
Verstreken tijd: 3 minuut/minuten, 28 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 3
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\Users\MSK\AppData\Roaming\ctfmon.exe (Trojan.VB) -> Quarantined and deleted successfully.
Daarna opnieuw opgestart en HJT weer laten scannen. daar kwam het volgende uit:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:11, on 24-6-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AltBinz\altbinz.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
C:\Users\MSK\AppData\Local\Alt.Binz\misc\par2.exe
C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Winamp.lnk = C:\Program Files (x86)\Winamp\winamp.exe
O4 - Global Startup: Alt.Binz.lnk = C:\Program Files (x86)\AltBinz\altbinz.exe
O4 - Global Startup: Microsoft Outlook 2010.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: n:\vsocklib.dll
O10 - Unknown file in Winsock LSP: n:\vsocklib.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9454 bytes
ik heb soundmax, winamp en outlook bewust niet aangevinkt bij de eerste HJT scan.
bij het opstarten kreeg ik nog steeds dezelfde melding van ESET.
-
Hallo Kape, allereerst bedankt voor de hulp. Ik zie dat ik een drietal bestanden (soundmax, winamp en outlook) moet fixen. Die programma's laat ik automatisch opstarten bij het aanzetten van mijn pc. Is dat waar HiJackThis een melding van maakt (en zo ja, moet ik deze dan alsnog fixen) of is er echt iets mis met de bestanden?
-
Hallo Asus,
bij deze het HJT-log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:13, on 24-6-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\MSK\AppData\Local\Temp\Kfc.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Winamp.lnk = C:\Program Files (x86)\Winamp\winamp.exe
O4 - Global Startup: Alt.Binz.lnk = C:\Program Files (x86)\AltBinz\altbinz.exe
O4 - Global Startup: Microsoft Outlook 2010.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: n:\vsocklib.dll
O10 - Unknown file in Winsock LSP: n:\vsocklib.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9453 bytes
-
Beste lezer,
sinds een paar dagen krijg ik bij het opstarten van mijn pc de melding: Eset smart security 4 heeft de bovenstaande virus gevonden in MBR sector of the 3. physical disk, maar kan hem niet verwijderen.
ik heb gezien dat er al eerder een post is geweest over dit virus, maar dat is inmiddels gesloten.
Olmarik.AJL
in Archief Bestrijding malware & virussen
Geplaatst:
Kape, is er nog iets wat ik zou kunnen doen?