Inhoud van Pajaso - PC Helpforum

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

alles weer zo goed als het was (en zelfs wat beter!) weer erg bedankt voor je hulp dank aan jou en jullie gehele team! ReDd4

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

plobleem opgelost! kan je misschien iets vertellen over wat voor soort virus ik had?

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

verkeerde log uploaden, dezelfde discussie dubbel opstarten... ik ben lekker bezig [ATTACH]31692[/ATTACH] AdwCleaner[S0].txt

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

hoi kape deze discussie heb ik per abuis dubbel opgestart bij het ander draadje heb ik de zoek.exe log al geplaatst ik zie geen optie om deze te wissen vandaar dat ik hem eerder als opgelost had gemarkeerd

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

[ATTACH]31690[/ATTACH] zoek-results.txt

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

[ATTACH]31689[/ATTACH] RSITLOG.txt

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso plaatste een topic in Archief Bestrijding malware & virussen

gegroet! sinds kort heb ik een redirect/popup virus die blijkbaar alleen via firefox gaat. antimalwarebytes en IObit maleware fighter vinden niets. _________________ het gaat als volgt: -comuter opgestart / firefox geopend / webpagina openen (maakt niet uit welke) / webpagina opent normaal - avast melding "bedreiging gedetecteerd": URL : h_utils_cdneurope_com__js__mo_js|{gzip} Infection : JS:Downloader-ZY [Trj] _________________ het gebeurt in de regel maar 1 keer, alleen wanneer ik een webpagina open nadat de computer herstart is. hiernaast wordt er zo nu en dan door firefox een "about blank" window geopend (die uiteindelijk niet door laad) wanneer ik ergens op click. de site waarmee connectie gemaakt wordt is click-status.king.com hier mijn RSIT LOG: [ATTACH]31685[/ATTACH] RSIT LOG.txt

redirect/popup virus (schijnbaar alleen via firefox)

Pajaso plaatste een topic in Archief Bestrijding malware & virussen

[ATTACH]31684[/ATTACH]

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

gelukt! thanx!!

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

Hoi Kape heb je nog suggesties? of zal ik het onderwerp als opgelost markeren en zelf kijken?

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

ook in "veilige modus" lukt dit niet. ik krijg dezelfde error melding

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

de 2 PV.3XE files kan ik niet deleten: -acces denied

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

ok de combofix /uninstall uitgevoerd. (ik geen bevestiging gehad dat de uninstall succesvol is afgelopen) daarna de CCleaner. Ik heb in (C:) nog 3 mappen combofix staan die tezamen : SED.3XE en PV.3XE wat doe ik hiermee?

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

sorry dat was een typo "combofix / uninstall" zo staat hij nog steeds wanneer ik RUN open

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

bedankt voor het heropenen. ik had niet direct door dat er geen berichten meer kunnen worden gepost als je opgelost aanvinkt. wel nu heb ik TDSSKiller en Qoobox verwijderd. Wanneer ik: "START> RUN > uninstall / combofix" uitvoer dan start hij combofix op. (resultaat dat ik een nieuwe log heb (behoorlijk lastig omdat avast gewoon aanstond)) ik krijg combofix dus niet gedeinstaleerd.

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

avast heeft geen trojans gevonden. wel 30 geinfecteerde bestanden. deze opgelost. daarna heeft hij na de opstart weer een grondige check gedan (eigen motief) en alles en nu is alles weer als vanouds! Nu bij deze Kape.. ********** ********** superrr bedankt voor je wijsheid! (nu ik weet dat PC Helpforum - Gratis hulp bij computer problemen zo erg effectief is zal ik een nieuwe topic starten (en mijn vrienden adviseren) betreft een ander probleem waaronder ik al maanden lijdt (iets met netwerk instellingen). misschien komen we elkaar weer tegen) groeten!!! Pajaso

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

Het ziet er erggggg goed uit! de avast grondige scan is op het moment bezig en duurt voorlopig nog wel even (ik ben misschien wat voorbarig) maar! die svchost-SYSTEM proces die erg dubieus was is er niet meer.. avast doet het!! xD ik merk niets vreemds meer op. Nu wacht ik de resultaten van de avast grondige scan af. (wanneer ik het resultaat heb en er niets gevonden is zal ik deze thread als OPGELOST! markeren en mijn opperste dank aan jou betuigen xD(ik ben je zowiezo nu al erg dankbaar!)) 2 B continued

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

ComboFix 11-10-12.01 - Administrator 12/10/2011 20:13:18.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.915 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\system32\drivers\i8042prt.sys" "c:\windows\trz13.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\rsit c:\rsit\info.txt c:\rsit\log.txt c:\windows\trz13.tmp . . ((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 ))))))))))))))))))))))))))))))) . . 2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\xircom 2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\wbem\snmp 2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\program files\microsoft frontpage 2011-10-12 17:12 . 2011-10-12 17:12 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-12 13:33 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-12 13:33 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-12 13:33 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-12 13:33 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-12 13:33 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-12 13:33 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-10-12 13:33 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-10-12 13:33 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-10-12 13:32 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-12 13:32 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-10-11 17:42 . 2011-10-11 17:42 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-11 06:43 . 2011-10-11 17:41 -------- d-----w- c:\program files\Trend Micro 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard 2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics 2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software 2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF 2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW 2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL 2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL 2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX 2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL 2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application 2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe 2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll 2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll 2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll 2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe 2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-12 17:13 . 2008-05-03 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-12_17.47.43 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-12 17:49 . 2011-10-12 17:49 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760] "igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\prio.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1832:TCP"= 1832:TCP:xrcle "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/12/2011 3:33 PM 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/12/2011 3:33 PM 320856] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2011 3:33 PM 20568] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776] S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nqytr . Contents of the 'Scheduled Tasks' folder . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46] . 2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-12 20:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr] "ServiceDll"="c:\windows\system32\sgnfzen.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(928) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2011-10-12 20:23:31 ComboFix-quarantined-files.txt 2011-10-12 18:23 ComboFix2.txt 2011-10-12 17:51 ComboFix3.txt 2011-10-11 09:46 ComboFix4.txt 2011-10-11 09:01 ComboFix5.txt 2011-10-12 18:12 . Pre-Run: 14 844 645 376 bytes free Post-Run: 14 833 225 728 bytes free . - - End Of File - - EBF6D770199F078122C607EBBB4B2ABB

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

19:07:03.0968 3236 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54 19:07:04.0140 3236 ============================================================ 19:07:04.0140 3236 Current date / time: 2011/10/12 19:07:04.0140 19:07:04.0140 3236 SystemInfo: 19:07:04.0140 3236 19:07:04.0140 3236 OS Version: 5.1.2600 ServicePack: 3.0 19:07:04.0140 3236 Product type: Workstation 19:07:04.0140 3236 ComputerName: REDDA 19:07:04.0140 3236 UserName: Administrator 19:07:04.0140 3236 Windows directory: C:\WINDOWS 19:07:04.0140 3236 System windows directory: C:\WINDOWS 19:07:04.0140 3236 Processor architecture: Intel x86 19:07:04.0140 3236 Number of processors: 1 19:07:04.0140 3236 Page size: 0x1000 19:07:04.0140 3236 Boot type: Normal boot 19:07:04.0140 3236 ============================================================ 19:07:05.0859 3236 Initialize success 19:07:09.0109 3548 ============================================================ 19:07:09.0109 3548 Scan started 19:07:09.0109 3548 Mode: Manual; 19:07:09.0109 3548 ============================================================ 19:07:11.0187 3548 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys 19:07:11.0187 3548 Aavmker4 - ok 19:07:12.0093 3548 Abiosdsk - ok 19:07:13.0031 3548 abp480n5 - ok 19:07:14.0015 3548 ACPI (7517e9b5fe4811cbd7712af820028cc4) C:\WINDOWS\system32\DRIVERS\ACPI.sys 19:07:14.0015 3548 ACPI - ok 19:07:15.0015 3548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 19:07:15.0031 3548 ACPIEC - ok 19:07:16.0062 3548 adpu160m - ok 19:07:17.0046 3548 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys 19:07:17.0062 3548 aeaudio - ok 19:07:18.0171 3548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 19:07:18.0171 3548 aec - ok 19:07:19.0156 3548 AFD (4329004269d30273ac51f93d7834263c) C:\WINDOWS\System32\drivers\afd.sys 19:07:19.0156 3548 AFD - ok 19:07:20.0218 3548 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 19:07:20.0281 3548 AgereSoftModem - ok 19:07:21.0250 3548 Aha154x - ok 19:07:22.0218 3548 aic78u2 - ok 19:07:23.0156 3548 aic78xx - ok 19:07:24.0187 3548 AliIde - ok 19:07:25.0187 3548 amsint - ok 19:07:26.0125 3548 asc - ok 19:07:27.0046 3548 asc3350p - ok 19:07:28.0000 3548 asc3550 - ok 19:07:29.0093 3548 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys 19:07:29.0093 3548 aswFsBlk - ok 19:07:30.0140 3548 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys 19:07:30.0140 3548 aswMon2 - ok 19:07:31.0203 3548 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys 19:07:31.0218 3548 aswRdr - ok 19:07:32.0296 3548 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys 19:07:32.0296 3548 aswSnx - ok 19:07:33.0390 3548 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys 19:07:33.0406 3548 aswSP - ok 19:07:34.0437 3548 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys 19:07:34.0437 3548 aswTdi - ok 19:07:35.0437 3548 AsyncMac (34c951228c152a248357409cb680ce13) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:07:35.0437 3548 AsyncMac - ok 19:07:36.0437 3548 atapi (65ea06f8711fb3a64ec7d323e350f456) C:\WINDOWS\system32\DRIVERS\atapi.sys 19:07:36.0437 3548 atapi - ok 19:07:37.0390 3548 Atdisk - ok 19:07:38.0390 3548 Atmarpc (ce372a820e4f4e808b574050ec35c049) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:07:38.0390 3548 Atmarpc - ok 19:07:39.0406 3548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 19:07:39.0406 3548 audstub - ok 19:07:40.0421 3548 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 19:07:40.0421 3548 AVGIDSDriver - ok 19:07:41.0406 3548 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 19:07:41.0406 3548 AVGIDSEH - ok 19:07:42.0390 3548 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 19:07:42.0390 3548 AVGIDSFilter - ok 19:07:43.0390 3548 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 19:07:43.0390 3548 AVGIDSShim - ok 19:07:44.0437 3548 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 19:07:44.0437 3548 Avgldx86 - ok 19:07:45.0421 3548 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 19:07:45.0421 3548 Avgmfx86 - ok 19:07:46.0406 3548 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 19:07:46.0406 3548 Avgrkx86 - ok 19:07:47.0390 3548 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 19:07:47.0406 3548 Avgtdix - ok 19:07:47.0531 3548 b48b7117 (19fef0c4ceb8210dda372e3ddb591541) C:\WINDOWS\393317300:1265929960.exe 19:07:47.0531 3548 Suspicious file (Hidden): C:\WINDOWS\393317300:1265929960.exe. md5: 19fef0c4ceb8210dda372e3ddb591541 19:07:47.0531 3548 b48b7117 ( HiddenFile.Multi.Generic ) - warning 19:07:47.0531 3548 b48b7117 - detected HiddenFile.Multi.Generic (1) 19:07:48.0406 3548 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 19:07:48.0421 3548 b57w2k - ok 19:07:49.0468 3548 BCM43XX (fa4a4a50b4b2647afedc676cc68c69cc) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 19:07:49.0484 3548 BCM43XX - ok 19:07:50.0437 3548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 19:07:50.0437 3548 Beep - ok 19:07:51.0390 3548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 19:07:51.0390 3548 cbidf2k - ok 19:07:52.0328 3548 cd20xrnt - ok 19:07:53.0328 3548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 19:07:53.0328 3548 Cdaudio - ok 19:07:54.0343 3548 Cdfs (3a8d04c6533a344973ba5cce5be2609b) C:\WINDOWS\system32\drivers\Cdfs.sys 19:07:54.0343 3548 Cdfs - ok 19:07:55.0703 3548 Cdrom (0cc13b7fe6d2f64efc82cebfe9d2b8f0) C:\WINDOWS\system32\DRIVERS\cdrom.sys 19:07:55.0703 3548 Cdrom - ok 19:07:57.0750 3548 Changer - ok 19:07:59.0234 3548 CmBatt (e2f21d3533aa974bc0e065dacf41a423) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 19:07:59.0234 3548 CmBatt - ok 19:08:00.0562 3548 CmdIde - ok 19:08:01.0750 3548 Compbatt (259fbcc7da88edc311d377976ea33720) C:\WINDOWS\system32\DRIVERS\compbatt.sys 19:08:01.0750 3548 Compbatt - ok 19:08:03.0031 3548 Cpqarray - ok 19:08:04.0265 3548 dac2w2k - ok 19:08:05.0359 3548 dac960nt - ok 19:08:07.0421 3548 Disk (db7ba51015765db476457bedd53d3cfe) C:\WINDOWS\system32\DRIVERS\disk.sys 19:08:07.0484 3548 Disk - ok 19:08:10.0078 3548 dmboot (ba1f9637c50d105fb8ebe334d57bc16e) C:\WINDOWS\system32\drivers\dmboot.sys 19:08:10.0109 3548 dmboot - ok 19:08:11.0406 3548 dmio (a29d408f65291721091bc21a48ceed00) C:\WINDOWS\system32\drivers\dmio.sys 19:08:11.0437 3548 dmio - ok 19:08:13.0718 3548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 19:08:13.0734 3548 dmload - ok 19:08:15.0828 3548 DMusic (0fdc464e960b5c9665d89fe00bc972a3) C:\WINDOWS\system32\drivers\DMusic.sys 19:08:15.0843 3548 DMusic - ok 19:08:19.0796 3548 dpti2o - ok 19:08:21.0625 3548 drmkaud (6d5ca8474cf00a2765b6d6b35a57e89c) C:\WINDOWS\system32\drivers\drmkaud.sys 19:08:21.0640 3548 drmkaud - ok 19:08:23.0312 3548 Fastfat (bb9c87cc84a747f68c4d0e24d5841e61) C:\WINDOWS\system32\drivers\Fastfat.sys 19:08:23.0312 3548 Fastfat - ok 19:08:26.0171 3548 Fdc (bafd3cc668a29f5070da63469c273127) C:\WINDOWS\system32\drivers\Fdc.sys 19:08:26.0171 3548 Fdc - ok 19:08:28.0218 3548 Fips (cd7388a0e1f2585d0300c9533f4de221) C:\WINDOWS\system32\drivers\Fips.sys 19:08:28.0218 3548 Fips - ok 19:08:29.0468 3548 Flpydisk (50cd9634d0d4e6c9c6e2e8ea27f8e2f6) C:\WINDOWS\system32\drivers\Flpydisk.sys 19:08:29.0468 3548 Flpydisk - ok 19:08:30.0593 3548 FltMgr (d1338fb4160e250ae8a9202f8ac3860f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 19:08:30.0593 3548 FltMgr - ok 19:08:31.0734 3548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 19:08:31.0750 3548 Fs_Rec - ok 19:08:32.0781 3548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:08:32.0781 3548 Ftdisk - ok 19:08:34.0484 3548 Gpc (8c7faa02a68d9eef68287a2842bb4f71) C:\WINDOWS\system32\DRIVERS\msgpc.sys 19:08:34.0484 3548 Gpc - ok 19:08:35.0515 3548 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\WINDOWS\system32\DRIVERS\gtipci21.sys 19:08:35.0531 3548 GTIPCI21 - ok 19:08:36.0578 3548 HidUsb (81d2ffea0965a205f257160f1328f18e) C:\WINDOWS\system32\DRIVERS\hidusb.sys 19:08:36.0578 3548 HidUsb - ok 19:08:37.0687 3548 hpn - ok 19:08:38.0890 3548 HTTP (34b3296ad3c624daaaf1884681633c82) C:\WINDOWS\system32\Drivers\HTTP.sys 19:08:38.0906 3548 HTTP - ok 19:08:39.0937 3548 i2omgmt - ok 19:08:40.0906 3548 i2omp - ok 19:08:41.0984 3548 i8042prt (7eb9317a28c4592dee01877286c11bc3) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:08:41.0984 3548 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 7eb9317a28c4592dee01877286c11bc3, Fake md5: f641d64e8fd069d91e60511bb5cf4a2d 19:08:41.0984 3548 i8042prt ( Rootkit.Win32.ZAccess.j ) - infected 19:08:41.0984 3548 i8042prt - detected Rootkit.Win32.ZAccess.j (0) 19:08:43.0140 3548 ialm (9e52a1c2e2d7660612c52bc282259852) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 19:08:43.0234 3548 ialm - ok 19:08:44.0312 3548 Imapi (df47d4e6ed89cd0ad7248a7604af706e) C:\WINDOWS\system32\DRIVERS\imapi.sys 19:08:44.0312 3548 Imapi - ok 19:08:45.0718 3548 ini910u - ok 19:08:46.0781 3548 IntelIde - ok 19:08:47.0953 3548 intelppm (09a4677efbe5a0a14e9a090421d851df) C:\WINDOWS\system32\DRIVERS\intelppm.sys 19:08:47.0968 3548 intelppm - ok 19:08:49.0593 3548 Ip6Fw (0f2a14149b767cd62559a4e060d63e0a) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 19:08:49.0609 3548 Ip6Fw - ok 19:08:51.0250 3548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:08:51.0250 3548 IpFilterDriver - ok 19:08:53.0625 3548 IpInIp (f6e4f5f17ead48851b2ca24faf595693) C:\WINDOWS\system32\DRIVERS\ipinip.sys 19:08:53.0625 3548 IpInIp - ok 19:08:54.0859 3548 IpNat (04191cc82eda72c44f9c154bc094ea0d) C:\WINDOWS\system32\DRIVERS\ipnat.sys 19:08:54.0875 3548 IpNat - ok 19:08:56.0312 3548 IPSec (84f6866f355c4c2185eb68206d55c591) C:\WINDOWS\system32\DRIVERS\ipsec.sys 19:08:56.0328 3548 IPSec - ok 19:08:57.0812 3548 irda (4d7852799e5f25b780d5a2b14d010199) C:\WINDOWS\system32\DRIVERS\irda.sys 19:08:57.0828 3548 irda - ok 19:08:58.0890 3548 IRENUM (ca98b430387b7d73d9b52eb4e0ab9d92) C:\WINDOWS\system32\DRIVERS\irenum.sys 19:08:58.0921 3548 IRENUM - ok 19:08:59.0968 3548 isapnp (5a59964bfb9dca86af0c4ae8cc1d6a32) C:\WINDOWS\system32\DRIVERS\isapnp.sys 19:08:59.0968 3548 isapnp - ok 19:09:01.0078 3548 Kbdclass (4780a418e0fa859b09311c87980d0f7e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:09:01.0078 3548 Kbdclass - ok 19:09:02.0140 3548 kmixer (e30be31b27e6fd0c3ab65e87f794e5df) C:\WINDOWS\system32\drivers\kmixer.sys 19:09:02.0140 3548 kmixer - ok 19:09:03.0265 3548 KSecDD (1e8c0c5ac7c40529961bd60451666932) C:\WINDOWS\system32\drivers\KSecDD.sys 19:09:03.0265 3548 KSecDD - ok 19:09:04.0437 3548 lbrtfdc - ok 19:09:05.0593 3548 massfilter - ok 19:09:07.0062 3548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 19:09:07.0062 3548 mnmdd - ok 19:09:08.0640 3548 Modem (8c0f9f5a284b1db052c31ed629c2a5c3) C:\WINDOWS\system32\drivers\Modem.sys 19:09:08.0640 3548 Modem - ok 19:09:10.0500 3548 Mouclass (06515a5d8482b44e55bab35981888a0e) C:\WINDOWS\system32\DRIVERS\mouclass.sys 19:09:10.0500 3548 Mouclass - ok 19:09:11.0734 3548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 19:09:11.0734 3548 mouhid - ok 19:09:12.0984 3548 MountMgr (8b64fa7814ed005e57d43155de88398a) C:\WINDOWS\system32\drivers\MountMgr.sys 19:09:13.0000 3548 MountMgr - ok 19:09:14.0140 3548 mraid35x - ok 19:09:15.0906 3548 MRxDAV (53cb9e3b300f4ea15d5b2679b102d09f) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:09:15.0921 3548 MRxDAV - ok 19:09:17.0218 3548 MRxSmb (c48d29e1719dedc1a2815b3bd98e780b) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:09:17.0234 3548 MRxSmb - ok 19:09:18.0734 3548 Msfs (79e4458da04664b431e6728a18199300) C:\WINDOWS\system32\drivers\Msfs.sys 19:09:18.0750 3548 Msfs - ok 19:09:20.0000 3548 MSIRCOMM (8919a83a813a2292214b7f40eb3867d7) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys 19:09:20.0015 3548 MSIRCOMM - ok 19:09:21.0718 3548 MSKSSRV (241e77138dee16d546080a794b80284b) C:\WINDOWS\system32\drivers\MSKSSRV.sys 19:09:21.0718 3548 MSKSSRV - ok 19:09:22.0843 3548 MSPCLOCK (f46de5b07ea15e0727f12eb12e710f71) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:09:22.0843 3548 MSPCLOCK - ok 19:09:24.0687 3548 MSPQM (c53927217ac0834dc547b396ffc495d9) C:\WINDOWS\system32\drivers\MSPQM.sys 19:09:24.0687 3548 MSPQM - ok 19:09:27.0015 3548 mssmbios (146e70915c378f02476a10bcec3a95c2) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:09:27.0015 3548 mssmbios - ok 19:09:28.0109 3548 Mup (254717fc83220bdc790f6c2e57c620bf) C:\WINDOWS\system32\drivers\Mup.sys 19:09:28.0109 3548 Mup - ok 19:09:29.0296 3548 NDIS (aff1aed224d17c8bc38174ed932f68b6) C:\WINDOWS\system32\drivers\NDIS.sys 19:09:29.0296 3548 NDIS - ok 19:09:30.0390 3548 NdisTapi (eaeecd0001f1d43bb3e81b77e8b8483e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:09:30.0421 3548 NdisTapi - ok 19:09:31.0765 3548 Ndisuio (077c330d7e12669d57ed16e4dfabf700) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:09:31.0765 3548 Ndisuio - ok 19:09:33.0171 3548 NdisWan (36a503c26f7c81fe7ce71b0b467605dd) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:09:33.0171 3548 NdisWan - ok 19:09:34.0562 3548 NDProxy (21769bbeb1b70ddad968002390100b3a) C:\WINDOWS\system32\drivers\NDProxy.sys 19:09:34.0578 3548 NDProxy - ok 19:09:35.0890 3548 NetBIOS (4977fd4bad4b94188e7b101df0e017ef) C:\WINDOWS\system32\DRIVERS\netbios.sys 19:09:35.0890 3548 NetBIOS - ok 19:09:36.0968 3548 NetBT (3294dc900631ee18c86f49e7c26e416b) C:\WINDOWS\system32\DRIVERS\netbt.sys 19:09:36.0968 3548 NetBT - ok 19:09:38.0296 3548 Npfs (bff3844722d795df4c5066aaae957ec8) C:\WINDOWS\system32\drivers\Npfs.sys 19:09:38.0296 3548 Npfs - ok 19:09:38.0296 3548 Suspicious service (NoAccess): nqytr 19:09:39.0921 3548 Ntfs (d7f8a3f743c54c13d78954176ad483a2) C:\WINDOWS\system32\drivers\Ntfs.sys 19:09:39.0937 3548 Ntfs - ok 19:09:42.0078 3548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 19:09:42.0078 3548 Null - ok 19:09:43.0546 3548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:09:43.0562 3548 NwlnkFlt - ok 19:09:44.0765 3548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:09:44.0765 3548 NwlnkFwd - ok 19:09:46.0625 3548 Parport (9f84cffa068c474084a99bc68bf3ea63) C:\WINDOWS\system32\DRIVERS\parport.sys 19:09:46.0640 3548 Parport - ok 19:09:47.0734 3548 PartMgr (64fc948a8387d3a5fba3cdeb539b1514) C:\WINDOWS\system32\drivers\PartMgr.sys 19:09:47.0734 3548 PartMgr - ok 19:09:48.0796 3548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 19:09:48.0796 3548 ParVdm - ok 19:09:49.0906 3548 PCI (ef6876118575c85ca4ad39ac6490656c) C:\WINDOWS\system32\DRIVERS\pci.sys 19:09:49.0921 3548 PCI - ok 19:09:51.0156 3548 PCIDump - ok 19:09:52.0734 3548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 19:09:52.0734 3548 PCIIde - ok 19:09:54.0156 3548 Pcmcia (c1bc00b2c7a782cf5207f1a13745ab65) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 19:09:54.0203 3548 Pcmcia - ok 19:09:55.0640 3548 PDCOMP - ok 19:09:57.0031 3548 PDFRAME - ok 19:09:58.0125 3548 PDRELI - ok 19:09:59.0781 3548 PDRFRAME - ok 19:10:01.0093 3548 perc2 - ok 19:10:02.0296 3548 perc2hib - ok 19:10:03.0437 3548 PptpMiniport (7065eaef0b12cc5339425d575e5a71d3) C:\WINDOWS\system32\DRIVERS\raspptp.sys 19:10:03.0437 3548 PptpMiniport - ok 19:10:04.0468 3548 PSched (7c8c04b524b0823a29ee6b0818ecbbb3) C:\WINDOWS\system32\DRIVERS\psched.sys 19:10:04.0468 3548 PSched - ok 19:10:06.0453 3548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 19:10:06.0453 3548 Ptilink - ok 19:10:07.0656 3548 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 19:10:07.0656 3548 PxHelp20 - ok 19:10:08.0828 3548 ql1080 - ok 19:10:10.0109 3548 Ql10wnt - ok 19:10:12.0000 3548 ql12160 - ok 19:10:14.0734 3548 ql1240 - ok 19:10:16.0296 3548 ql1280 - ok 19:10:17.0625 3548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 19:10:17.0640 3548 RasAcd - ok 19:10:19.0265 3548 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 19:10:19.0265 3548 Rasirda - ok 19:10:21.0250 3548 Rasl2tp (1d0743f4b97fd729511ad5022e0bcbc1) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:10:21.0265 3548 Rasl2tp - ok 19:10:22.0640 3548 RasPppoe (04a17ced474f4444d6eff7a1ba169a2e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:10:22.0640 3548 RasPppoe - ok 19:10:23.0656 3548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:10:23.0656 3548 Raspti - ok 19:10:24.0703 3548 Rdbss (d2fd6bd47a5ad252745c96b61b55d7be) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:10:24.0718 3548 Rdbss - ok 19:10:25.0750 3548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:10:25.0750 3548 RDPCDD - ok 19:10:27.0250 3548 rdpdr (00f5b19217f0ea9a513789dd8214c79b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 19:10:27.0250 3548 rdpdr - ok 19:10:28.0625 3548 RDPWD (e92dd0b4ab8d73f72fef85282f8dd2e2) C:\WINDOWS\system32\drivers\RDPWD.sys 19:10:28.0640 3548 RDPWD - ok 19:10:29.0656 3548 redbook (bf1bfdad19fd920cc0856886ce91b208) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:10:29.0656 3548 redbook - ok 19:10:30.0812 3548 RT73 - ok 19:10:32.0593 3548 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 19:10:32.0656 3548 RTL8187B - ok 19:10:32.0828 3548 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 19:10:32.0828 3548 SASDIFSV - ok 19:10:32.0875 3548 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS 19:10:32.0875 3548 SAS***IL - ok 19:10:34.0265 3548 sdbus (75e2c5885b1674ece6ce392f03686a97) C:\WINDOWS\system32\DRIVERS\sdbus.sys 19:10:34.0265 3548 sdbus - ok 19:10:36.0281 3548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:10:36.0281 3548 Secdrv - ok 19:10:37.0968 3548 serenum (19f5a2b382c281ea02525566e8fe6980) C:\WINDOWS\system32\DRIVERS\serenum.sys 19:10:37.0968 3548 serenum - ok 19:10:39.0921 3548 Serial (3dae0c3747f4065d18617ca36f63f104) C:\WINDOWS\system32\DRIVERS\serial.sys 19:10:39.0937 3548 Serial - ok 19:10:41.0093 3548 Sfloppy (0e0d508c42ed31e0ce4877bcbd1dac7e) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 19:10:41.0093 3548 Sfloppy - ok 19:10:42.0078 3548 Simbad - ok 19:10:43.0531 3548 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys 19:10:43.0531 3548 SMCIRDA - ok 19:10:44.0703 3548 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys 19:10:44.0703 3548 smwdm - ok 19:10:46.0593 3548 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 19:10:46.0593 3548 SONYPVU1 - ok 19:10:47.0843 3548 Sparrow - ok 19:10:49.0171 3548 splitter (d15d4f064889adae4ef9a44797361a95) C:\WINDOWS\system32\drivers\splitter.sys 19:10:49.0187 3548 splitter - ok 19:10:51.0796 3548 sr (b0a078e4f5c4b11ddca9fe48e860687f) C:\WINDOWS\system32\DRIVERS\sr.sys 19:10:51.0812 3548 sr - ok 19:10:52.0843 3548 Srv (9bdb2e5f2c6cebeee1d75ff2eadacafa) C:\WINDOWS\system32\DRIVERS\srv.sys 19:10:52.0859 3548 Srv - ok 19:10:54.0187 3548 swenum (52ca69522d2780008679f486ff2d16a9) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:10:54.0187 3548 swenum - ok 19:10:56.0062 3548 swmidi (d9f7f799db20ce348d2c7f374aae5133) C:\WINDOWS\system32\drivers\swmidi.sys 19:10:56.0062 3548 swmidi - ok 19:11:00.0671 3548 symc810 - ok 19:11:06.0812 3548 symc8xx - ok 19:11:08.0953 3548 sym_hi - ok 19:11:09.0906 3548 sym_u3 - ok 19:11:11.0093 3548 sysaudio (ac17b7e3da6fc911466962bbe1596239) C:\WINDOWS\system32\drivers\sysaudio.sys 19:11:11.0093 3548 sysaudio - ok 19:11:12.0234 3548 Tcpip (37d8387cbd4437c55f454209be10ef11) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:11:12.0265 3548 Tcpip - ok 19:11:13.0937 3548 TDPIPE (acbb991ba7710ca13e3f7c581365eec0) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:11:13.0937 3548 TDPIPE - ok 19:11:15.0187 3548 TDTCP (b4b829f1accaa80686a9f9264f2050d0) C:\WINDOWS\system32\drivers\TDTCP.sys 19:11:15.0187 3548 TDTCP - ok 19:11:16.0609 3548 TermDD (9357984830dc4f40c3c82489b56ec95b) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:11:16.0609 3548 TermDD - ok 19:11:17.0828 3548 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys 19:11:17.0828 3548 tifm21 - ok 19:11:20.0593 3548 TosIde - ok 19:11:23.0625 3548 tunmp (7dfeb4edcd8635eb74f5a08bd67c00bb) C:\WINDOWS\system32\DRIVERS\tunmp.sys 19:11:23.0656 3548 tunmp - ok 19:11:28.0140 3548 Udfs (007c5857eca3624845005d800986e400) C:\WINDOWS\system32\drivers\Udfs.sys 19:11:28.0156 3548 Udfs - ok 19:11:29.0296 3548 ultra - ok 19:11:30.0296 3548 Update (4b633414b8231060c8ceac4575fcb00e) C:\WINDOWS\system32\DRIVERS\update.sys 19:11:30.0328 3548 Update - ok 19:11:31.0328 3548 usbaudio (c17a732c423b3e27072c79e3bc880347) C:\WINDOWS\system32\drivers\usbaudio.sys 19:11:31.0328 3548 usbaudio - ok 19:11:32.0375 3548 usbccgp (7d9ac2328255cb506a9b74fdf2977ce1) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:11:32.0390 3548 usbccgp - ok 19:11:33.0750 3548 usbehci (8e9d9764dd8030160fc42e183001113d) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:11:33.0765 3548 usbehci - ok 19:11:35.0281 3548 usbhub (32889e8b3bb890d5dbcdf866598a2b45) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:11:35.0281 3548 usbhub - ok 19:11:36.0734 3548 USBSTOR (4c11e52f58b8f691099f9c1b0432a6a6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:11:36.0734 3548 USBSTOR - ok 19:11:38.0734 3548 usbuhci (b4fbc865ce1311f671c18388df73eb80) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:11:38.0734 3548 usbuhci - ok 19:11:39.0937 3548 VgaSave (27573609ed1a48065a7174fa6b7f36e5) C:\WINDOWS\System32\drivers\vga.sys 19:11:39.0937 3548 VgaSave - ok 19:11:40.0984 3548 ViaIde - ok 19:11:42.0296 3548 VolSnap (999a7ab63b8f364f4df130d48ba7e972) C:\WINDOWS\system32\drivers\VolSnap.sys 19:11:42.0296 3548 VolSnap - ok 19:11:43.0625 3548 Wanarp (4d91cdfecb032a34c550080b62720e15) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:11:43.0625 3548 Wanarp - ok 19:11:44.0640 3548 WDICA - ok 19:11:46.0171 3548 wdmaud (971260ff2bdf0371c11e811fa9c64bd8) C:\WINDOWS\system32\drivers\wdmaud.sys 19:11:46.0187 3548 wdmaud - ok 19:11:47.0921 3548 WmiAcpi (b4a2386ce6577a213032a9e25398a398) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 19:11:47.0937 3548 WmiAcpi - ok 19:11:50.0015 3548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 19:11:50.0062 3548 WudfPf - ok 19:11:51.0953 3548 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 19:11:51.0953 3548 WudfRd - ok 19:11:53.0140 3548 ZTEusbmdm6k - ok 19:11:55.0031 3548 ZTEusbnmea - ok 19:11:56.0718 3548 ZTEusbser6k - ok 19:11:56.0765 3548 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 19:11:56.0953 3548 \Device\Harddisk0\DR0 - ok 19:11:56.0968 3548 Boot (0x1200) (71177a91d835ae3a8dcf60dd069e7e28) \Device\Harddisk0\DR0\Partition0 19:11:56.0968 3548 \Device\Harddisk0\DR0\Partition0 - ok 19:11:56.0968 3548 ============================================================ 19:11:56.0968 3548 Scan finished 19:11:56.0968 3548 ============================================================ 19:11:56.0984 2744 Detected object count: 2 19:11:56.0984 2744 Actual detected object count: 2 19:12:41.0968 2744 C:\WINDOWS\393317300:1265929960.exe - copied to quarantine 19:12:41.0968 2744 b48b7117 ( HiddenFile.Multi.Generic ) - User select action: Quarantine 19:12:45.0890 2744 Backup copy found, using it.. 19:12:45.0906 2744 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot 19:12:45.0906 2744 i8042prt ( Rootkit.Win32.ZAccess.j ) - User select action: Cure 19:12:54.0687 3216 Deinitialize success _________________________________________________________________________________________ ComboFix 11-10-12.01 - Administrator 12/10/2011 19:37:19.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.932 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADS - svchost.exe: deleted 88 bytes in 2 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS C:\Recycle.Bin C:\RECYCLER(2) c:\recycler(2)\S-1-5-21-1960408961-854245398-1177238915-500(2)\INFO2 c:\windows\393317300 c:\windows\system32\d3d9caps.dat . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_b48b7117 . . ((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 ))))))))))))))))))))))))))))))) . . 2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\xircom 2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\wbem\snmp 2011-10-12 17:12 . 2011-10-12 17:12 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-12 13:35 . 2011-10-12 13:35 784 ----a-w- c:\windows\trz13.tmp 2011-10-12 13:33 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-10-12 13:33 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-12 13:33 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-10-12 13:33 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-10-12 13:33 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-10-12 13:33 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-10-12 13:33 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-10-12 13:33 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-10-12 13:32 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-10-12 13:32 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-10-11 17:42 . 2011-10-11 17:42 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-11 14:41 . 2011-10-11 14:41 -------- d-----w- C:\rsit 2011-10-11 06:43 . 2011-10-11 17:41 -------- d-----w- c:\program files\Trend Micro 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard 2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics 2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software 2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF 2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW 2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL 2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL 2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX 2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL 2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application 2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe 2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll 2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll 2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll 2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe 2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-12 17:13 . 2008-05-03 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760] "igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjE0Njc1MzE3LVRCOSsyLUZMKzktUUlYMSs0LUYxME0rNS1YMjAxMCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMjk5MTktREQxMEYrMS1TVDEwRkFQUCsx∏=90&ver=10.0.1410" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\prio.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1832:TCP"= 1832:TCP:xrcle "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/12/2011 3:33 PM 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/12/2011 3:33 PM 320856] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2011 3:33 PM 20568] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776] S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nqytr . Contents of the 'Scheduled Tasks' folder . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46] . 2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-02800813.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-12 19:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr] "ServiceDll"="c:\windows\system32\sgnfzen.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(928) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(3896) c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\OneX.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\wltrysvc.exe c:\windows\System32\bcmwltry.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\igfxsrvc.exe c:\windows\AGRSMMSG.exe c:\windows\system32\bcmntray.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Completion time: 2011-10-12 19:51:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-12 17:51 ComboFix2.txt 2011-10-11 09:46 ComboFix3.txt 2011-10-11 09:01 ComboFix4.txt 2011-10-07 14:46 . Pre-Run: 14 649 196 544 bytes free Post-Run: 14 843 670 528 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - C04999C383900C2FD47B09ADE613C140

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

De situatie nu, avg virus scanner doet het niet. avast wel, vind en blokeerd wel (verschillende) acties (wanneer hij waakt). Bij de volledige systeem scan vind hij een rootkit in C:\WINDOWS\system32\drivers\trz1F.tmp ik kan er alleen niets mee doen. "FOUT: there are no more endpoints" krijg ik te lezen als ik wil verplaatsen naar kluis of herstellen of wat dan ook. als ik een grondige scan opstart blijft hij hangen. Na deze acties herstart ik de comp op verzoek van avast. eenmaal opgestart is avast uitgeschakeld "X u bent niet beveiligd" herstellen lukt ook niet.

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

Ik heb nog geen trojan melding gehad (die varieeren ook, soms een tijdje niets.. en daarna worden verschillende processen geblokeerd door antivirus prog) Als ik mijn als ik wifi opstart en er is verbinding, begint na een minuut ofzo allerlei gedoe. Taakbeheer> svchost.exe SYSTEM begint heel druk te doen en bij het TCP tabje zie ik dat hij enorm veel connecties aan het maken is met verschillende adressen uiteindelijk blijft hij hangen

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

info.txt logfile of random's system information tool 1.09 2011-10-11 16:41:35 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Adobe Reader 9.4.5 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A94000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Agere Systems AC'97 Modem-->agrsmdel avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall AVG 2012-->MsiExec.exe /I{56839333-0802-40D6-9A50-EBB9EB2BF541} AVG 2012-->MsiExec.exe /I{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7} Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo Broadcom NetXtreme Ethernet Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033 Broadcom Wireless Utility-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11_App\UninstallInfo CCleaner-->"C:\Program Files\CCleaner\uninst.exe" DivX-Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe" Google Talk Plugin-->MsiExec.exe /I{82705358-3BD6-3CD5-AA9A-B8F058BE3A29} Guitar Pro 4 Demo-->MsiExec.exe /X{7DBC4070-DCE3-427E-AEFF-430ED013EC04} Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF} LucasArts' Curse of Monkey Island-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\LucasArts\Curse\DeIsL1.isu" Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Documents and Settings\Administrator\Desktop\tegenmal\tegenmal\Malwarebytes' Anti-Malware\unins000.exe" Micro Application - 2 000 Courriers Types-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\2 000 Courriers Types\Uninst.isu" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Monkey Island 2 LeChucks Revenge Special Edition-->"C:\Program Files\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\unins000.exe" Mozilla Firefox 6.0.2 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U Prio v1.9.7-->C:\WINDOWS\prio197uninstall.exe ReaJPEG Pro 4.0-->"C:\Program Files\ReaSoft\ReaJPEG Pro\unins000.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409 Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" WinRAR-->C:\Program Files\WinRAR\uninstall.exe YouTube Downloader 2.5.6-->"C:\Program Files\YouTube Downloader\uninstall.exe" ======Security center information====== AV: avast! Antivirus ======System event log====== Computer Name: REDDA Event Code: 7023 Message: The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. Record Number: 102130 Source Name: Service Control Manager Time Written: 20111005205558.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 7000 Message: The AVGIDSAgent service failed to start due to the following error: Access is denied. Record Number: 102121 Source Name: Service Control Manager Time Written: 20111005205558.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 7023 Message: The System Support service terminated with the following error: The specified module could not be found. Record Number: 102120 Source Name: Service Control Manager Time Written: 20111005205558.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Record Number: 102119 Source Name: DCOM Time Written: 20111005205321.000000+120 Event Type: error User: REDDA\Administrator Computer Name: REDDA Event Code: 4 Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Record Number: 102118 Source Name: b57w2k Time Written: 20111005205320.000000+120 Event Type: warning User: =====Application event log===== Computer Name: REDDA Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 4546 Source Name: EventSystem Time Written: 20110413175059.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 4545 Source Name: EventSystem Time Written: 20110413175059.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 4544 Source Name: EventSystem Time Written: 20110413175059.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 4543 Source Name: EventSystem Time Written: 20110413175059.000000+120 Event Type: error User: Computer Name: REDDA Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 4542 Source Name: EventSystem Time Written: 20110413175059.000000+120 Event Type: error User: ======Environment variables====== "DEVMGR_SHOW_DETAILS"=1 "ComSpec"=%SystemRoot%\system32\cmd.exe "DEVMGR_SHOW_NONPRESENT_DEVICES"=1 "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0d08 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% -----------------EOF----------------- ______________________________________________________________________________________________ Logfile of random's system information tool 1.09 (written by random/random) Run by Administrator at 2011-10-11 16:41:21 Microsoft Windows XP Professional Service Pack 3 System drive C: has 15 GB (26%) free of 57 GB Total RAM: 1271 MB (61% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18" "jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff "{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\ "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\plugins\ npdeployJava1.dll nppdf32.dll npwachk.dll C:\Program Files\Mozilla Firefox\searchplugins\ bing.xml bolcom-nl.xml google.xml marktplaats-nl.xml vandale-nl.xml wikipedia-nl.xml C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\searchplugins\ avg-secure-search.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-09-27 2179936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2011-10-07 1451336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-12 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2011-10-07 1451336] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-19 101144] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2007-06-19 84760] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2007-06-19 125720] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-16 88209] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\bcmntray [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-09-23 2404704] "vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2011-10-07 218440] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-09-14 4611456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\WINDOWS\system32\prio.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-06-19 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableStatusMessages"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"=1 "StartMenuFavorites"=0 "Start_ShowMyComputer"=1 "Start_ShowMyDocs"=1 "Start_ShowMyMusic"=0 "Start_ShowRun"=1 "Start_ShowSearch"=0 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "vidc.DIVX"=DivX.dll "vidc.yv12"=DivX.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux1"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2011-10-11 16:41:21 ----D---- C:\rsit 2011-10-11 13:37:23 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys 2011-10-11 12:38:28 ----SHD---- C:\RECYCLER 2011-10-11 12:35:14 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys 2011-10-11 12:35:14 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011-10-11 12:35:10 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys 2011-10-11 12:35:09 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys 2011-10-11 12:35:09 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys 2011-10-11 12:35:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys 2011-10-11 12:35:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys 2011-10-11 12:35:06 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys 2011-10-11 12:34:43 ----A---- C:\WINDOWS\system32\aswBoot.exe 2011-10-11 12:34:43 ----A---- C:\WINDOWS\avastSS.scr 2011-10-11 11:46:51 ----A---- C:\ComboFix.txt 2011-10-11 11:40:00 ----D---- C:\ComboFix 2011-10-11 10:57:27 ----D---- C:\Program Files\xerox 2011-10-11 10:57:25 ----D---- C:\WINDOWS\system32\xircom 2011-10-11 10:57:25 ----D---- C:\Program Files\microsoft frontpage 2011-10-11 10:51:36 ----RASHD---- C:\cmdcons 2011-10-11 10:48:25 ----A---- C:\WINDOWS\zip.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWXCACLS.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWSC.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWREG.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\sed.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\PEV.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\NIRCMD.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\MBR.exe 2011-10-11 10:48:25 ----A---- C:\WINDOWS\grep.exe 2011-10-11 08:43:05 ----D---- C:\Program Files\Trend Micro 2011-10-10 20:26:42 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search 2011-10-10 20:26:30 ----D---- C:\Program Files\AVG Secure Search 2011-10-10 20:26:05 ----D---- C:\Program Files\Common Files\AVG Secure Search 2011-10-10 20:23:13 ----D---- C:\Config.Msi 2011-10-10 14:34:38 ----DC---- C:\WINDOWS\$NtUninstallWdf01005$ 2011-10-10 14:33:37 ----D---- C:\Program Files\Hewlett-Packard 2011-10-10 14:32:11 ----D---- C:\Program Files\Synaptics 2011-10-07 21:09:38 ----SHD---- C:\WINDOWS\CSC 2011-10-07 20:16:57 ----ASH---- C:\pagefile.sys 2011-10-07 20:01:03 ----A---- C:\WINDOWS\ntbtlog.txt 2011-10-07 18:06:16 ----D---- C:\Program Files\AVAST Software 2011-10-07 18:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software 2011-10-07 16:34:34 ----A---- C:\Boot.bak 2011-10-07 16:33:23 ----D---- C:\ComboFix(2) 2011-10-07 16:23:20 ----D---- C:\WINDOWS\ERDNT 2011-10-07 16:23:10 ----D---- C:\Qoobox 2011-10-07 16:17:05 ----D---- C:\WINDOWS\system32\appmgmt 2011-10-07 16:05:11 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG2012 2011-10-07 16:03:10 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012 2011-10-07 12:53:21 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-10-07 12:52:42 ----D---- C:\Program Files\SUPERAntiSpyware 2011-10-07 12:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2011-10-07 12:35:53 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011-10-07 12:28:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2011-10-06 18:39:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-10-06 18:36:55 ----HD---- C:\WINDOWS\PIF 2011-10-06 18:33:35 ----D---- C:\Program Files\beschermingNIEUW 2011-10-06 17:50:00 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2011-10-06 17:49:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2011-10-05 17:45:09 ----SHD---- C:\WINDOWS\assembly 2011-09-19 18:15:14 ----A---- C:\WINDOWS\MICRO APPLICATION Expéditeur.dat 2011-09-19 18:15:14 ----A---- C:\WINDOWS\MICRO APPLICATION Destinataire.dat 2011-09-19 18:15:01 ----A---- C:\WINDOWS\INTER.INI 2011-09-19 18:14:47 ----A---- C:\WINDOWS\system32\MFC42FRA.DLL 2011-09-19 18:14:47 ----A---- C:\WINDOWS\system32\CTL3D95.DLL 2011-09-19 18:14:20 ----A---- C:\WINDOWS\system32\MSSTKPRP.DLL 2011-09-19 18:14:15 ----D---- C:\Program Files\Micro Application 2011-09-19 18:09:17 ----A---- C:\WINDOWS\IsUn040c.exe 2011-09-19 18:09:15 ----A---- C:\WINDOWS\Navigma.INI 2011-09-16 15:01:03 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2011-09-16 15:01:02 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2011-09-16 15:01:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2011-09-16 15:01:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2011-09-16 15:01:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2011-09-16 15:01:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2011-09-16 15:00:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2011-09-16 15:00:57 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2011-09-16 15:00:57 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2011-09-16 15:00:52 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2011-09-16 15:00:52 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2011-09-16 15:00:51 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2011-09-16 15:00:51 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2011-09-16 15:00:48 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2011-09-16 15:00:47 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2011-09-16 15:00:47 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2011-09-16 15:00:42 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2011-09-16 15:00:41 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2011-09-16 15:00:40 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2011-09-16 15:00:40 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2011-09-16 15:00:39 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2011-09-16 15:00:39 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2011-09-16 15:00:38 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2011-09-16 15:00:38 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2011-09-16 15:00:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2011-09-16 15:00:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2011-09-16 15:00:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2011-09-16 15:00:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2011-09-16 14:41:32 ----A---- C:\WINDOWS\unin040c.exe 2011-09-13 06:30:10 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys ======List of files/folders modified in the last 1 month====== 2011-10-11 16:41:28 ----D---- C:\WINDOWS\Prefetch 2011-10-11 14:42:59 ----D---- C:\WINDOWS\Temp 2011-10-11 13:37:29 ----D---- C:\WINDOWS\system32\dllcache 2011-10-11 13:37:24 ----D---- C:\WINDOWS\system32\drivers 2011-10-11 13:37:21 ----D---- C:\WINDOWS\system32\CatRoot 2011-10-11 13:37:20 ----D---- C:\WINDOWS\system32\CatRoot2 2011-10-11 13:33:06 ----SHD---- C:\WINDOWS\Installer 2011-10-11 13:30:55 ----D---- C:\WINDOWS 2011-10-11 13:27:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-10-11 12:38:07 ----D---- C:\Program Files\Mozilla Firefox 2011-10-11 12:34:59 ----D---- C:\WINDOWS\WinSxS 2011-10-11 12:34:43 ----D---- C:\WINDOWS\system32 2011-10-11 11:45:48 ----A---- C:\WINDOWS\system.ini 2011-10-11 11:45:37 ----D---- C:\WINDOWS\system32\drivers\etc 2011-10-11 11:44:01 ----D---- C:\WINDOWS\AppPatch 2011-10-11 11:43:57 ----D---- C:\Program Files\Common Files 2011-10-11 10:57:27 ----RD---- C:\Program Files 2011-10-11 10:57:26 ----D---- C:\WINDOWS\system32\wbem 2011-10-11 10:57:25 ----D---- C:\WINDOWS\ime 2011-10-11 10:56:22 ----D---- C:\WINDOWS\system32\config 2011-10-11 10:51:42 ----RASH---- C:\boot.ini 2011-10-10 23:23:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype 2011-10-10 23:21:44 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM 2011-10-10 20:32:51 ----D---- C:\WINDOWS\Registration 2011-10-10 20:26:44 ----HD---- C:\WINDOWS\inf 2011-10-10 20:24:13 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData 2011-10-10 20:21:53 ----D---- C:\WINDOWS\system32\Restore 2011-10-10 14:33:37 ----HD---- C:\Program Files\InstallShield Installation Information 2011-10-10 14:33:08 ----D---- C:\SWSetup 2011-10-07 17:50:11 ----D---- C:\WINDOWS\system32\drivers\AVG 2011-10-07 16:23:30 ----SHD---- C:\System Volume Information 2011-10-07 16:02:42 ----D---- C:\Program Files\AVG 2011-10-07 14:01:51 ----D---- C:\WINDOWS\system32\NtmsData 2011-10-07 13:52:11 ----D---- C:\Program Files\Spybot - Search & Destroy 2011-10-07 13:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2011-10-06 17:25:37 ----D---- C:\Program Files\Jnes 2011-10-06 17:23:15 ----D---- C:\WINDOWS\repair 2011-10-06 17:19:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2011-10-04 19:54:55 ----AC---- C:\WINDOWS\tabled32.ini 2011-09-19 18:14:20 ----RSD---- C:\WINDOWS\Fonts 2011-09-16 15:49:11 ----D---- C:\Program Files\LucasArts 2011-09-16 15:01:08 ----D---- C:\WINDOWS\system32\DirectX 2011-09-14 18:37:12 ----D---- C:\WINDOWS\Minidump 2011-09-13 09:06:59 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808] R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392] R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016] R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-03 36352] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-03-20 8832] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-03-20 88192] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-16 1066278] R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608] R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-11-16 190592] R3 BCM43XX;Treiber Broadcom 802.11 Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-09-28 376320] R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-09-14 88192] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2007-06-19 1169980] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-05-03 79232] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-02 290816] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-05-03 20608] S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-07-11 229840] S3 b48b7117;b48b7117; C:\WINDOWS\393317300:1265929960.exe [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-20 10368] S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-03-20 22016] S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-05-03 12288] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-20 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768] R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2011-04-13 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-12 153376] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-07 246600] R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-05-11 65536] S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248] S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-04-13 14336] -----------------EOF-----------------

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

wanneer ik hijackthis.exe vanuit de TrendMicro-map open krijg ik de volgende melding: "Windows cannot access the specified device, path, or file. You may not have the appropiate permission to access the item." (Avast-antivirus geeft me zojuist de volgende melding: Object: C:\WINDOWS\System32\drivers\i8042prt.sys Infectie: Win32:Crypt-KMR [trj] Actie: verplaatst naar kluis Proces: C:\Program files\AVAST software etc etc..)

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

HiJackThis wilt niet installeren, zegt het volgende "The installer has insufficient privileges to modify this file: C:\Program Files\Trend Micro\HiJachThis\HiJackThis.exe"

Trojan Horse generic4

Pajaso reageerde op Pajaso's topic in Archief Bestrijding malware & virussen

ComboFix 11-10-11.01 - Administrator 11/10/2011 11:41:43.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.731 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt . FILE :: "c:\windows\trz20.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\trz20.tmp . . ((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 ))))))))))))))))))))))))))))))) . . 2011-10-11 08:57 . 2011-10-11 08:57 -------- d-----w- c:\windows\system32\wbem\snmp 2011-10-11 08:57 . 2011-10-11 08:57 -------- d-----w- c:\windows\system32\xircom 2011-10-11 08:57 . 2011-10-11 08:57 -------- d-----w- c:\program files\microsoft frontpage 2011-10-11 06:43 . 2011-10-11 06:43 -------- d-----w- c:\program files\Trend Micro 2011-10-10 18:32 . 2011-10-10 18:32 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search 2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard 2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics 2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software 2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF 2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW 2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL 2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL 2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX 2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL 2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application 2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe 2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll 2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll 2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll 2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe 2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2011-10-11_08.57.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-11 08:59 . 2011-10-11 08:59 16384 c:\windows\Temp\Perflib_Perfdata_780.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760] "igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\prio.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1832:TCP"= 1832:TCP:xrcle "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776] S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs nqytr . Contents of the 'Scheduled Tasks' folder . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46] . 2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-11 11:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr] "ServiceDll"="c:\windows\system32\sgnfzen.dll" . Completion time: 2011-10-11 11:46:50 ComboFix-quarantined-files.txt 2011-10-11 09:46 ComboFix2.txt 2011-10-11 09:01 ComboFix3.txt 2011-10-07 14:46 . Pre-Run: 15 463 755 776 bytes free Post-Run: 15 467 003 904 bytes free . - - End Of File - - 2303593B5CE20ECED40F99EECC241C6E

Inloggen

Profielen

Forums

Store

Alles dat geplaatst werd door Pajaso

OVER ONS

SITEMAP

Belangrijke informatie