Pajaso
-
Items
34 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Pajaso
-
-
Maar ondertussen ruim je de boel wel perfect op xD
Laat Avast nu eens opnieuw scannen. Ben benieuwd of die nog iets te vertellen heeft ?
plobleem opgelost! kan je misschien iets vertellen over wat voor soort virus ik had?
-
verkeerde log uploaden, dezelfde discussie dubbel opstarten... ik ben lekker bezig
[ATTACH]31692[/ATTACH]
-
hoi kape
deze discussie heb ik per abuis dubbel opgestart
bij het ander draadje heb ik de zoek.exe log al geplaatst
ik zie geen optie om deze te wissen vandaar dat ik hem eerder als opgelost had gemarkeerd
-
-
[ATTACH]31689[/ATTACH]
-
gegroet!
sinds kort heb ik een redirect/popup virus die blijkbaar alleen via firefox gaat.
antimalwarebytes en IObit maleware fighter vinden niets.
_________________
het gaat als volgt:
-comuter opgestart / firefox geopend / webpagina openen (maakt niet uit welke) / webpagina opent normaal - avast melding "bedreiging gedetecteerd":
URL : h_utils_cdneurope_com__js__mo_js|{gzip}
Infection : JS:Downloader-ZY [Trj]
_________________
het gebeurt in de regel maar 1 keer, alleen wanneer ik een webpagina open nadat de computer herstart is.
hiernaast wordt er zo nu en dan door firefox een "about blank" window geopend (die uiteindelijk niet door laad) wanneer ik ergens op click. de site waarmee connectie
gemaakt wordt is click-status.king.com
hier mijn RSIT LOG:
[ATTACH]31685[/ATTACH]
-
[ATTACH]31684[/ATTACH]
-
gelukt!
thanx!!
-
Hoi Kape heb je nog suggesties? of zal ik het onderwerp als opgelost markeren en zelf kijken?
-
ook in "veilige modus" lukt dit niet. ik krijg dezelfde error melding
-
de 2 PV.3XE files kan ik niet deleten:
-acces denied
-
ok de combofix /uninstall uitgevoerd. (ik geen bevestiging gehad dat de uninstall succesvol is afgelopen)
daarna de CCleaner.
Ik heb in (C:) nog 3 mappen combofix staan die tezamen : SED.3XE en PV.3XE
wat doe ik hiermee?
-
sorry dat was een typo
"combofix / uninstall"
zo staat hij nog steeds wanneer ik RUN open
-
bedankt voor het heropenen. ik had niet direct door dat er geen berichten meer kunnen worden gepost als je opgelost aanvinkt.
wel nu heb ik TDSSKiller en Qoobox verwijderd.
Wanneer ik: "START> RUN > uninstall / combofix" uitvoer dan start hij combofix op. (resultaat dat ik een nieuwe log heb (behoorlijk lastig omdat avast gewoon aanstond)) ik krijg combofix dus niet gedeinstaleerd.
-
avast heeft geen trojans gevonden.
wel 30 geinfecteerde bestanden. deze opgelost. daarna heeft hij na de opstart weer een grondige check gedan (eigen motief) en alles
en nu is alles weer als vanouds!
Nu bij deze Kape.. **********
**********superrr bedankt voor je wijsheid!
(nu ik weet dat PC Helpforum - Gratis hulp bij computer problemen zo erg effectief is zal ik een nieuwe topic starten (en mijn vrienden adviseren) betreft een ander probleem waaronder ik al maanden lijdt (iets met netwerk instellingen). misschien komen we elkaar weer tegen)
groeten!!!
Pajaso
-
Het ziet er erggggg goed uit!
de avast grondige scan is op het moment bezig en duurt voorlopig nog wel even (ik ben misschien wat voorbarig)
maar!
die svchost-SYSTEM proces die erg dubieus was is er niet meer..
avast doet het!! xD
ik merk niets vreemds meer op.
Nu wacht ik de resultaten van de avast grondige scan af.
(wanneer ik het resultaat heb en er niets gevonden is zal ik deze thread als OPGELOST! markeren en mijn opperste dank aan jou betuigen xD(ik ben je zowiezo nu al erg dankbaar!))
2 B continued
-
ComboFix 11-10-12.01 - Administrator 12/10/2011 20:13:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.915 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\i8042prt.sys"
"c:\windows\trz13.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
c:\windows\trz13.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\xircom
2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\wbem\snmp
2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\program files\microsoft frontpage
2011-10-12 17:12 . 2011-10-12 17:12 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-12 13:33 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-12 13:33 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-12 13:33 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-12 13:33 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-12 13:33 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-12 13:33 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-12 13:33 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-12 13:33 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-12 13:32 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-12 13:32 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-11 17:42 . 2011-10-11 17:42 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-11 06:43 . 2011-10-11 17:41 -------- d-----w- c:\program files\Trend Micro
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard
2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics
2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software
2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF
2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW
2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL
2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL
2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL
2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application
2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 17:13 . 2008-05-03 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-12_17.47.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-12 17:49 . 2011-10-12 17:49 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1832:TCP"= 1832:TCP:xrcle
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/12/2011 3:33 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/12/2011 3:33 PM 320856]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2011 3:33 PM 20568]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nqytr
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-12 20:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-10-12 20:23:31
ComboFix-quarantined-files.txt 2011-10-12 18:23
ComboFix2.txt 2011-10-12 17:51
ComboFix3.txt 2011-10-11 09:46
ComboFix4.txt 2011-10-11 09:01
ComboFix5.txt 2011-10-12 18:12
.
Pre-Run: 14 844 645 376 bytes free
Post-Run: 14 833 225 728 bytes free
.
- - End Of File - - EBF6D770199F078122C607EBBB4B2ABB
-
19:07:03.0968 3236 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
19:07:04.0140 3236 ============================================================
19:07:04.0140 3236 Current date / time: 2011/10/12 19:07:04.0140
19:07:04.0140 3236 SystemInfo:
19:07:04.0140 3236
19:07:04.0140 3236 OS Version: 5.1.2600 ServicePack: 3.0
19:07:04.0140 3236 Product type: Workstation
19:07:04.0140 3236 ComputerName: REDDA
19:07:04.0140 3236 UserName: Administrator
19:07:04.0140 3236 Windows directory: C:\WINDOWS
19:07:04.0140 3236 System windows directory: C:\WINDOWS
19:07:04.0140 3236 Processor architecture: Intel x86
19:07:04.0140 3236 Number of processors: 1
19:07:04.0140 3236 Page size: 0x1000
19:07:04.0140 3236 Boot type: Normal boot
19:07:04.0140 3236 ============================================================
19:07:05.0859 3236 Initialize success
19:07:09.0109 3548 ============================================================
19:07:09.0109 3548 Scan started
19:07:09.0109 3548 Mode: Manual;
19:07:09.0109 3548 ============================================================
19:07:11.0187 3548 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:07:11.0187 3548 Aavmker4 - ok
19:07:12.0093 3548 Abiosdsk - ok
19:07:13.0031 3548 abp480n5 - ok
19:07:14.0015 3548 ACPI (7517e9b5fe4811cbd7712af820028cc4) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:07:14.0015 3548 ACPI - ok
19:07:15.0015 3548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:07:15.0031 3548 ACPIEC - ok
19:07:16.0062 3548 adpu160m - ok
19:07:17.0046 3548 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys
19:07:17.0062 3548 aeaudio - ok
19:07:18.0171 3548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:07:18.0171 3548 aec - ok
19:07:19.0156 3548 AFD (4329004269d30273ac51f93d7834263c) C:\WINDOWS\System32\drivers\afd.sys
19:07:19.0156 3548 AFD - ok
19:07:20.0218 3548 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:07:20.0281 3548 AgereSoftModem - ok
19:07:21.0250 3548 Aha154x - ok
19:07:22.0218 3548 aic78u2 - ok
19:07:23.0156 3548 aic78xx - ok
19:07:24.0187 3548 AliIde - ok
19:07:25.0187 3548 amsint - ok
19:07:26.0125 3548 asc - ok
19:07:27.0046 3548 asc3350p - ok
19:07:28.0000 3548 asc3550 - ok
19:07:29.0093 3548 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:07:29.0093 3548 aswFsBlk - ok
19:07:30.0140 3548 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
19:07:30.0140 3548 aswMon2 - ok
19:07:31.0203 3548 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
19:07:31.0218 3548 aswRdr - ok
19:07:32.0296 3548 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
19:07:32.0296 3548 aswSnx - ok
19:07:33.0390 3548 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
19:07:33.0406 3548 aswSP - ok
19:07:34.0437 3548 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
19:07:34.0437 3548 aswTdi - ok
19:07:35.0437 3548 AsyncMac (34c951228c152a248357409cb680ce13) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:07:35.0437 3548 AsyncMac - ok
19:07:36.0437 3548 atapi (65ea06f8711fb3a64ec7d323e350f456) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:07:36.0437 3548 atapi - ok
19:07:37.0390 3548 Atdisk - ok
19:07:38.0390 3548 Atmarpc (ce372a820e4f4e808b574050ec35c049) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:07:38.0390 3548 Atmarpc - ok
19:07:39.0406 3548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:07:39.0406 3548 audstub - ok
19:07:40.0421 3548 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:07:40.0421 3548 AVGIDSDriver - ok
19:07:41.0406 3548 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:07:41.0406 3548 AVGIDSEH - ok
19:07:42.0390 3548 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:07:42.0390 3548 AVGIDSFilter - ok
19:07:43.0390 3548 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:07:43.0390 3548 AVGIDSShim - ok
19:07:44.0437 3548 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:07:44.0437 3548 Avgldx86 - ok
19:07:45.0421 3548 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:07:45.0421 3548 Avgmfx86 - ok
19:07:46.0406 3548 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:07:46.0406 3548 Avgrkx86 - ok
19:07:47.0390 3548 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:07:47.0406 3548 Avgtdix - ok
19:07:47.0531 3548 b48b7117 (19fef0c4ceb8210dda372e3ddb591541) C:\WINDOWS\393317300:1265929960.exe
19:07:47.0531 3548 Suspicious file (Hidden): C:\WINDOWS\393317300:1265929960.exe. md5: 19fef0c4ceb8210dda372e3ddb591541
19:07:47.0531 3548 b48b7117 ( HiddenFile.Multi.Generic ) - warning
19:07:47.0531 3548 b48b7117 - detected HiddenFile.Multi.Generic (1)
19:07:48.0406 3548 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:07:48.0421 3548 b57w2k - ok
19:07:49.0468 3548 BCM43XX (fa4a4a50b4b2647afedc676cc68c69cc) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:07:49.0484 3548 BCM43XX - ok
19:07:50.0437 3548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:07:50.0437 3548 Beep - ok
19:07:51.0390 3548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:07:51.0390 3548 cbidf2k - ok
19:07:52.0328 3548 cd20xrnt - ok
19:07:53.0328 3548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:07:53.0328 3548 Cdaudio - ok
19:07:54.0343 3548 Cdfs (3a8d04c6533a344973ba5cce5be2609b) C:\WINDOWS\system32\drivers\Cdfs.sys
19:07:54.0343 3548 Cdfs - ok
19:07:55.0703 3548 Cdrom (0cc13b7fe6d2f64efc82cebfe9d2b8f0) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:07:55.0703 3548 Cdrom - ok
19:07:57.0750 3548 Changer - ok
19:07:59.0234 3548 CmBatt (e2f21d3533aa974bc0e065dacf41a423) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:07:59.0234 3548 CmBatt - ok
19:08:00.0562 3548 CmdIde - ok
19:08:01.0750 3548 Compbatt (259fbcc7da88edc311d377976ea33720) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:08:01.0750 3548 Compbatt - ok
19:08:03.0031 3548 Cpqarray - ok
19:08:04.0265 3548 dac2w2k - ok
19:08:05.0359 3548 dac960nt - ok
19:08:07.0421 3548 Disk (db7ba51015765db476457bedd53d3cfe) C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:07.0484 3548 Disk - ok
19:08:10.0078 3548 dmboot (ba1f9637c50d105fb8ebe334d57bc16e) C:\WINDOWS\system32\drivers\dmboot.sys
19:08:10.0109 3548 dmboot - ok
19:08:11.0406 3548 dmio (a29d408f65291721091bc21a48ceed00) C:\WINDOWS\system32\drivers\dmio.sys
19:08:11.0437 3548 dmio - ok
19:08:13.0718 3548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:08:13.0734 3548 dmload - ok
19:08:15.0828 3548 DMusic (0fdc464e960b5c9665d89fe00bc972a3) C:\WINDOWS\system32\drivers\DMusic.sys
19:08:15.0843 3548 DMusic - ok
19:08:19.0796 3548 dpti2o - ok
19:08:21.0625 3548 drmkaud (6d5ca8474cf00a2765b6d6b35a57e89c) C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:21.0640 3548 drmkaud - ok
19:08:23.0312 3548 Fastfat (bb9c87cc84a747f68c4d0e24d5841e61) C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:23.0312 3548 Fastfat - ok
19:08:26.0171 3548 Fdc (bafd3cc668a29f5070da63469c273127) C:\WINDOWS\system32\drivers\Fdc.sys
19:08:26.0171 3548 Fdc - ok
19:08:28.0218 3548 Fips (cd7388a0e1f2585d0300c9533f4de221) C:\WINDOWS\system32\drivers\Fips.sys
19:08:28.0218 3548 Fips - ok
19:08:29.0468 3548 Flpydisk (50cd9634d0d4e6c9c6e2e8ea27f8e2f6) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:08:29.0468 3548 Flpydisk - ok
19:08:30.0593 3548 FltMgr (d1338fb4160e250ae8a9202f8ac3860f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:08:30.0593 3548 FltMgr - ok
19:08:31.0734 3548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:31.0750 3548 Fs_Rec - ok
19:08:32.0781 3548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:32.0781 3548 Ftdisk - ok
19:08:34.0484 3548 Gpc (8c7faa02a68d9eef68287a2842bb4f71) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:34.0484 3548 Gpc - ok
19:08:35.0515 3548 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
19:08:35.0531 3548 GTIPCI21 - ok
19:08:36.0578 3548 HidUsb (81d2ffea0965a205f257160f1328f18e) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:36.0578 3548 HidUsb - ok
19:08:37.0687 3548 hpn - ok
19:08:38.0890 3548 HTTP (34b3296ad3c624daaaf1884681633c82) C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:38.0906 3548 HTTP - ok
19:08:39.0937 3548 i2omgmt - ok
19:08:40.0906 3548 i2omp - ok
19:08:41.0984 3548 i8042prt (7eb9317a28c4592dee01877286c11bc3) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:41.0984 3548 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 7eb9317a28c4592dee01877286c11bc3, Fake md5: f641d64e8fd069d91e60511bb5cf4a2d
19:08:41.0984 3548 i8042prt ( Rootkit.Win32.ZAccess.j ) - infected
19:08:41.0984 3548 i8042prt - detected Rootkit.Win32.ZAccess.j (0)
19:08:43.0140 3548 ialm (9e52a1c2e2d7660612c52bc282259852) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:08:43.0234 3548 ialm - ok
19:08:44.0312 3548 Imapi (df47d4e6ed89cd0ad7248a7604af706e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:44.0312 3548 Imapi - ok
19:08:45.0718 3548 ini910u - ok
19:08:46.0781 3548 IntelIde - ok
19:08:47.0953 3548 intelppm (09a4677efbe5a0a14e9a090421d851df) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:08:47.0968 3548 intelppm - ok
19:08:49.0593 3548 Ip6Fw (0f2a14149b767cd62559a4e060d63e0a) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:08:49.0609 3548 Ip6Fw - ok
19:08:51.0250 3548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:51.0250 3548 IpFilterDriver - ok
19:08:53.0625 3548 IpInIp (f6e4f5f17ead48851b2ca24faf595693) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:53.0625 3548 IpInIp - ok
19:08:54.0859 3548 IpNat (04191cc82eda72c44f9c154bc094ea0d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:54.0875 3548 IpNat - ok
19:08:56.0312 3548 IPSec (84f6866f355c4c2185eb68206d55c591) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:56.0328 3548 IPSec - ok
19:08:57.0812 3548 irda (4d7852799e5f25b780d5a2b14d010199) C:\WINDOWS\system32\DRIVERS\irda.sys
19:08:57.0828 3548 irda - ok
19:08:58.0890 3548 IRENUM (ca98b430387b7d73d9b52eb4e0ab9d92) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:58.0921 3548 IRENUM - ok
19:08:59.0968 3548 isapnp (5a59964bfb9dca86af0c4ae8cc1d6a32) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:59.0968 3548 isapnp - ok
19:09:01.0078 3548 Kbdclass (4780a418e0fa859b09311c87980d0f7e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:09:01.0078 3548 Kbdclass - ok
19:09:02.0140 3548 kmixer (e30be31b27e6fd0c3ab65e87f794e5df) C:\WINDOWS\system32\drivers\kmixer.sys
19:09:02.0140 3548 kmixer - ok
19:09:03.0265 3548 KSecDD (1e8c0c5ac7c40529961bd60451666932) C:\WINDOWS\system32\drivers\KSecDD.sys
19:09:03.0265 3548 KSecDD - ok
19:09:04.0437 3548 lbrtfdc - ok
19:09:05.0593 3548 massfilter - ok
19:09:07.0062 3548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:09:07.0062 3548 mnmdd - ok
19:09:08.0640 3548 Modem (8c0f9f5a284b1db052c31ed629c2a5c3) C:\WINDOWS\system32\drivers\Modem.sys
19:09:08.0640 3548 Modem - ok
19:09:10.0500 3548 Mouclass (06515a5d8482b44e55bab35981888a0e) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:09:10.0500 3548 Mouclass - ok
19:09:11.0734 3548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:09:11.0734 3548 mouhid - ok
19:09:12.0984 3548 MountMgr (8b64fa7814ed005e57d43155de88398a) C:\WINDOWS\system32\drivers\MountMgr.sys
19:09:13.0000 3548 MountMgr - ok
19:09:14.0140 3548 mraid35x - ok
19:09:15.0906 3548 MRxDAV (53cb9e3b300f4ea15d5b2679b102d09f) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:09:15.0921 3548 MRxDAV - ok
19:09:17.0218 3548 MRxSmb (c48d29e1719dedc1a2815b3bd98e780b) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:09:17.0234 3548 MRxSmb - ok
19:09:18.0734 3548 Msfs (79e4458da04664b431e6728a18199300) C:\WINDOWS\system32\drivers\Msfs.sys
19:09:18.0750 3548 Msfs - ok
19:09:20.0000 3548 MSIRCOMM (8919a83a813a2292214b7f40eb3867d7) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
19:09:20.0015 3548 MSIRCOMM - ok
19:09:21.0718 3548 MSKSSRV (241e77138dee16d546080a794b80284b) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:09:21.0718 3548 MSKSSRV - ok
19:09:22.0843 3548 MSPCLOCK (f46de5b07ea15e0727f12eb12e710f71) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:09:22.0843 3548 MSPCLOCK - ok
19:09:24.0687 3548 MSPQM (c53927217ac0834dc547b396ffc495d9) C:\WINDOWS\system32\drivers\MSPQM.sys
19:09:24.0687 3548 MSPQM - ok
19:09:27.0015 3548 mssmbios (146e70915c378f02476a10bcec3a95c2) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:09:27.0015 3548 mssmbios - ok
19:09:28.0109 3548 Mup (254717fc83220bdc790f6c2e57c620bf) C:\WINDOWS\system32\drivers\Mup.sys
19:09:28.0109 3548 Mup - ok
19:09:29.0296 3548 NDIS (aff1aed224d17c8bc38174ed932f68b6) C:\WINDOWS\system32\drivers\NDIS.sys
19:09:29.0296 3548 NDIS - ok
19:09:30.0390 3548 NdisTapi (eaeecd0001f1d43bb3e81b77e8b8483e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:09:30.0421 3548 NdisTapi - ok
19:09:31.0765 3548 Ndisuio (077c330d7e12669d57ed16e4dfabf700) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:09:31.0765 3548 Ndisuio - ok
19:09:33.0171 3548 NdisWan (36a503c26f7c81fe7ce71b0b467605dd) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:09:33.0171 3548 NdisWan - ok
19:09:34.0562 3548 NDProxy (21769bbeb1b70ddad968002390100b3a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:09:34.0578 3548 NDProxy - ok
19:09:35.0890 3548 NetBIOS (4977fd4bad4b94188e7b101df0e017ef) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:09:35.0890 3548 NetBIOS - ok
19:09:36.0968 3548 NetBT (3294dc900631ee18c86f49e7c26e416b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:09:36.0968 3548 NetBT - ok
19:09:38.0296 3548 Npfs (bff3844722d795df4c5066aaae957ec8) C:\WINDOWS\system32\drivers\Npfs.sys
19:09:38.0296 3548 Npfs - ok
19:09:38.0296 3548 Suspicious service (NoAccess): nqytr
19:09:39.0921 3548 Ntfs (d7f8a3f743c54c13d78954176ad483a2) C:\WINDOWS\system32\drivers\Ntfs.sys
19:09:39.0937 3548 Ntfs - ok
19:09:42.0078 3548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:09:42.0078 3548 Null - ok
19:09:43.0546 3548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:09:43.0562 3548 NwlnkFlt - ok
19:09:44.0765 3548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:09:44.0765 3548 NwlnkFwd - ok
19:09:46.0625 3548 Parport (9f84cffa068c474084a99bc68bf3ea63) C:\WINDOWS\system32\DRIVERS\parport.sys
19:09:46.0640 3548 Parport - ok
19:09:47.0734 3548 PartMgr (64fc948a8387d3a5fba3cdeb539b1514) C:\WINDOWS\system32\drivers\PartMgr.sys
19:09:47.0734 3548 PartMgr - ok
19:09:48.0796 3548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:09:48.0796 3548 ParVdm - ok
19:09:49.0906 3548 PCI (ef6876118575c85ca4ad39ac6490656c) C:\WINDOWS\system32\DRIVERS\pci.sys
19:09:49.0921 3548 PCI - ok
19:09:51.0156 3548 PCIDump - ok
19:09:52.0734 3548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:09:52.0734 3548 PCIIde - ok
19:09:54.0156 3548 Pcmcia (c1bc00b2c7a782cf5207f1a13745ab65) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:09:54.0203 3548 Pcmcia - ok
19:09:55.0640 3548 PDCOMP - ok
19:09:57.0031 3548 PDFRAME - ok
19:09:58.0125 3548 PDRELI - ok
19:09:59.0781 3548 PDRFRAME - ok
19:10:01.0093 3548 perc2 - ok
19:10:02.0296 3548 perc2hib - ok
19:10:03.0437 3548 PptpMiniport (7065eaef0b12cc5339425d575e5a71d3) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:10:03.0437 3548 PptpMiniport - ok
19:10:04.0468 3548 PSched (7c8c04b524b0823a29ee6b0818ecbbb3) C:\WINDOWS\system32\DRIVERS\psched.sys
19:10:04.0468 3548 PSched - ok
19:10:06.0453 3548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:10:06.0453 3548 Ptilink - ok
19:10:07.0656 3548 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:10:07.0656 3548 PxHelp20 - ok
19:10:08.0828 3548 ql1080 - ok
19:10:10.0109 3548 Ql10wnt - ok
19:10:12.0000 3548 ql12160 - ok
19:10:14.0734 3548 ql1240 - ok
19:10:16.0296 3548 ql1280 - ok
19:10:17.0625 3548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:10:17.0640 3548 RasAcd - ok
19:10:19.0265 3548 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:10:19.0265 3548 Rasirda - ok
19:10:21.0250 3548 Rasl2tp (1d0743f4b97fd729511ad5022e0bcbc1) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:10:21.0265 3548 Rasl2tp - ok
19:10:22.0640 3548 RasPppoe (04a17ced474f4444d6eff7a1ba169a2e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:10:22.0640 3548 RasPppoe - ok
19:10:23.0656 3548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:10:23.0656 3548 Raspti - ok
19:10:24.0703 3548 Rdbss (d2fd6bd47a5ad252745c96b61b55d7be) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:10:24.0718 3548 Rdbss - ok
19:10:25.0750 3548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:10:25.0750 3548 RDPCDD - ok
19:10:27.0250 3548 rdpdr (00f5b19217f0ea9a513789dd8214c79b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:10:27.0250 3548 rdpdr - ok
19:10:28.0625 3548 RDPWD (e92dd0b4ab8d73f72fef85282f8dd2e2) C:\WINDOWS\system32\drivers\RDPWD.sys
19:10:28.0640 3548 RDPWD - ok
19:10:29.0656 3548 redbook (bf1bfdad19fd920cc0856886ce91b208) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:10:29.0656 3548 redbook - ok
19:10:30.0812 3548 RT73 - ok
19:10:32.0593 3548 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
19:10:32.0656 3548 RTL8187B - ok
19:10:32.0828 3548 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:10:32.0828 3548 SASDIFSV - ok
19:10:32.0875 3548 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS
19:10:32.0875 3548 SAS***IL - ok
19:10:34.0265 3548 sdbus (75e2c5885b1674ece6ce392f03686a97) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:10:34.0265 3548 sdbus - ok
19:10:36.0281 3548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:10:36.0281 3548 Secdrv - ok
19:10:37.0968 3548 serenum (19f5a2b382c281ea02525566e8fe6980) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:10:37.0968 3548 serenum - ok
19:10:39.0921 3548 Serial (3dae0c3747f4065d18617ca36f63f104) C:\WINDOWS\system32\DRIVERS\serial.sys
19:10:39.0937 3548 Serial - ok
19:10:41.0093 3548 Sfloppy (0e0d508c42ed31e0ce4877bcbd1dac7e) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:10:41.0093 3548 Sfloppy - ok
19:10:42.0078 3548 Simbad - ok
19:10:43.0531 3548 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
19:10:43.0531 3548 SMCIRDA - ok
19:10:44.0703 3548 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys
19:10:44.0703 3548 smwdm - ok
19:10:46.0593 3548 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:10:46.0593 3548 SONYPVU1 - ok
19:10:47.0843 3548 Sparrow - ok
19:10:49.0171 3548 splitter (d15d4f064889adae4ef9a44797361a95) C:\WINDOWS\system32\drivers\splitter.sys
19:10:49.0187 3548 splitter - ok
19:10:51.0796 3548 sr (b0a078e4f5c4b11ddca9fe48e860687f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:10:51.0812 3548 sr - ok
19:10:52.0843 3548 Srv (9bdb2e5f2c6cebeee1d75ff2eadacafa) C:\WINDOWS\system32\DRIVERS\srv.sys
19:10:52.0859 3548 Srv - ok
19:10:54.0187 3548 swenum (52ca69522d2780008679f486ff2d16a9) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:10:54.0187 3548 swenum - ok
19:10:56.0062 3548 swmidi (d9f7f799db20ce348d2c7f374aae5133) C:\WINDOWS\system32\drivers\swmidi.sys
19:10:56.0062 3548 swmidi - ok
19:11:00.0671 3548 symc810 - ok
19:11:06.0812 3548 symc8xx - ok
19:11:08.0953 3548 sym_hi - ok
19:11:09.0906 3548 sym_u3 - ok
19:11:11.0093 3548 sysaudio (ac17b7e3da6fc911466962bbe1596239) C:\WINDOWS\system32\drivers\sysaudio.sys
19:11:11.0093 3548 sysaudio - ok
19:11:12.0234 3548 Tcpip (37d8387cbd4437c55f454209be10ef11) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:11:12.0265 3548 Tcpip - ok
19:11:13.0937 3548 TDPIPE (acbb991ba7710ca13e3f7c581365eec0) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:11:13.0937 3548 TDPIPE - ok
19:11:15.0187 3548 TDTCP (b4b829f1accaa80686a9f9264f2050d0) C:\WINDOWS\system32\drivers\TDTCP.sys
19:11:15.0187 3548 TDTCP - ok
19:11:16.0609 3548 TermDD (9357984830dc4f40c3c82489b56ec95b) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:11:16.0609 3548 TermDD - ok
19:11:17.0828 3548 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
19:11:17.0828 3548 tifm21 - ok
19:11:20.0593 3548 TosIde - ok
19:11:23.0625 3548 tunmp (7dfeb4edcd8635eb74f5a08bd67c00bb) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:11:23.0656 3548 tunmp - ok
19:11:28.0140 3548 Udfs (007c5857eca3624845005d800986e400) C:\WINDOWS\system32\drivers\Udfs.sys
19:11:28.0156 3548 Udfs - ok
19:11:29.0296 3548 ultra - ok
19:11:30.0296 3548 Update (4b633414b8231060c8ceac4575fcb00e) C:\WINDOWS\system32\DRIVERS\update.sys
19:11:30.0328 3548 Update - ok
19:11:31.0328 3548 usbaudio (c17a732c423b3e27072c79e3bc880347) C:\WINDOWS\system32\drivers\usbaudio.sys
19:11:31.0328 3548 usbaudio - ok
19:11:32.0375 3548 usbccgp (7d9ac2328255cb506a9b74fdf2977ce1) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:11:32.0390 3548 usbccgp - ok
19:11:33.0750 3548 usbehci (8e9d9764dd8030160fc42e183001113d) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:11:33.0765 3548 usbehci - ok
19:11:35.0281 3548 usbhub (32889e8b3bb890d5dbcdf866598a2b45) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:11:35.0281 3548 usbhub - ok
19:11:36.0734 3548 USBSTOR (4c11e52f58b8f691099f9c1b0432a6a6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:11:36.0734 3548 USBSTOR - ok
19:11:38.0734 3548 usbuhci (b4fbc865ce1311f671c18388df73eb80) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:11:38.0734 3548 usbuhci - ok
19:11:39.0937 3548 VgaSave (27573609ed1a48065a7174fa6b7f36e5) C:\WINDOWS\System32\drivers\vga.sys
19:11:39.0937 3548 VgaSave - ok
19:11:40.0984 3548 ViaIde - ok
19:11:42.0296 3548 VolSnap (999a7ab63b8f364f4df130d48ba7e972) C:\WINDOWS\system32\drivers\VolSnap.sys
19:11:42.0296 3548 VolSnap - ok
19:11:43.0625 3548 Wanarp (4d91cdfecb032a34c550080b62720e15) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:11:43.0625 3548 Wanarp - ok
19:11:44.0640 3548 WDICA - ok
19:11:46.0171 3548 wdmaud (971260ff2bdf0371c11e811fa9c64bd8) C:\WINDOWS\system32\drivers\wdmaud.sys
19:11:46.0187 3548 wdmaud - ok
19:11:47.0921 3548 WmiAcpi (b4a2386ce6577a213032a9e25398a398) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:11:47.0937 3548 WmiAcpi - ok
19:11:50.0015 3548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:11:50.0062 3548 WudfPf - ok
19:11:51.0953 3548 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:11:51.0953 3548 WudfRd - ok
19:11:53.0140 3548 ZTEusbmdm6k - ok
19:11:55.0031 3548 ZTEusbnmea - ok
19:11:56.0718 3548 ZTEusbser6k - ok
19:11:56.0765 3548 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:11:56.0953 3548 \Device\Harddisk0\DR0 - ok
19:11:56.0968 3548 Boot (0x1200) (71177a91d835ae3a8dcf60dd069e7e28) \Device\Harddisk0\DR0\Partition0
19:11:56.0968 3548 \Device\Harddisk0\DR0\Partition0 - ok
19:11:56.0968 3548 ============================================================
19:11:56.0968 3548 Scan finished
19:11:56.0968 3548 ============================================================
19:11:56.0984 2744 Detected object count: 2
19:11:56.0984 2744 Actual detected object count: 2
19:12:41.0968 2744 C:\WINDOWS\393317300:1265929960.exe - copied to quarantine
19:12:41.0968 2744 b48b7117 ( HiddenFile.Multi.Generic ) - User select action: Quarantine
19:12:45.0890 2744 Backup copy found, using it..
19:12:45.0906 2744 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
19:12:45.0906 2744 i8042prt ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
19:12:54.0687 3216 Deinitialize success
_________________________________________________________________________________________
ComboFix 11-10-12.01 - Administrator 12/10/2011 19:37:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.932 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
C:\Recycle.Bin
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1960408961-854245398-1177238915-500(2)\INFO2
c:\windows\393317300
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_b48b7117
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\xircom
2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\wbem\snmp
2011-10-12 17:12 . 2011-10-12 17:12 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-12 13:35 . 2011-10-12 13:35 784 ----a-w- c:\windows\trz13.tmp
2011-10-12 13:33 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-12 13:33 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-12 13:33 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-12 13:33 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-12 13:33 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-12 13:33 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-12 13:33 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-12 13:33 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-12 13:32 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-12 13:32 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-11 17:42 . 2011-10-11 17:42 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-11 14:41 . 2011-10-11 14:41 -------- d-----w- C:\rsit
2011-10-11 06:43 . 2011-10-11 17:41 -------- d-----w- c:\program files\Trend Micro
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard
2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics
2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software
2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF
2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW
2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL
2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL
2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL
2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application
2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 17:13 . 2008-05-03 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1832:TCP"= 1832:TCP:xrcle
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/12/2011 3:33 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/12/2011 3:33 PM 320856]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2011 3:33 PM 20568]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nqytr
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02800813.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-12 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\bcmntray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2011-10-12 19:51:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 17:51
ComboFix2.txt 2011-10-11 09:46
ComboFix3.txt 2011-10-11 09:01
ComboFix4.txt 2011-10-07 14:46
.
Pre-Run: 14 649 196 544 bytes free
Post-Run: 14 843 670 528 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C04999C383900C2FD47B09ADE613C140
-
De situatie nu,
avg virus scanner doet het niet.
avast wel, vind en blokeerd wel (verschillende) acties (wanneer hij waakt).
Bij de volledige systeem scan vind hij een rootkit in C:\WINDOWS\system32\drivers\trz1F.tmp ik kan er alleen niets mee doen. "FOUT: there are no more endpoints" krijg ik te lezen als ik wil verplaatsen naar kluis of herstellen of wat dan ook.
als ik een grondige scan opstart blijft hij hangen.
Na deze acties herstart ik de comp op verzoek van avast. eenmaal opgestart is avast uitgeschakeld "X u bent niet beveiligd" herstellen lukt ook niet.
-
Ik heb nog geen trojan melding gehad (die varieeren ook, soms een tijdje niets.. en daarna worden verschillende processen geblokeerd door antivirus prog)
Als ik mijn als ik wifi opstart en er is verbinding, begint na een minuut ofzo allerlei gedoe.
Taakbeheer> svchost.exe SYSTEM begint heel druk te doen en bij het TCP tabje zie ik dat hij enorm veel connecties aan het maken is met verschillende adressen
uiteindelijk blijft hij hangen
-
info.txt logfile of random's system information tool 1.09 2011-10-11 16:41:35
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.4.5 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems AC'97 Modem-->agrsmdel
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2012-->MsiExec.exe /I{56839333-0802-40D6-9A50-EBB9EB2BF541}
AVG 2012-->MsiExec.exe /I{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Broadcom NetXtreme Ethernet Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Broadcom Wireless Utility-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11_App\UninstallInfo
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DivX-Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
Google Talk Plugin-->MsiExec.exe /I{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}
Guitar Pro 4 Demo-->MsiExec.exe /X{7DBC4070-DCE3-427E-AEFF-430ED013EC04}
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
LucasArts' Curse of Monkey Island-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\LucasArts\Curse\DeIsL1.isu"
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Documents and Settings\Administrator\Desktop\tegenmal\tegenmal\Malwarebytes' Anti-Malware\unins000.exe"
Micro Application - 2 000 Courriers Types-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\2 000 Courriers Types\Uninst.isu"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Monkey Island 2 LeChucks Revenge Special Edition-->"C:\Program Files\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\unins000.exe"
Mozilla Firefox 6.0.2 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Prio v1.9.7-->C:\WINDOWS\prio197uninstall.exe
ReaJPEG Pro 4.0-->"C:\Program Files\ReaSoft\ReaJPEG Pro\unins000.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 2.5.6-->"C:\Program Files\YouTube Downloader\uninstall.exe"
======Security center information======
AV: avast! Antivirus
======System event log======
Computer Name: REDDA
Event Code: 7023
Message: The Network Location Awareness (NLA) service terminated with the following error:
The specified procedure could not be found.
Record Number: 102130
Source Name: Service Control Manager
Time Written: 20111005205558.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 7000
Message: The AVGIDSAgent service failed to start due to the following error:
Access is denied.
Record Number: 102121
Source Name: Service Control Manager
Time Written: 20111005205558.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 7023
Message: The System Support service terminated with the following error:
The specified module could not be found.
Record Number: 102120
Source Name: Service Control Manager
Time Written: 20111005205558.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 102119
Source Name: DCOM
Time Written: 20111005205321.000000+120
Event Type: error
User: REDDA\Administrator
Computer Name: REDDA
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 102118
Source Name: b57w2k
Time Written: 20111005205320.000000+120
Event Type: warning
User:
=====Application event log=====
Computer Name: REDDA
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 4546
Source Name: EventSystem
Time Written: 20110413175059.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 4545
Source Name: EventSystem
Time Written: 20110413175059.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 4544
Source Name: EventSystem
Time Written: 20110413175059.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 4543
Source Name: EventSystem
Time Written: 20110413175059.000000+120
Event Type: error
User:
Computer Name: REDDA
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 4542
Source Name: EventSystem
Time Written: 20110413175059.000000+120
Event Type: error
User:
======Environment variables======
"DEVMGR_SHOW_DETAILS"=1
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
-----------------EOF-----------------
______________________________________________________________________________________________
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-10-11 16:41:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (26%) free of 57 GB
Total RAM: 1271 MB (61% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npwachk.dll
C:\Program Files\Mozilla Firefox\searchplugins\
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
vandale-nl.xml
wikipedia-nl.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\searchplugins\
avg-secure-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-09-27 2179936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2011-10-07 1451336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2011-10-07 1451336]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-19 101144]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2007-06-19 84760]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2007-06-19 125720]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-16 88209]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\bcmntray []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-09-23 2404704]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2011-10-07 218440]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-09-14 4611456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\prio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-19 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=1
"StartMenuFavorites"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-10-11 16:41:21 ----D---- C:\rsit
2011-10-11 13:37:23 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys
2011-10-11 12:38:28 ----SHD---- C:\RECYCLER
2011-10-11 12:35:14 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-10-11 12:35:14 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-10-11 12:35:10 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-10-11 12:35:09 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-10-11 12:35:09 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-10-11 12:35:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-10-11 12:35:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-10-11 12:35:06 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-10-11 12:34:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-10-11 12:34:43 ----A---- C:\WINDOWS\avastSS.scr
2011-10-11 11:46:51 ----A---- C:\ComboFix.txt
2011-10-11 11:40:00 ----D---- C:\ComboFix
2011-10-11 10:57:27 ----D---- C:\Program Files\xerox
2011-10-11 10:57:25 ----D---- C:\WINDOWS\system32\xircom
2011-10-11 10:57:25 ----D---- C:\Program Files\microsoft frontpage
2011-10-11 10:51:36 ----RASHD---- C:\cmdcons
2011-10-11 10:48:25 ----A---- C:\WINDOWS\zip.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWSC.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWREG.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\sed.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\PEV.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\NIRCMD.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\MBR.exe
2011-10-11 10:48:25 ----A---- C:\WINDOWS\grep.exe
2011-10-11 08:43:05 ----D---- C:\Program Files\Trend Micro
2011-10-10 20:26:42 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
2011-10-10 20:26:30 ----D---- C:\Program Files\AVG Secure Search
2011-10-10 20:26:05 ----D---- C:\Program Files\Common Files\AVG Secure Search
2011-10-10 20:23:13 ----D---- C:\Config.Msi
2011-10-10 14:34:38 ----DC---- C:\WINDOWS\$NtUninstallWdf01005$
2011-10-10 14:33:37 ----D---- C:\Program Files\Hewlett-Packard
2011-10-10 14:32:11 ----D---- C:\Program Files\Synaptics
2011-10-07 21:09:38 ----SHD---- C:\WINDOWS\CSC
2011-10-07 20:16:57 ----ASH---- C:\pagefile.sys
2011-10-07 20:01:03 ----A---- C:\WINDOWS\ntbtlog.txt
2011-10-07 18:06:16 ----D---- C:\Program Files\AVAST Software
2011-10-07 18:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-10-07 16:34:34 ----A---- C:\Boot.bak
2011-10-07 16:33:23 ----D---- C:\ComboFix(2)
2011-10-07 16:23:20 ----D---- C:\WINDOWS\ERDNT
2011-10-07 16:23:10 ----D---- C:\Qoobox
2011-10-07 16:17:05 ----D---- C:\WINDOWS\system32\appmgmt
2011-10-07 16:05:11 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG2012
2011-10-07 16:03:10 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012
2011-10-07 12:53:21 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-10-07 12:52:42 ----D---- C:\Program Files\SUPERAntiSpyware
2011-10-07 12:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 12:35:53 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-10-07 12:28:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-10-06 18:39:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-06 18:36:55 ----HD---- C:\WINDOWS\PIF
2011-10-06 18:33:35 ----D---- C:\Program Files\beschermingNIEUW
2011-10-06 17:50:00 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-10-06 17:49:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-10-05 17:45:09 ----SHD---- C:\WINDOWS\assembly
2011-09-19 18:15:14 ----A---- C:\WINDOWS\MICRO APPLICATION Expéditeur.dat
2011-09-19 18:15:14 ----A---- C:\WINDOWS\MICRO APPLICATION Destinataire.dat
2011-09-19 18:15:01 ----A---- C:\WINDOWS\INTER.INI
2011-09-19 18:14:47 ----A---- C:\WINDOWS\system32\MFC42FRA.DLL
2011-09-19 18:14:47 ----A---- C:\WINDOWS\system32\CTL3D95.DLL
2011-09-19 18:14:20 ----A---- C:\WINDOWS\system32\MSSTKPRP.DLL
2011-09-19 18:14:15 ----D---- C:\Program Files\Micro Application
2011-09-19 18:09:17 ----A---- C:\WINDOWS\IsUn040c.exe
2011-09-19 18:09:15 ----A---- C:\WINDOWS\Navigma.INI
2011-09-16 15:01:03 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2011-09-16 15:01:02 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2011-09-16 15:01:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2011-09-16 15:01:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2011-09-16 15:01:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2011-09-16 15:01:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2011-09-16 15:00:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2011-09-16 15:00:57 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2011-09-16 15:00:57 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2011-09-16 15:00:52 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2011-09-16 15:00:52 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2011-09-16 15:00:51 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2011-09-16 15:00:51 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2011-09-16 15:00:48 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2011-09-16 15:00:47 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2011-09-16 15:00:47 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2011-09-16 15:00:42 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2011-09-16 15:00:41 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2011-09-16 15:00:40 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2011-09-16 15:00:40 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2011-09-16 15:00:39 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2011-09-16 15:00:39 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2011-09-16 15:00:38 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2011-09-16 15:00:38 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2011-09-16 15:00:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2011-09-16 15:00:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2011-09-16 15:00:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2011-09-16 15:00:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2011-09-16 14:41:32 ----A---- C:\WINDOWS\unin040c.exe
2011-09-13 06:30:10 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
======List of files/folders modified in the last 1 month======
2011-10-11 16:41:28 ----D---- C:\WINDOWS\Prefetch
2011-10-11 14:42:59 ----D---- C:\WINDOWS\Temp
2011-10-11 13:37:29 ----D---- C:\WINDOWS\system32\dllcache
2011-10-11 13:37:24 ----D---- C:\WINDOWS\system32\drivers
2011-10-11 13:37:21 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-11 13:37:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-11 13:33:06 ----SHD---- C:\WINDOWS\Installer
2011-10-11 13:30:55 ----D---- C:\WINDOWS
2011-10-11 13:27:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-11 12:38:07 ----D---- C:\Program Files\Mozilla Firefox
2011-10-11 12:34:59 ----D---- C:\WINDOWS\WinSxS
2011-10-11 12:34:43 ----D---- C:\WINDOWS\system32
2011-10-11 11:45:48 ----A---- C:\WINDOWS\system.ini
2011-10-11 11:45:37 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-11 11:44:01 ----D---- C:\WINDOWS\AppPatch
2011-10-11 11:43:57 ----D---- C:\Program Files\Common Files
2011-10-11 10:57:27 ----RD---- C:\Program Files
2011-10-11 10:57:26 ----D---- C:\WINDOWS\system32\wbem
2011-10-11 10:57:25 ----D---- C:\WINDOWS\ime
2011-10-11 10:56:22 ----D---- C:\WINDOWS\system32\config
2011-10-11 10:51:42 ----RASH---- C:\boot.ini
2011-10-10 23:23:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2011-10-10 23:21:44 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2011-10-10 20:32:51 ----D---- C:\WINDOWS\Registration
2011-10-10 20:26:44 ----HD---- C:\WINDOWS\inf
2011-10-10 20:24:13 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2011-10-10 20:21:53 ----D---- C:\WINDOWS\system32\Restore
2011-10-10 14:33:37 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-10 14:33:08 ----D---- C:\SWSetup
2011-10-07 17:50:11 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-10-07 16:23:30 ----SHD---- C:\System Volume Information
2011-10-07 16:02:42 ----D---- C:\Program Files\AVG
2011-10-07 14:01:51 ----D---- C:\WINDOWS\system32\NtmsData
2011-10-07 13:52:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-10-07 13:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-06 17:25:37 ----D---- C:\Program Files\Jnes
2011-10-06 17:23:15 ----D---- C:\WINDOWS\repair
2011-10-06 17:19:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-10-04 19:54:55 ----AC---- C:\WINDOWS\tabled32.ini
2011-09-19 18:14:20 ----RSD---- C:\WINDOWS\Fonts
2011-09-16 15:49:11 ----D---- C:\Program Files\LucasArts
2011-09-16 15:01:08 ----D---- C:\WINDOWS\system32\DirectX
2011-09-14 18:37:12 ----D---- C:\WINDOWS\Minidump
2011-09-13 09:06:59 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-03 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-03-20 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-03-20 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-16 1066278]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-11-16 190592]
R3 BCM43XX;Treiber Broadcom 802.11 Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-09-28 376320]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2007-06-19 1169980]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-05-03 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-05-03 20608]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S3 b48b7117;b48b7117; C:\WINDOWS\393317300:1265929960.exe []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-20 10368]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-03-20 22016]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-05-03 12288]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-20 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2011-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-12 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-07 246600]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-05-11 65536]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-04-13 14336]
-----------------EOF-----------------
-
wanneer ik hijackthis.exe vanuit de TrendMicro-map open krijg ik de volgende melding:
"Windows cannot access the specified device, path, or file. You may not have the appropiate permission to access the item."
(Avast-antivirus geeft me zojuist de volgende melding:
Object: C:\WINDOWS\System32\drivers\i8042prt.sys
Infectie: Win32:Crypt-KMR [trj]
Actie: verplaatst naar kluis
Proces: C:\Program files\AVAST software etc etc..)
-
HiJackThis wilt niet installeren, zegt het volgende
"The installer has insufficient privileges to modify this file: C:\Program Files\Trend Micro\HiJachThis\HiJackThis.exe"
-
ComboFix 11-10-11.01 - Administrator 11/10/2011 11:41:43.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.731 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\windows\trz20.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\trz20.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 08:57 . 2011-10-11 08:57 -------- d-----w- c:\windows\system32\wbem\snmp
2011-10-11 08:57 . 2011-10-11 08:57 -------- d-----w- c:\windows\system32\xircom
2011-10-11 08:57 . 2011-10-11 08:57 -------- d-----w- c:\program files\microsoft frontpage
2011-10-11 06:43 . 2011-10-11 06:43 -------- d-----w- c:\program files\Trend Micro
2011-10-10 18:32 . 2011-10-10 18:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search
2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard
2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics
2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software
2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF
2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW
2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL
2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL
2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL
2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application
2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-10-11_08.57.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-11 08:59 . 2011-10-11 08:59 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1832:TCP"= 1832:TCP:xrcle
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nqytr
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-11 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
Completion time: 2011-10-11 11:46:50
ComboFix-quarantined-files.txt 2011-10-11 09:46
ComboFix2.txt 2011-10-11 09:01
ComboFix3.txt 2011-10-07 14:46
.
Pre-Run: 15 463 755 776 bytes free
Post-Run: 15 467 003 904 bytes free
.
- - End Of File - - 2303593B5CE20ECED40F99EECC241C6E
plobleem opgelost! 
**********
redirect/popup virus (schijnbaar alleen via firefox)
in Archief Bestrijding malware & virussen
Geplaatst:
alles weer zo goed als het was (en zelfs wat beter!)
weer erg bedankt voor je hulp
dank aan jou en jullie gehele team!
ReDd4