Ga naar inhoud

paolo

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    21

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door paolo

  1. paolo
    Hallo Kape, AVG geeft geen enkele melding meer. De pc. is dus worm/virusvrij. Alles werkt weer als voorheen. Nou wilde ik je vragen of er niet een programma is wat me beter beschermd tegen die trojans/virussen? Avg. blijkt toch niet voldoende. In ieder geval hartelijk dank. Paolo
  2. paolo
    Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 22-6-2012 16:32:19 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 22-6-2012 16:33:26 C:\TDSSKiller_Quarantine\22.06.2012_15.42.15\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!E2 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-21f5ac4e -> FlashPlayer.class Ontdekt: JAVA.Agent!E2 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-2912c758 -> FlashPlayer.class Ontdekt: JAVA.Agent!E2 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-55123358 -> FlashPlayer.class Ontdekt: JAVA.Agent!E2 Gescand 577368 Gevonden 4 Scan geëindigd: 22-6-2012 18:49:28 Scantijd: 2:16:02 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-21f5ac4e -> FlashPlayer.class Verwijderd JAVA.Agent!E2 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-2912c758 -> FlashPlayer.class Verwijderd JAVA.Agent!E2 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-55123358 -> FlashPlayer.class Verwijderd JAVA.Agent!E2 C:\TDSSKiller_Quarantine\22.06.2012_15.42.15\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!E2 Verwijderd 4
  3. paolo
    15:53:37.0406 1852 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 15:53:38.0531 1852 ============================================================ 15:53:38.0531 1852 Current date / time: 2012/06/22 15:53:38.0531 15:53:38.0531 1852 SystemInfo: 15:53:38.0531 1852 15:53:38.0531 1852 OS Version: 5.1.2600 ServicePack: 3.0 15:53:38.0531 1852 Product type: Workstation 15:53:38.0531 1852 ComputerName: PAOLO 15:53:38.0531 1852 UserName: Eigenaar 15:53:38.0531 1852 Windows directory: C:\WINDOWS 15:53:38.0531 1852 System windows directory: C:\WINDOWS 15:53:38.0531 1852 Processor architecture: Intel x86 15:53:38.0531 1852 Number of processors: 1 15:53:38.0531 1852 Page size: 0x1000 15:53:38.0531 1852 Boot type: Normal boot 15:53:38.0531 1852 ============================================================ 15:53:41.0796 1852 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:53:42.0390 1852 ============================================================ 15:53:42.0390 1852 \Device\Harddisk0\DR0: 15:53:42.0390 1852 MBR partitions: 15:53:42.0390 1852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903 15:53:42.0421 1852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0xE75FD3F 15:53:42.0421 1852 ============================================================ 15:53:42.0531 1852 C: <-> \Device\Harddisk0\DR0\Partition0 15:53:42.0562 1852 D: <-> \Device\Harddisk0\DR0\Partition1 15:53:42.0562 1852 ============================================================ 15:53:42.0562 1852 Initialize success 15:53:42.0562 1852 ============================================================ 15:53:44.0859 3200 ============================================================ 15:53:44.0859 3200 Scan started 15:53:44.0859 3200 Mode: Manual; 15:53:44.0859 3200 ============================================================ 15:53:46.0062 3200 Abiosdsk - ok 15:53:46.0062 3200 abp480n5 - ok 15:53:46.0203 3200 ACDaemon (127532ee2de2333e1b72a7482b739a82) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 15:53:46.0265 3200 ACDaemon - ok 15:53:46.0359 3200 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:53:46.0515 3200 ACPI - ok 15:53:46.0546 3200 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:53:46.0703 3200 ACPIEC - ok 15:53:46.0859 3200 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:53:46.0953 3200 AdobeFlashPlayerUpdateSvc - ok 15:53:46.0953 3200 adpu160m - ok 15:53:47.0031 3200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:53:47.0218 3200 aec - ok 15:53:47.0250 3200 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 15:53:47.0437 3200 Afc - ok 15:53:47.0531 3200 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:53:47.0750 3200 AFD - ok 15:53:47.0765 3200 Aha154x - ok 15:53:47.0781 3200 aic78u2 - ok 15:53:47.0828 3200 aic78xx - ok 15:53:49.0812 3200 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 15:53:50.0203 3200 ALCXWDM - ok 15:53:50.0609 3200 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 15:53:52.0062 3200 Alerter - ok 15:53:52.0156 3200 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 15:53:52.0156 3200 ALG - ok 15:53:52.0187 3200 AliIde - ok 15:53:52.0234 3200 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 15:53:52.0265 3200 AmdK8 - ok 15:53:52.0281 3200 amsint - ok 15:53:52.0359 3200 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys 15:53:52.0390 3200 androidusb - ok 15:53:52.0421 3200 AppMgmt - ok 15:53:52.0437 3200 asc - ok 15:53:52.0437 3200 asc3350p - ok 15:53:52.0453 3200 asc3550 - ok 15:53:52.0640 3200 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 15:53:52.0734 3200 aspnet_state - ok 15:53:52.0750 3200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:53:52.0921 3200 AsyncMac - ok 15:53:52.0953 3200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:53:52.0953 3200 atapi - ok 15:53:52.0968 3200 Atdisk - ok 15:53:53.0156 3200 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\System32\Ati2evxx.exe 15:53:53.0390 3200 Ati HotKey Poller - ok 15:53:53.0656 3200 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe 15:53:53.0890 3200 ATI Smart - ok 15:53:54.0562 3200 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 15:53:54.0750 3200 ati2mtag - ok 15:53:55.0203 3200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:53:55.0406 3200 Atmarpc - ok 15:53:55.0468 3200 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 15:53:55.0656 3200 AudioSrv - ok 15:53:55.0671 3200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:53:55.0843 3200 audstub - ok 15:53:56.0109 3200 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe 15:53:56.0171 3200 AVG Security Toolbar Service - ok 15:53:56.0343 3200 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe 15:53:56.0437 3200 avg9wd - ok 15:53:56.0562 3200 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys 15:53:56.0656 3200 AvgLdx86 - ok 15:53:56.0687 3200 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys 15:53:56.0718 3200 AvgMfx86 - ok 15:53:56.0750 3200 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys 15:53:56.0812 3200 AvgRkx86 - ok 15:53:56.0937 3200 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys 15:53:57.0031 3200 AvgTdiX - ok 15:53:57.0062 3200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:53:57.0250 3200 Beep - ok 15:53:57.0468 3200 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 15:53:57.0828 3200 BITS - ok 15:53:57.0890 3200 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 15:53:57.0906 3200 Browser - ok 15:53:57.0906 3200 catchme - ok 15:53:58.0171 3200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:53:58.0218 3200 cbidf2k - ok 15:53:58.0218 3200 cd20xrnt - ok 15:53:58.0234 3200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:53:58.0250 3200 Cdaudio - ok 15:53:58.0328 3200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:53:58.0343 3200 Cdfs - ok 15:53:58.0359 3200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:53:58.0359 3200 Cdrom - ok 15:53:58.0375 3200 Changer - ok 15:53:58.0406 3200 cisvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 15:53:58.0406 3200 cisvc - ok 15:53:58.0437 3200 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 15:53:58.0453 3200 ClipSrv - ok 15:53:58.0718 3200 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:53:58.0812 3200 clr_optimization_v2.0.50727_32 - ok 15:53:58.0875 3200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:53:58.0921 3200 clr_optimization_v4.0.30319_32 - ok 15:53:58.0921 3200 CmdIde - ok 15:53:58.0937 3200 COMSysApp - ok 15:53:58.0953 3200 Cpqarray - ok 15:53:58.0984 3200 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 15:53:58.0984 3200 CryptSvc - ok 15:53:59.0000 3200 dac2w2k - ok 15:53:59.0015 3200 dac960nt - ok 15:53:59.0093 3200 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 15:53:59.0093 3200 DcomLaunch - ok 15:53:59.0140 3200 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 15:53:59.0140 3200 Dhcp - ok 15:53:59.0156 3200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:53:59.0156 3200 Disk - ok 15:53:59.0156 3200 dmadmin - ok 15:53:59.0218 3200 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 15:53:59.0250 3200 dmboot - ok 15:53:59.0265 3200 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 15:53:59.0281 3200 dmio - ok 15:53:59.0312 3200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:53:59.0312 3200 dmload - ok 15:53:59.0343 3200 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 15:53:59.0343 3200 dmserver - ok 15:53:59.0375 3200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:53:59.0375 3200 DMusic - ok 15:53:59.0406 3200 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 15:53:59.0406 3200 Dnscache - ok 15:53:59.0453 3200 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 15:53:59.0453 3200 Dot3svc - ok 15:53:59.0453 3200 dpti2o - ok 15:53:59.0468 3200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:53:59.0468 3200 drmkaud - ok 15:53:59.0500 3200 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 15:53:59.0500 3200 EapHost - ok 15:53:59.0546 3200 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 15:53:59.0546 3200 ERSvc - ok 15:53:59.0578 3200 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 15:53:59.0593 3200 Eventlog - ok 15:53:59.0640 3200 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\System32\es.dll 15:53:59.0640 3200 EventSystem - ok 15:53:59.0734 3200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:53:59.0750 3200 Fastfat - ok 15:53:59.0796 3200 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 15:53:59.0796 3200 FastUserSwitchingCompatibility - ok 15:53:59.0828 3200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 15:53:59.0828 3200 Fdc - ok 15:53:59.0843 3200 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 15:53:59.0843 3200 Fips - ok 15:54:00.0015 3200 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe 15:54:00.0046 3200 FirebirdServerMAGIXInstance - ok 15:54:00.0125 3200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:54:00.0125 3200 Flpydisk - ok 15:54:00.0156 3200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:54:00.0156 3200 FltMgr - ok 15:54:00.0250 3200 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:54:00.0250 3200 FontCache3.0.0.0 - ok 15:54:00.0281 3200 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 15:54:00.0281 3200 fssfltr - ok 15:54:00.0421 3200 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 15:54:00.0437 3200 fsssvc - ok 15:54:00.0468 3200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:54:00.0468 3200 Fs_Rec - ok 15:54:00.0484 3200 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:54:00.0500 3200 Ftdisk - ok 15:54:00.0500 3200 GMSIPCI - ok 15:54:00.0562 3200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:54:00.0562 3200 Gpc - ok 15:54:00.0625 3200 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:54:00.0640 3200 gupdate - ok 15:54:00.0640 3200 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:54:00.0640 3200 gupdatem - ok 15:54:00.0734 3200 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:54:00.0734 3200 helpsvc - ok 15:54:00.0750 3200 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll 15:54:00.0765 3200 HidServ - ok 15:54:00.0781 3200 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:54:00.0781 3200 HidUsb - ok 15:54:00.0828 3200 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 15:54:00.0843 3200 hkmsvc - ok 15:54:00.0843 3200 hpn - ok 15:54:00.0859 3200 hpt3xx - ok 15:54:00.0906 3200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:54:00.0906 3200 HTTP - ok 15:54:00.0953 3200 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 15:54:00.0953 3200 HTTPFilter - ok 15:54:00.0968 3200 i2omgmt - ok 15:54:00.0968 3200 i2omp - ok 15:54:01.0015 3200 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:54:01.0015 3200 i8042prt - ok 15:54:01.0140 3200 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:54:01.0156 3200 idsvc - ok 15:54:01.0187 3200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:54:01.0187 3200 Imapi - ok 15:54:01.0234 3200 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 15:54:01.0234 3200 ImapiService - ok 15:54:01.0250 3200 ini910u - ok 15:54:01.0265 3200 IntelIde - ok 15:54:01.0296 3200 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:54:01.0296 3200 ip6fw - ok 15:54:01.0343 3200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:54:01.0343 3200 IpFilterDriver - ok 15:54:01.0359 3200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:54:01.0359 3200 IpInIp - ok 15:54:01.0390 3200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:54:01.0406 3200 IpNat - ok 15:54:01.0421 3200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:54:01.0421 3200 IPSec - ok 15:54:01.0437 3200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:54:01.0437 3200 IRENUM - ok 15:54:01.0468 3200 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:54:01.0468 3200 isapnp - ok 15:54:01.0609 3200 JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe 15:54:01.0609 3200 JavaQuickStarterService - ok 15:54:01.0656 3200 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:54:01.0656 3200 Kbdclass - ok 15:54:01.0703 3200 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:54:01.0703 3200 kbdhid - ok 15:54:01.0734 3200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:54:01.0750 3200 kmixer - ok 15:54:01.0781 3200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:54:01.0796 3200 KSecDD - ok 15:54:01.0828 3200 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 15:54:01.0828 3200 lanmanserver - ok 15:54:01.0875 3200 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 15:54:01.0906 3200 lanmanworkstation - ok 15:54:01.0906 3200 lbrtfdc - ok 15:54:01.0953 3200 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 15:54:01.0953 3200 LmHosts - ok 15:54:02.0015 3200 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 15:54:02.0015 3200 MDM - ok 15:54:02.0046 3200 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 15:54:02.0046 3200 Messenger - ok 15:54:02.0078 3200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:54:02.0093 3200 mnmdd - ok 15:54:02.0125 3200 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\System32\mnmsrvc.exe 15:54:02.0125 3200 mnmsrvc - ok 15:54:02.0140 3200 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 15:54:02.0140 3200 Modem - ok 15:54:02.0171 3200 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:54:02.0171 3200 Mouclass - ok 15:54:02.0218 3200 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:54:02.0218 3200 mouhid - ok 15:54:02.0234 3200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:54:02.0234 3200 MountMgr - ok 15:54:02.0250 3200 mraid35x - ok 15:54:02.0265 3200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:54:02.0265 3200 MRxDAV - ok 15:54:02.0328 3200 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:54:02.0343 3200 MRxSmb - ok 15:54:02.0375 3200 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\System32\msdtc.exe 15:54:02.0375 3200 MSDTC - ok 15:54:02.0390 3200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:54:02.0390 3200 Msfs - ok 15:54:02.0406 3200 MSIServer - ok 15:54:02.0421 3200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:54:02.0421 3200 MSKSSRV - ok 15:54:02.0437 3200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:54:02.0437 3200 MSPCLOCK - ok 15:54:02.0453 3200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:54:02.0453 3200 MSPQM - ok 15:54:02.0468 3200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:54:02.0468 3200 mssmbios - ok 15:54:02.0500 3200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:54:02.0500 3200 Mup - ok 15:54:02.0546 3200 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 15:54:02.0562 3200 napagent - ok 15:54:02.0578 3200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:54:02.0593 3200 NDIS - ok 15:54:02.0625 3200 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:54:02.0625 3200 NdisTapi - ok 15:54:02.0656 3200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:54:02.0656 3200 Ndisuio - ok 15:54:02.0671 3200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:54:02.0687 3200 NdisWan - ok 15:54:02.0703 3200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:54:02.0703 3200 NDProxy - ok 15:54:02.0718 3200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:54:02.0718 3200 NetBIOS - ok 15:54:02.0750 3200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:54:02.0750 3200 NetBT - ok 15:54:02.0781 3200 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 15:54:02.0796 3200 NetDDE - ok 15:54:02.0796 3200 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 15:54:02.0796 3200 NetDDEdsdm - ok 15:54:02.0828 3200 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 15:54:02.0828 3200 Netlogon - ok 15:54:02.0859 3200 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 15:54:02.0859 3200 Netman - ok 15:54:02.0953 3200 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:54:02.0953 3200 NetTcpPortSharing - ok 15:54:03.0000 3200 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 15:54:03.0000 3200 Nla - ok 15:54:03.0031 3200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:54:03.0031 3200 Npfs - ok 15:54:03.0078 3200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:54:03.0078 3200 Ntfs - ok 15:54:03.0093 3200 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\System32\lsass.exe 15:54:03.0093 3200 NtLmSsp - ok 15:54:03.0156 3200 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 15:54:03.0171 3200 NtmsSvc - ok 15:54:03.0203 3200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:54:03.0203 3200 Null - ok 15:54:03.0234 3200 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys 15:54:03.0234 3200 nvata - ok 15:54:03.0265 3200 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 15:54:03.0265 3200 NVENETFD - ok 15:54:03.0281 3200 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 15:54:03.0281 3200 nvnetbus - ok 15:54:03.0328 3200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:54:03.0328 3200 NwlnkFlt - ok 15:54:03.0359 3200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:54:03.0359 3200 NwlnkFwd - ok 15:54:03.0421 3200 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:54:03.0453 3200 ose - ok 15:54:03.0500 3200 ousb2hub (b69051d59730c61d188adbabfc7c0517) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 15:54:03.0515 3200 ousb2hub - ok 15:54:03.0546 3200 ousbehci (46c4b42e2621a9b002f93ed18b349254) C:\WINDOWS\system32\Drivers\ousbehci.sys 15:54:03.0546 3200 ousbehci - ok 15:54:03.0593 3200 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 15:54:03.0593 3200 Parport - ok 15:54:03.0625 3200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:54:03.0625 3200 PartMgr - ok 15:54:03.0687 3200 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 15:54:03.0687 3200 ParVdm - ok 15:54:03.0703 3200 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 15:54:03.0765 3200 PCI - ok 15:54:03.0781 3200 PCIDump - ok 15:54:03.0921 3200 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:54:03.0937 3200 PCIIde - ok 15:54:03.0984 3200 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:54:03.0984 3200 Pcmcia - ok 15:54:04.0000 3200 PDCOMP - ok 15:54:04.0031 3200 PDFRAME - ok 15:54:04.0046 3200 PDRELI - ok 15:54:04.0062 3200 PDRFRAME - ok 15:54:04.0078 3200 perc2 - ok 15:54:04.0093 3200 perc2hib - ok 15:54:04.0187 3200 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 15:54:04.0187 3200 PlugPlay - ok 15:54:04.0218 3200 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 15:54:04.0234 3200 PolicyAgent - ok 15:54:04.0250 3200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:54:04.0250 3200 PptpMiniport - ok 15:54:04.0296 3200 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys 15:54:04.0296 3200 Processor - ok 15:54:04.0312 3200 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 15:54:04.0312 3200 ProtectedStorage - ok 15:54:04.0343 3200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:54:04.0343 3200 PSched - ok 15:54:04.0375 3200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:54:04.0375 3200 Ptilink - ok 15:54:04.0406 3200 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:54:04.0421 3200 PxHelp20 - ok 15:54:04.0437 3200 ql1080 - ok 15:54:04.0453 3200 Ql10wnt - ok 15:54:04.0453 3200 ql12160 - ok 15:54:04.0468 3200 ql1240 - ok 15:54:04.0468 3200 ql1280 - ok 15:54:04.0500 3200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:54:04.0500 3200 RasAcd - ok 15:54:04.0531 3200 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 15:54:04.0531 3200 RasAuto - ok 15:54:04.0562 3200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:54:04.0578 3200 Rasl2tp - ok 15:54:04.0625 3200 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 15:54:04.0625 3200 RasMan - ok 15:54:04.0640 3200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:54:04.0640 3200 RasPppoe - ok 15:54:04.0656 3200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:54:04.0656 3200 Raspti - ok 15:54:04.0671 3200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:54:04.0687 3200 Rdbss - ok 15:54:04.0687 3200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:54:04.0703 3200 RDPCDD - ok 15:54:04.0750 3200 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 15:54:04.0750 3200 RDPWD - ok 15:54:04.0781 3200 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 15:54:04.0796 3200 RDSessMgr - ok 15:54:04.0812 3200 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:54:04.0812 3200 redbook - ok 15:54:04.0843 3200 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 15:54:04.0843 3200 RemoteAccess - ok 15:54:04.0875 3200 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\System32\locator.exe 15:54:04.0875 3200 RpcLocator - ok 15:54:04.0937 3200 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll 15:54:04.0937 3200 RpcSs - ok 15:54:04.0984 3200 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\System32\rsvp.exe 15:54:04.0984 3200 RSVP - ok 15:54:05.0015 3200 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 15:54:05.0015 3200 SamSs - ok 15:54:05.0046 3200 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 15:54:05.0046 3200 SCardSvr - ok 15:54:05.0093 3200 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 15:54:05.0109 3200 Schedule - ok 15:54:05.0140 3200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:54:05.0140 3200 Secdrv - ok 15:54:05.0156 3200 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 15:54:05.0171 3200 seclogon - ok 15:54:05.0187 3200 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 15:54:05.0187 3200 SENS - ok 15:54:05.0234 3200 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:54:05.0234 3200 serenum - ok 15:54:05.0250 3200 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 15:54:05.0250 3200 Serial - ok 15:54:05.0281 3200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:54:05.0296 3200 Sfloppy - ok 15:54:05.0343 3200 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 15:54:05.0343 3200 SharedAccess - ok 15:54:05.0375 3200 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 15:54:05.0390 3200 ShellHWDetection - ok 15:54:05.0390 3200 Simbad - ok 15:54:05.0484 3200 SPAMfighter Update Service (1ec0a00a13095e8423548dfa3394e727) C:\Program Files\Fighters\SPAMfighter\sfus.exe 15:54:05.0484 3200 SPAMfighter Update Service - ok 15:54:05.0500 3200 Sparrow - ok 15:54:05.0515 3200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:54:05.0531 3200 splitter - ok 15:54:05.0562 3200 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 15:54:05.0562 3200 Spooler - ok 15:54:05.0609 3200 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 15:54:05.0609 3200 sr - ok 15:54:05.0656 3200 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 15:54:05.0656 3200 srservice - ok 15:54:05.0703 3200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:54:05.0703 3200 Srv - ok 15:54:05.0750 3200 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 15:54:05.0750 3200 ssadbus - ok 15:54:05.0765 3200 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 15:54:05.0765 3200 ssadmdfl - ok 15:54:05.0796 3200 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 15:54:05.0796 3200 ssadmdm - ok 15:54:05.0828 3200 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 15:54:05.0843 3200 SSDPSRV - ok 15:54:05.0875 3200 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys 15:54:05.0875 3200 ssm_bus - ok 15:54:05.0906 3200 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys 15:54:05.0906 3200 ssm_mdfl - ok 15:54:05.0953 3200 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys 15:54:05.0968 3200 ssm_mdm - ok 15:54:05.0984 3200 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 15:54:05.0984 3200 StarOpen - ok 15:54:06.0031 3200 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys 15:54:06.0031 3200 StillCam - ok 15:54:06.0093 3200 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 15:54:06.0093 3200 stisvc - ok 15:54:06.0140 3200 STV680 (a7c201297fa5118b95518f31af729da0) C:\WINDOWS\system32\drivers\STV680.sys 15:54:06.0156 3200 STV680 - ok 15:54:06.0328 3200 Suite Service (a7e21e907c39fab021ced41296fc8019) C:\Program Files\Fighters\FighterSuiteService.exe 15:54:06.0343 3200 Suite Service - ok 15:54:06.0437 3200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:54:06.0437 3200 swenum - ok 15:54:06.0453 3200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:54:06.0453 3200 swmidi - ok 15:54:06.0468 3200 SwPrv - ok 15:54:06.0468 3200 symc810 - ok 15:54:06.0484 3200 symc8xx - ok 15:54:06.0500 3200 sym_hi - ok 15:54:06.0500 3200 sym_u3 - ok 15:54:06.0515 3200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:54:06.0531 3200 sysaudio - ok 15:54:06.0562 3200 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 15:54:06.0562 3200 SysmonLog - ok 15:54:06.0609 3200 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 15:54:06.0609 3200 TapiSrv - ok 15:54:06.0671 3200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:54:06.0687 3200 Tcpip - ok 15:54:06.0703 3200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:54:06.0718 3200 TDPIPE - ok 15:54:06.0734 3200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:54:06.0734 3200 TDTCP - ok 15:54:06.0750 3200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:54:06.0765 3200 TermDD - ok 15:54:06.0796 3200 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 15:54:06.0812 3200 TermService - ok 15:54:06.0859 3200 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 15:54:06.0859 3200 Themes - ok 15:54:06.0875 3200 TosIde - ok 15:54:06.0890 3200 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 15:54:06.0890 3200 TrkWks - ok 15:54:06.0921 3200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:54:06.0921 3200 Udfs - ok 15:54:06.0937 3200 ultra - ok 15:54:07.0000 3200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:54:07.0015 3200 Update - ok 15:54:07.0046 3200 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 15:54:07.0046 3200 upnphost - ok 15:54:07.0156 3200 UPnPService (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe 15:54:07.0171 3200 UPnPService - ok 15:54:07.0187 3200 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 15:54:07.0203 3200 UPS - ok 15:54:07.0234 3200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:54:07.0234 3200 usbccgp - ok 15:54:07.0265 3200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:54:07.0281 3200 usbhub - ok 15:54:07.0312 3200 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 15:54:07.0312 3200 usbohci - ok 15:54:07.0343 3200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:54:07.0359 3200 USBSTOR - ok 15:54:07.0390 3200 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 15:54:07.0390 3200 usb_rndisx - ok 15:54:07.0406 3200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:54:07.0406 3200 VgaSave - ok 15:54:07.0421 3200 ViaIde - ok 15:54:07.0453 3200 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 15:54:07.0453 3200 VolSnap - ok 15:54:07.0484 3200 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 15:54:07.0500 3200 VSS - ok 15:54:07.0609 3200 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe 15:54:07.0625 3200 vToolbarUpdater11.1.0 - ok 15:54:07.0656 3200 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 15:54:07.0671 3200 W32Time - ok 15:54:07.0718 3200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:54:07.0718 3200 Wanarp - ok 15:54:07.0781 3200 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 15:54:07.0796 3200 Wdf01000 - ok 15:54:07.0796 3200 WDICA - ok 15:54:07.0828 3200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:54:07.0828 3200 wdmaud - ok 15:54:07.0859 3200 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 15:54:07.0875 3200 WebClient - ok 15:54:07.0921 3200 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 15:54:07.0921 3200 winmgmt - ok 15:54:08.0031 3200 WinRM (250f8d15406269cb3a690b4a4859d92d) C:\WINDOWS\system32\WsmSvc.dll 15:54:08.0062 3200 WinRM - ok 15:54:08.0093 3200 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 15:54:08.0109 3200 WmdmPmSN - ok 15:54:08.0140 3200 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\System32\wbem\wmiapsrv.exe 15:54:08.0140 3200 WmiApSrv - ok 15:54:08.0281 3200 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 15:54:08.0296 3200 WMPNetworkSvc - ok 15:54:08.0343 3200 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:54:08.0343 3200 WpdUsb - ok 15:54:08.0484 3200 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:54:08.0500 3200 WPFFontCache_v0400 - ok 15:54:08.0531 3200 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:54:08.0546 3200 WS2IFSL - ok 15:54:08.0578 3200 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 15:54:08.0593 3200 wscsvc - ok 15:54:08.0593 3200 WSearch - ok 15:54:08.0609 3200 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 15:54:08.0640 3200 wuauserv - ok 15:54:08.0671 3200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:54:08.0687 3200 WudfPf - ok 15:54:08.0703 3200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:54:08.0718 3200 WudfRd - ok 15:54:08.0734 3200 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 15:54:08.0750 3200 WudfSvc - ok 15:54:08.0812 3200 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 15:54:08.0828 3200 WZCSVC - ok 15:54:08.0875 3200 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 15:54:08.0906 3200 xmlprov - ok 15:54:08.0906 3200 xpsec - ok 15:54:08.0937 3200 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 15:54:09.0343 3200 \Device\Harddisk0\DR0 - ok 15:54:09.0343 3200 Boot (0x1200) (5a79a42dc2ed4deaced87b41a79c25bc) \Device\Harddisk0\DR0\Partition0 15:54:09.0343 3200 \Device\Harddisk0\DR0\Partition0 - ok 15:54:09.0375 3200 Boot (0x1200) (1c9dd1011de39039774693cb03ff007b) \Device\Harddisk0\DR0\Partition1 15:54:09.0375 3200 \Device\Harddisk0\DR0\Partition1 - ok 15:54:09.0375 3200 ============================================================ 15:54:09.0375 3200 Scan finished 15:54:09.0375 3200 ============================================================ 15:54:09.0390 3832 Detected object count: 0 15:54:09.0390 3832 Actual detected object count: 0 Bovenstaande log file was nadat ik moest rebooten en weer een scan deed.
  4. paolo
    Hallo Kape, heeft lang geduurd, maar helaas kreeg ik onderstaande meldingen. In totaal 25 stuks. Gr. Paolo "C:\PROGRA~1\AVG\AVG9\avgtray.exe (1380)";"Trojaans paard PSW.Generic9.UCX";"" "C:\PROGRA~1\AVG\AVG9\avgtray.exe (1380):\memory_012d0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\AVG Secure Search\vprot.exe (1252)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\AVG Secure Search\vprot.exe (1252):\memory_01c80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\AVG\AVG9\avgui.exe (4060)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\AVG\AVG9\avgui.exe (4060):\memory_01470000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\AVG\AVG9\avgwdsvc.exe (1280)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\AVG\AVG9\avgwdsvc.exe (1280):\memory_00f60000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe (2624)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe (2624):\memory_00960000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2024)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2024):\memory_008f0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Fighters\FighterSuiteService.exe (2492)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Fighters\FighterSuiteService.exe (2492):\memory_01280000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Fighters\SPAMfighter\sfagent.exe (1404)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Fighters\SPAMfighter\sfagent.exe (1404):\memory_02630000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Fighters\SPAMfighter\sfus.exe (2176)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Fighters\SPAMfighter\sfus.exe (2176):\memory_009c0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Fighters\Tray\FightersTray.exe (1508)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Fighters\Tray\FightersTray.exe (1508):\memory_01190000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (1688)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Internet Explorer\iexplore.exe (1688):\memory_00cc0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (1688):\memory_010a0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (1748)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Internet Explorer\iexplore.exe (1748):\memory_00d80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (1748):\memory_01950000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (552)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Internet Explorer\iexplore.exe (552):\memory_03750000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (552):\memory_03aa0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Java\jre6\bin\jqs.exe (1952)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Java\jre6\bin\jqs.exe (1952):\memory_00fa0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\Program Files\Real\RealPlayer\Update\realsched.exe (1536)";"Trojaans paard PSW.Generic9.UCX";"" "C:\Program Files\Real\RealPlayer\Update\realsched.exe (1536):\memory_00e80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\explorer.exe (2240)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\explorer.exe (2240):\memory_02e40000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\explorer.exe (2240):\memory_03600000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk." "C:\WINDOWS\system32\ati2evxx.exe (1524)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\ati2evxx.exe (1524):\memory_00b50000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\ctfmon.exe (1360)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\ctfmon.exe (1360):\memory_00bb0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\searchindexer.exe (2788)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\searchindexer.exe (2788):\memory_0bfc0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\services.exe (704)";"Trojaans paard PSW.Agent.ASOH";"" "C:\WINDOWS\system32\services.exe (704):\memory_00ea0000";"Trojaans paard PSW.Agent.ASOH";"Object is niet toegankelijk." "C:\WINDOWS\system32\services.exe (704):\memory_01270000";"Trojaans paard PSW.Agent.ASOI";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (1056)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\svchost.exe (1056):\memory_01650000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (1056):\memory_01d10000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (1092)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\svchost.exe (1092):\memory_00640000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (1092):\memory_00ac0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (2432)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\svchost.exe (2432):\memory_01220000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (2432):\memory_012e0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (892)";"Trojaans paard PSW.Generic9.UCX";"" "C:\WINDOWS\system32\svchost.exe (892):\memory_00ac0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk." "C:\WINDOWS\system32\svchost.exe (892):\memory_00cf0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk." "C:\WINDOWS\system32\winlogon.exe (660)";"Trojaans paard PSW.Agent.AUET";"" "C:\WINDOWS\system32\winlogon.exe (660):\memory_01530000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
  5. paolo
    ComboFix 12-06-21.03 - Eigenaar 22-06-2012 10:59:27.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.356 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\Cache c:\windows\system32\Cache\046474829976d4cc.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\8414d5f81b26c0ca.fb c:\windows\system32\Cache\84789b608a6425ba.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\roboot.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))) . . 2012-06-21 18:53 . 2012-06-21 18:53 -------- d-----w- c:\windows\system32\wbem\Repository 2012-06-21 18:50 . 2012-06-22 08:29 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2012-06-16 09:51 . 2012-06-16 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze 2012-06-13 17:52 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-13 07:01 . 2012-06-13 07:01 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AVG Secure Search 2012-06-04 17:31 . 2012-06-04 17:31 -------- d-----w- c:\program files\Common Files\xing shared 2012-06-02 07:51 . 2012-06-02 07:51 -------- d-----w- c:\program files\BitTorrent 2012-06-02 07:45 . 2012-06-02 07:46 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-04 17:30 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-04 17:30 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-02 13:19 . 2007-06-21 15:30 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2007-04-12 20:31 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2007-04-12 20:31 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2005-05-26 02:19 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2007-04-12 20:31 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2007-04-12 20:31 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2007-04-12 20:05 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2001-09-07 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2007-06-21 15:30 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-06-21 15:30 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2007-04-12 20:31 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-06-21 15:30 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2007-04-12 20:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2007-06-22 15:27 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2007-04-29 13:25 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2005-05-26 02:19 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2001-09-07 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 13:28 . 2012-04-01 18:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 13:28 . 2011-05-16 18:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 03:15 . 2001-09-07 12:00 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:15 . 2001-09-06 19:53 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2007-04-12 20:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 13:56 . 2012-01-08 19:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-12 18:55 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-28 2077536] "sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-02 1197704] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-04 296056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk] path=c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk backup=c:\windows\pss\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-01-02 15:41 45056 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-03-24 12:13 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-04 17:30 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "d:\\downloads\\BitTorrent\\bittorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20-8-2010 11:34 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-8-2010 11:34 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-8-2010 11:34 243152] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-5-2011 19:59 308136] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [12-4-2007 22:38 44928] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [2-2-2012 17:07 215688] R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [23-1-2012 14:40 1324680] R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12-6-2012 20:55 935480] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [12-4-2007 22:38 55808] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 23:47 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1-4-2012 20:18 257696] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30-3-2011 9:16 30312] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27-10-2010 9:10 167264] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [27-12-2007 10:34 1527900] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 23:47 136176] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30-3-2011 9:16 121192] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30-3-2011 9:16 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30-3-2011 9:16 136680] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [27-12-2007 10:31 544768] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - xcpip . Inhoud van de 'Gedeelde Taken' map . 2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:28] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01] . 2012-06-22 c:\windows\Tasks\HP Photo Creations Messager.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21] . 2012-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-22 11:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003) @Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2240) c:\program files\Fighters\SPAMfighter\LiveKit.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG9\avgam.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\SearchIndexer.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msiexec.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe c:\program files\AVG\AVG9\avgcsrvx.exe . ************************************************************************** . Voltooingstijd: 2012-06-22 11:17:19 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-22 09:17 . Pre-Run: 100.087.209.984 bytes beschikbaar Post-Run: 100.333.916.160 bytes beschikbaar . - - End Of File - - 2D22990207DC36FFB85FCE1E98338088 ---------- Post toegevoegd om 11:25 ---------- Vorige post was om 11:21 ---------- Hallo Kape, hoop dat het zo goed is. gr. Paolo
  6. paolo
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:19:29, on 22-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fighters\Tray\FightersTray.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Fighters\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fighters\FighterSuiteService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Fighters\FighterLauncher.exe C:\Program Files\Fighters\SPAMfighter\sfagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- End of file - 8454 bytes Dacht dat het gelukt was.
  7. paolo
    Hallo allemaal, Men zou zeggen dat 1 tr.h al 1 teveel is, maar ik heb er 4. Niet te verwijderen met AVG. Zal ze opnoemen. - PSW. Generic 9 UCX - PSW. Agent. AUET - PSW. Agent. ASOH - PSW. Agent. ASOl Dit kreeg ik gisteren met de scan als resultaat. Wat me wel opviel is dat de pc. trager was/is en dat internet niet fatsoenlijk werkt. Laden van de pagina traag/ of helemaal niet. Popups die opeens tevoorschijn komen. Ben ervan overtuigd, gezien mijn eerdere ervaring van jullie hulp, dat het nu ook wel zal lukken om ze te verwjderen. Misschien dat me ook iemand tips/raad kan geven om de trojan horses buiten de deur/PC te houden. Bvd. groetjes Paolo
  8. paolo
    Hallo, ik krijg bovenstaande update niet geinstalleerd. Krijg wel elke keer als ik de pc. opstart de melding dat de update geinstalleerd kan worden. Als ik dat doe krijg ik even later het bericht dat de update niet geinstalleerd kan worden. Waarom ???? Groetjes Paolo
  9. paolo
    Hallo Kape, ik heb niets meer van combofix, 2 bewaarde kladblokbestandjes heb ik verwijderd.Qoobox heb ik ook kunnen verwijderen. CCleaner laten lopen waarbij toen ik op register klikte alleen "Ontbrekende gedeelde DLL-bestanden" aangevinkt stond. Ik heb dus ook alleen die problemen geselecteerd voor te herstellen. Moet ik alsnog de overige items aanvinken en daar ook een scan over laten gaan? De PC. werkt verder prima, start snel op. Vooralsnog geen virusmelding van AVG gehad. Gr. Paolo
  10. paolo
    Het lukt niet, krijg de melding "windows kan het bestand ComboFix /Uninstall niet vinden. Heb het meerdere keren geprobeert, in het vak "üitvoeren"
  11. paolo
    Ik vind ComboFix /Uninstall nergens, zowel met uitvoeren als zoekopdracht niet!! De map Qoobox vond ik wel, maar laat zich niet verwijderen, de toegang is geweigerd. CCcleaner had ik al op de pc. gr. p
  12. paolo
    Hallo Kape, het is gelukt, volgens AVG is de pc. virusvrij, krijg ook geen melding meer van die trojan horse. Hartelijk dank voor jullie hulp. Gr. Paolo:top:
  13. paolo
    16:47:44.0500 1072 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26 16:47:44.0578 1072 ============================================================ 16:47:44.0578 1072 Current date / time: 2012/01/11 16:47:44.0578 16:47:44.0578 1072 SystemInfo: 16:47:44.0578 1072 16:47:44.0578 1072 OS Version: 5.1.2600 ServicePack: 3.0 16:47:44.0578 1072 Product type: Workstation 16:47:44.0578 1072 ComputerName: PAOLO 16:47:44.0578 1072 UserName: Eigenaar 16:47:44.0578 1072 Windows directory: C:\WINDOWS 16:47:44.0578 1072 System windows directory: C:\WINDOWS 16:47:44.0578 1072 Processor architecture: Intel x86 16:47:44.0578 1072 Number of processors: 1 16:47:44.0578 1072 Page size: 0x1000 16:47:44.0578 1072 Boot type: Normal boot 16:47:44.0578 1072 ============================================================ 16:47:45.0859 1072 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054 16:47:45.0937 1072 Initialize success 16:48:02.0109 3932 ============================================================ 16:48:02.0109 3932 Scan started 16:48:02.0109 3932 Mode: Manual; 16:48:02.0109 3932 ============================================================ 16:48:02.0343 3932 Abiosdsk - ok 16:48:02.0359 3932 abp480n5 - ok 16:48:02.0406 3932 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:48:02.0421 3932 ACPI - ok 16:48:02.0468 3932 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:48:02.0468 3932 ACPIEC - ok 16:48:02.0484 3932 adpu160m - ok 16:48:02.0531 3932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:48:02.0531 3932 aec - ok 16:48:02.0578 3932 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 16:48:02.0593 3932 Afc - ok 16:48:02.0625 3932 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 16:48:02.0640 3932 AFD - ok 16:48:02.0656 3932 Aha154x - ok 16:48:02.0687 3932 aic78u2 - ok 16:48:02.0703 3932 aic78xx - ok 16:48:02.0828 3932 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 16:48:02.0921 3932 ALCXWDM - ok 16:48:02.0937 3932 AliIde - ok 16:48:02.0984 3932 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 16:48:03.0000 3932 AmdK8 - ok 16:48:03.0015 3932 amsint - ok 16:48:03.0062 3932 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys 16:48:03.0062 3932 androidusb - ok 16:48:03.0093 3932 asc - ok 16:48:03.0109 3932 asc3350p - ok 16:48:03.0125 3932 asc3550 - ok 16:48:03.0171 3932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:48:03.0171 3932 AsyncMac - ok 16:48:03.0203 3932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:48:03.0218 3932 atapi - ok 16:48:03.0234 3932 Atdisk - ok 16:48:03.0328 3932 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 16:48:03.0328 3932 ati2mtag - ok 16:48:03.0375 3932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:48:03.0375 3932 Atmarpc - ok 16:48:03.0406 3932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:48:03.0406 3932 audstub - ok 16:48:03.0453 3932 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys 16:48:03.0453 3932 AvgLdx86 - ok 16:48:03.0484 3932 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys 16:48:03.0484 3932 AvgMfx86 - ok 16:48:03.0515 3932 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys 16:48:03.0515 3932 AvgRkx86 - ok 16:48:03.0546 3932 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys 16:48:03.0562 3932 AvgTdiX - ok 16:48:03.0609 3932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:48:03.0609 3932 Beep - ok 16:48:03.0625 3932 catchme - ok 16:48:03.0656 3932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:48:03.0656 3932 cbidf2k - ok 16:48:03.0671 3932 cd20xrnt - ok 16:48:03.0703 3932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:48:03.0703 3932 Cdaudio - ok 16:48:03.0750 3932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:48:03.0750 3932 Cdfs - ok 16:48:03.0781 3932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:48:03.0781 3932 Cdrom - ok 16:48:03.0796 3932 Changer - ok 16:48:03.0828 3932 CmdIde - ok 16:48:03.0859 3932 Cpqarray - ok 16:48:03.0890 3932 dac2w2k - ok 16:48:03.0906 3932 dac960nt - ok 16:48:03.0937 3932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:48:03.0937 3932 Disk - ok 16:48:03.0984 3932 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 16:48:04.0000 3932 dmboot - ok 16:48:04.0031 3932 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 16:48:04.0046 3932 dmio - ok 16:48:04.0062 3932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:48:04.0078 3932 dmload - ok 16:48:04.0109 3932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:48:04.0109 3932 DMusic - ok 16:48:04.0140 3932 dpti2o - ok 16:48:04.0156 3932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:48:04.0156 3932 drmkaud - ok 16:48:04.0203 3932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:48:04.0203 3932 Fastfat - ok 16:48:04.0234 3932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 16:48:04.0250 3932 Fdc - ok 16:48:04.0265 3932 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 16:48:04.0281 3932 Fips - ok 16:48:04.0296 3932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 16:48:04.0296 3932 Flpydisk - ok 16:48:04.0328 3932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 16:48:04.0343 3932 FltMgr - ok 16:48:04.0406 3932 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 16:48:04.0406 3932 fssfltr - ok 16:48:04.0421 3932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:48:04.0421 3932 Fs_Rec - ok 16:48:04.0453 3932 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:48:04.0453 3932 Ftdisk - ok 16:48:04.0468 3932 GMSIPCI - ok 16:48:04.0484 3932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:48:04.0500 3932 Gpc - ok 16:48:04.0546 3932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:48:04.0562 3932 HidUsb - ok 16:48:04.0578 3932 hpn - ok 16:48:04.0593 3932 hpt3xx - ok 16:48:04.0656 3932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 16:48:04.0656 3932 HTTP - ok 16:48:04.0687 3932 i2omgmt - ok 16:48:04.0703 3932 i2omp - ok 16:48:04.0718 3932 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:48:04.0734 3932 i8042prt - ok 16:48:04.0765 3932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:48:04.0765 3932 Imapi - ok 16:48:04.0796 3932 ini910u - ok 16:48:04.0812 3932 IntelIde - ok 16:48:04.0859 3932 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 16:48:04.0859 3932 ip6fw - ok 16:48:04.0906 3932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:48:04.0906 3932 IpFilterDriver - ok 16:48:04.0921 3932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:48:04.0937 3932 IpInIp - ok 16:48:04.0968 3932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:48:04.0968 3932 IpNat - ok 16:48:05.0000 3932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:48:05.0000 3932 IPSec - ok 16:48:05.0031 3932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:48:05.0031 3932 IRENUM - ok 16:48:05.0078 3932 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:48:05.0078 3932 isapnp - ok 16:48:05.0109 3932 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:48:05.0109 3932 Kbdclass - ok 16:48:05.0140 3932 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:48:05.0140 3932 kbdhid - ok 16:48:05.0171 3932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:48:05.0187 3932 kmixer - ok 16:48:05.0218 3932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:48:05.0218 3932 KSecDD - ok 16:48:05.0234 3932 lbrtfdc - ok 16:48:05.0281 3932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:48:05.0281 3932 mnmdd - ok 16:48:05.0312 3932 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 16:48:05.0328 3932 Modem - ok 16:48:05.0343 3932 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:48:05.0343 3932 Mouclass - ok 16:48:05.0375 3932 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:48:05.0375 3932 mouhid - ok 16:48:05.0406 3932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:48:05.0406 3932 MountMgr - ok 16:48:05.0421 3932 mraid35x - ok 16:48:05.0453 3932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:48:05.0453 3932 MRxDAV - ok 16:48:05.0500 3932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:48:05.0515 3932 MRxSmb - ok 16:48:05.0546 3932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:48:05.0546 3932 Msfs - ok 16:48:05.0578 3932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:48:05.0593 3932 MSKSSRV - ok 16:48:05.0609 3932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:48:05.0609 3932 MSPCLOCK - ok 16:48:05.0640 3932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:48:05.0640 3932 MSPQM - ok 16:48:05.0687 3932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:48:05.0687 3932 mssmbios - ok 16:48:05.0718 3932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 16:48:05.0718 3932 Mup - ok 16:48:05.0765 3932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:48:05.0765 3932 NDIS - ok 16:48:05.0812 3932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:48:05.0812 3932 NdisTapi - ok 16:48:05.0843 3932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:48:05.0843 3932 Ndisuio - ok 16:48:05.0859 3932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:48:05.0859 3932 NdisWan - ok 16:48:05.0906 3932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 16:48:05.0906 3932 NDProxy - ok 16:48:05.0937 3932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:48:05.0937 3932 NetBIOS - ok 16:48:05.0968 3932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:48:05.0968 3932 NetBT - ok 16:48:06.0015 3932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:48:06.0015 3932 Npfs - ok 16:48:06.0062 3932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:48:06.0078 3932 Ntfs - ok 16:48:06.0109 3932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:48:06.0109 3932 Null - ok 16:48:06.0140 3932 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys 16:48:06.0140 3932 nvata - ok 16:48:06.0171 3932 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 16:48:06.0171 3932 NVENETFD - ok 16:48:06.0203 3932 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16:48:06.0203 3932 nvnetbus - ok 16:48:06.0250 3932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:48:06.0250 3932 NwlnkFlt - ok 16:48:06.0281 3932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:48:06.0281 3932 NwlnkFwd - ok 16:48:06.0328 3932 ousb2hub (b69051d59730c61d188adbabfc7c0517) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 16:48:06.0343 3932 ousb2hub - ok 16:48:06.0359 3932 ousbehci (46c4b42e2621a9b002f93ed18b349254) C:\WINDOWS\system32\Drivers\ousbehci.sys 16:48:06.0375 3932 ousbehci - ok 16:48:06.0406 3932 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 16:48:06.0406 3932 Parport - ok 16:48:06.0421 3932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:48:06.0421 3932 PartMgr - ok 16:48:06.0468 3932 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 16:48:06.0468 3932 ParVdm - ok 16:48:06.0500 3932 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 16:48:06.0500 3932 PCI - ok 16:48:06.0515 3932 PCIDump - ok 16:48:06.0546 3932 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:48:06.0546 3932 PCIIde - ok 16:48:06.0578 3932 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:48:06.0578 3932 Pcmcia - ok 16:48:06.0593 3932 PDCOMP - ok 16:48:06.0625 3932 PDFRAME - ok 16:48:06.0640 3932 PDRELI - ok 16:48:06.0656 3932 PDRFRAME - ok 16:48:06.0671 3932 perc2 - ok 16:48:06.0703 3932 perc2hib - ok 16:48:06.0734 3932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:48:06.0734 3932 PptpMiniport - ok 16:48:06.0765 3932 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys 16:48:06.0781 3932 Processor - ok 16:48:06.0812 3932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:48:06.0812 3932 PSched - ok 16:48:06.0828 3932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:48:06.0828 3932 Ptilink - ok 16:48:06.0859 3932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:48:06.0859 3932 PxHelp20 - ok 16:48:06.0890 3932 ql1080 - ok 16:48:06.0906 3932 Ql10wnt - ok 16:48:06.0921 3932 ql12160 - ok 16:48:06.0937 3932 ql1240 - ok 16:48:06.0953 3932 ql1280 - ok 16:48:06.0984 3932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:48:06.0984 3932 RasAcd - ok 16:48:07.0000 3932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:48:07.0015 3932 Rasl2tp - ok 16:48:07.0031 3932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:48:07.0031 3932 RasPppoe - ok 16:48:07.0046 3932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:48:07.0062 3932 Raspti - ok 16:48:07.0093 3932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:48:07.0109 3932 Rdbss - ok 16:48:07.0125 3932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:48:07.0125 3932 RDPCDD - ok 16:48:07.0171 3932 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 16:48:07.0187 3932 RDPWD - ok 16:48:07.0218 3932 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:48:07.0218 3932 redbook - ok 16:48:07.0296 3932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:48:07.0312 3932 Secdrv - ok 16:48:07.0343 3932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 16:48:07.0343 3932 serenum - ok 16:48:07.0375 3932 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 16:48:07.0375 3932 Serial - ok 16:48:07.0421 3932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:48:07.0421 3932 Sfloppy - ok 16:48:07.0453 3932 Simbad - ok 16:48:07.0484 3932 Sparrow - ok 16:48:07.0515 3932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:48:07.0515 3932 splitter - ok 16:48:07.0546 3932 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 16:48:07.0546 3932 sr - ok 16:48:07.0609 3932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 16:48:07.0609 3932 Srv - ok 16:48:07.0671 3932 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 16:48:07.0671 3932 ssadbus - ok 16:48:07.0687 3932 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 16:48:07.0703 3932 ssadmdfl - ok 16:48:07.0718 3932 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 16:48:07.0734 3932 ssadmdm - ok 16:48:07.0781 3932 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys 16:48:07.0781 3932 ssm_bus - ok 16:48:07.0812 3932 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys 16:48:07.0812 3932 ssm_mdfl - ok 16:48:07.0859 3932 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys 16:48:07.0859 3932 ssm_mdm - ok 16:48:07.0890 3932 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 16:48:07.0890 3932 StarOpen - ok 16:48:07.0921 3932 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys 16:48:07.0921 3932 StillCam - ok 16:48:07.0968 3932 STV680 (a7c201297fa5118b95518f31af729da0) C:\WINDOWS\system32\drivers\STV680.sys 16:48:07.0984 3932 STV680 - ok 16:48:08.0015 3932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:48:08.0015 3932 swenum - ok 16:48:08.0046 3932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:48:08.0046 3932 swmidi - ok 16:48:08.0078 3932 symc810 - ok 16:48:08.0093 3932 symc8xx - ok 16:48:08.0125 3932 sym_hi - ok 16:48:08.0140 3932 sym_u3 - ok 16:48:08.0156 3932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:48:08.0171 3932 sysaudio - ok 16:48:08.0218 3932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:48:08.0250 3932 Tcpip - ok 16:48:08.0281 3932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:48:08.0281 3932 TDPIPE - ok 16:48:08.0312 3932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:48:08.0312 3932 TDTCP - ok 16:48:08.0328 3932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:48:08.0328 3932 TermDD - ok 16:48:08.0359 3932 TosIde - ok 16:48:08.0406 3932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:48:08.0406 3932 Udfs - ok 16:48:08.0437 3932 ultra - ok 16:48:08.0484 3932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:48:08.0484 3932 Update - ok 16:48:08.0546 3932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:48:08.0546 3932 usbccgp - ok 16:48:08.0562 3932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:48:08.0562 3932 usbhub - ok 16:48:08.0593 3932 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:48:08.0593 3932 usbohci - ok 16:48:08.0625 3932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:48:08.0640 3932 USBSTOR - ok 16:48:08.0656 3932 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 16:48:08.0656 3932 usb_rndisx - ok 16:48:08.0671 3932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:48:08.0687 3932 VgaSave - ok 16:48:08.0703 3932 ViaIde - ok 16:48:08.0734 3932 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 16:48:08.0734 3932 VolSnap - ok 16:48:08.0781 3932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:48:08.0781 3932 Wanarp - ok 16:48:08.0828 3932 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 16:48:08.0843 3932 Wdf01000 - ok 16:48:08.0859 3932 WDICA - ok 16:48:08.0890 3932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:48:08.0890 3932 wdmaud - ok 16:48:08.0984 3932 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 16:48:09.0000 3932 WpdUsb - ok 16:48:09.0031 3932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:48:09.0031 3932 WS2IFSL - ok 16:48:09.0078 3932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:48:09.0093 3932 WudfPf - ok 16:48:09.0125 3932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:48:09.0125 3932 WudfRd - ok 16:48:09.0156 3932 xcpip - ok 16:48:09.0187 3932 xpsec - ok 16:48:09.0218 3932 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 16:48:09.0375 3932 \Device\Harddisk0\DR0 - ok 16:48:09.0375 3932 Boot (0x1200) (5a79a42dc2ed4deaced87b41a79c25bc) \Device\Harddisk0\DR0\Partition0 16:48:09.0375 3932 \Device\Harddisk0\DR0\Partition0 - ok 16:48:09.0406 3932 Boot (0x1200) (1c9dd1011de39039774693cb03ff007b) \Device\Harddisk0\DR0\Partition1 16:48:09.0406 3932 \Device\Harddisk0\DR0\Partition1 - ok 16:48:09.0406 3932 ============================================================ 16:48:09.0406 3932 Scan finished 16:48:09.0406 3932 ============================================================ 16:48:09.0421 0516 Detected object count: 0 16:48:09.0421 0516 Actual detected object count: 0 Hallo Kape, dit is de tweede logfile, het lukte me niet 1-2-3- om de eerste te coöpieren. Bij de eerste scan was er een ernstige dreiging gedetecteerd die zoals je kan zien na de reboot verdwenen is. Ik zal AVG. er nog eens over heen laten gaan, kijken of hij nog een melding geeft. Gr. Paolo
  14. paolo
    "C:\WINDOWS\system32\services.exe (708)";"Trojaans paard PSW.Agent.ARJV";"" "C:\WINDOWS\system32\services.exe (708):\memory_011b0000";"Trojaans paard PSW.Agent.ARJV";"Object is niet toegankelijk." Helaas, geeft AVG nog steeds bovenstaande melding.
  15. paolo
    Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 10-1-2012 15:01:54 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 10-1-2012 15:03:00 Value: HKEY_CURRENT_USER\Software\Twilight\Beetle Bomp\Gkernel --> EnableSafeLogging Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_CURRENT_USER\Software\Twilight\Warnings --> AudigyWarning Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> CustomCursors Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> InProgress Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredX Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredY Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> ScreenMode Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> WaitForVSync Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> DisplayGUID Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> FailureReason Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> MinVidMemory Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> RecVidMemory Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Version Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Warning Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2 c:\windows\Matrix Code.scr Ontdekt: Trace.File.Matrix Code Screensaver!A2 C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\49\49fdb3b1-1912b442/Market.class Ontdekt: Exploit.Java.CVE-2011!IK C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe/$0\pev.3XE Ontdekt: Win32.Rootkit!IK C:\Program Files\Games\Zuma Deluxe\Zuma.exe Ontdekt: Riskware.Crack.Zuma!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210083.exe Ontdekt: Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210292.exe/$0\pev.3XE Ontdekt: Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210344.exe Ontdekt: Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210375.exe Ontdekt: Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP882\A0211456.exe Ontdekt: Win32.Rootkit!IK C:\WINDOWS\PEV.exe Ontdekt: Win32.Rootkit!IK D:\downloads\SoftonicDownloader_voor_imgburn.exe Ontdekt: Riskware.Win32.SoftonicDownloader.AMN!A2 Gescand Bestanden: 298028 Sporen: 441862 Cookies: 20 Processen: 48 Gevonden Bestanden: 10 Sporen: 15 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 10-1-2012 17:25:15 Scantijd: 2:22:15 D:\downloads\SoftonicDownloader_voor_imgburn.exe Verwijderd Riskware.Win32.SoftonicDownloader.AMN!A2 C:\Program Files\Games\Zuma Deluxe\Zuma.exe Verwijderd Riskware.Crack.Zuma!IK C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe/$0\pev.3XE Verwijderd Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210083.exe Verwijderd Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210292.exe/$0\pev.3XE Verwijderd Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210344.exe Verwijderd Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210375.exe Verwijderd Win32.Rootkit!IK C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP882\A0211456.exe Verwijderd Win32.Rootkit!IK C:\WINDOWS\PEV.exe Verwijderd Win32.Rootkit!IK C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\49\49fdb3b1-1912b442/Market.class Verwijderd Exploit.Java.CVE-2011!IK c:\windows\Matrix Code.scr Verwijderd Trace.File.Matrix Code Screensaver!A2 Value: HKEY_CURRENT_USER\Software\Twilight\Beetle Bomp\Gkernel --> EnableSafeLogging Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_CURRENT_USER\Software\Twilight\Warnings --> AudigyWarning Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> CustomCursors Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> InProgress Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredX Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredY Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> ScreenMode Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> WaitForVSync Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> DisplayGUID Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> FailureReason Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> MinVidMemory Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> RecVidMemory Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Version Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Warning Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2 Verwijderd Bestanden: 10 Sporen: 15 Cookies: 0
  16. paolo
    "C:\Program Files\Internet Explorer\iexplore.exe (2868)";"Trojaans paard PSW.Generic9.RDX";"" "C:\Program Files\Internet Explorer\iexplore.exe (2868):\memory_02f20000";"Trojaans paard PSW.Generic9.RDX";"Object is niet toegankelijk." "C:\Program Files\Internet Explorer\iexplore.exe (5900)";"Trojaans paard PSW.Generic9.RDX";"" "C:\Program Files\Internet Explorer\iexplore.exe (5900):\memory_025f0000";"Trojaans paard PSW.Generic9.RDX";"Object is niet toegankelijk." "C:\WINDOWS\system32\services.exe (704)";"Trojaans paard PSW.Agent.ARJV";"" "C:\WINDOWS\system32\services.exe (704):\memory_011b0000";"Trojaans paard PSW.Agent.ARJV";"Object is niet toegankelijk." Hallo Kape, scan net afgelopen, de laatste 2 zijn het probleem waarmee ik bij jullie ben gekomen. De eerste 4 meldingen zijn erbij gekomen. Kan het probleem bij AVG liggen? Gr. P
  17. paolo
    ComboFix 12-01-09.07 - Eigenaar 10-01-2012 10:34:19.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.460 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\system32\drivers\hxsrsrpk.sys" "c:\windows\system32\drivers\wq13t1eco.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\Tasks\At1.job c:\windows\Tasks\At2.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WQ13T1ECO.SYS -------\Service_vsfsyqa -------\Service_wq13t1eco.sys . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))) . . 2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-08 19:04 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-08 16:13 . 2012-01-08 16:13 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-08 16:13 . 2012-01-08 16:13 -------- d-----w- c:\program files\Trend Micro 2012-01-06 11:25 . 2012-01-10 09:28 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2012-01-06 11:15 . 2012-01-06 11:16 -------- d-----w- c:\program files\CCleaner 2012-01-06 10:40 . 2012-01-06 14:10 -------- d-----w- c:\program files\Emsisoft HiJackFree 2012-01-06 10:25 . 2012-01-06 10:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Systweak 2012-01-06 10:25 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe 2012-01-04 15:56 . 2001-09-06 19:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2012-01-04 15:56 . 2001-09-06 19:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\Hewlett-Packard 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\HP Photo Creations 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2012-01-04 15:54 . 2012-01-05 16:36 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\HpUpdate 2012-01-04 15:54 . 2011-06-08 17:06 544616 ------w- c:\windows\system32\HPDiscoPMa211.dll 2012-01-04 15:54 . 2011-06-08 21:49 488296 ----a-w- c:\windows\system32\HPWia1_DJ3070_B611.dll 2012-01-04 15:54 . 2011-06-08 21:49 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3070_B611.dll 2012-01-04 15:54 . 2011-06-08 21:49 429928 ----a-w- c:\windows\system32\hpinkstsa211.dll 2012-01-04 15:54 . 2011-06-08 21:49 270696 ----a-w- c:\windows\system32\hpinkstsa211LM.dll 2012-01-04 15:54 . 2011-06-08 21:49 216424 ----a-w- c:\windows\system32\hpinkcoia211.dll 2012-01-04 15:53 . 2012-01-04 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2012-01-04 15:53 . 2012-01-04 15:54 -------- d-----w- c:\program files\HP 2012-01-04 15:52 . 2012-01-04 15:57 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\HP 2012-01-03 21:48 . 2012-01-03 21:48 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\ElevatedDiagnostics 2012-01-02 09:53 . 2012-01-02 09:53 -------- d-----w- c:\program files\Microsoft Silverlight 2011-12-14 16:28 . 2008-04-14 18:02 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-12-14 16:28 . 2008-04-14 18:02 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-12-14 16:28 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2011-12-14 16:28 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-12-14 16:28 . 2008-04-14 17:39 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-12-14 16:28 . 2008-04-14 17:39 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-12-14 16:27 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2011-12-14 16:27 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-12-14 16:27 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-12-14 16:27 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-12-11 16:10 . 2011-12-11 16:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AVG Secure Search 2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2011-12-11 16:08 . 2011-12-11 16:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\program files\AVG Secure Search . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 19:31 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-28 19:31 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 16:56 . 2011-05-16 18:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2007-04-12 22:08 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2001-09-07 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2001-09-06 19:53 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Fout !! . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-12-11 16:08 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-11 1547104] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-26 2078048] "sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-11 827232] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-28 296056] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\ Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2001-9-7 33792] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-11-28 19:31 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 136176] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 136176] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-20 52872] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-20 216400] S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-11 243152] S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-05-11 308136] S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2004-06-15 44928] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe service [x] S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2010-10-21 1130120] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904] S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2004-06-15 55808] S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys [x] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47] . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01] . 2012-01-09 c:\windows\Tasks\HP Photo Creations Messager.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-01-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-01-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-10 10:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003) @Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll c:\windows\system32\MPRAPI.dll . - - - - - - - > 'explorer.exe'(2104) c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG9\avgam.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Fighters\sfus.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\windows\system32\SearchIndexer.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msiexec.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe c:\windows\System32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2012-01-10 10:58:03 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-10 09:57 ComboFix2.txt 2012-01-09 16:47 . Pre-Run: 105.515.200.512 bytes beschikbaar Post-Run: 105.418.657.792 bytes beschikbaar . - - End Of File - - 7FC1167C51EA36CC9A30AA7A31FB8DDE Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:06:01, on 10-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Fighters\sfagent.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\real\realplayer\update\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Fighters\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fighters\FighterSuiteService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- End of file - 8271 bytes
  18. paolo
    Goedenavond Kape, het is een groot logbestand. Hoop dat het goed is. Groetjes Paolo ComboFix 12-01-09.03 - Eigenaar 09-01-2012 17:35:04.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.362 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\documents and settings\All Users\Application Data\TEMP c:\windows\alcrmv.exe c:\windows\IsUn0413.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\muzapp.exe c:\windows\system32\system32 c:\windows\system32\system32\3DAudio.ax c:\windows\system32\system32\cis-2.4.dll c:\windows\system32\system32\issacapi_bs-2.3.dll c:\windows\system32\system32\issacapi_pe-2.3.dll c:\windows\system32\system32\issacapi_se-2.3.dll c:\windows\system32\system32\MACXMLProto.dll c:\windows\system32\system32\MaDRM.dll c:\windows\system32\system32\MaJGUILib.dll c:\windows\system32\system32\MAMACExtract.dll c:\windows\system32\system32\MASetupCleaner.exe c:\windows\system32\system32\MaXMLProto.dll c:\windows\system32\system32\MK_Lyric.dll c:\windows\system32\system32\MSCLib.dll c:\windows\system32\system32\MSFLib.dll c:\windows\system32\system32\MSLUR71.dll c:\windows\system32\system32\msvcp60.dll c:\windows\system32\system32\MTTELECHIP.dll c:\windows\system32\system32\MTXSYNCICON.dll c:\windows\system32\system32\muzaf1.dll c:\windows\system32\system32\muzapp.dll c:\windows\system32\system32\muzapp.exe c:\windows\system32\system32\muzdecode.ax c:\windows\system32\system32\muzeffect.ax c:\windows\system32\system32\muzmp4sp.ax c:\windows\system32\system32\muzmpgsp.ax c:\windows\system32\system32\muzoggsp.ax c:\windows\system32\system32\muzwmts.dll c:\windows\system32\system32\psapi.dll c:\windows\system32\Thumbs.db . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))) . . 2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-08 19:04 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-08 16:13 . 2012-01-08 16:13 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-08 16:13 . 2012-01-08 16:13 -------- d-----w- c:\program files\Trend Micro 2012-01-06 11:25 . 2012-01-09 16:23 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2012-01-06 11:15 . 2012-01-06 11:16 -------- d-----w- c:\program files\CCleaner 2012-01-06 10:40 . 2012-01-06 14:10 -------- d-----w- c:\program files\Emsisoft HiJackFree 2012-01-06 10:25 . 2012-01-06 10:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Systweak 2012-01-06 10:25 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe 2012-01-04 15:56 . 2001-09-06 19:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2012-01-04 15:56 . 2001-09-06 19:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\Hewlett-Packard 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\MSN Toolbar 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\Bing Bar Installer 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\HP Photo Creations 2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2012-01-04 15:54 . 2012-01-05 16:36 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\HpUpdate 2012-01-04 15:54 . 2011-06-08 17:06 544616 ------w- c:\windows\system32\HPDiscoPMa211.dll 2012-01-04 15:54 . 2011-06-08 21:49 488296 ----a-w- c:\windows\system32\HPWia1_DJ3070_B611.dll 2012-01-04 15:54 . 2011-06-08 21:49 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3070_B611.dll 2012-01-04 15:54 . 2011-06-08 21:49 429928 ----a-w- c:\windows\system32\hpinkstsa211.dll 2012-01-04 15:54 . 2011-06-08 21:49 270696 ----a-w- c:\windows\system32\hpinkstsa211LM.dll 2012-01-04 15:54 . 2011-06-08 21:49 216424 ----a-w- c:\windows\system32\hpinkcoia211.dll 2012-01-04 15:53 . 2012-01-04 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2012-01-04 15:53 . 2012-01-04 15:54 -------- d-----w- c:\program files\HP 2012-01-04 15:52 . 2012-01-04 15:57 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\HP 2012-01-03 21:48 . 2012-01-03 21:48 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\ElevatedDiagnostics 2012-01-02 09:53 . 2012-01-02 09:53 -------- d-----w- c:\program files\Microsoft Silverlight 2011-12-14 16:28 . 2008-04-14 18:02 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-12-14 16:28 . 2008-04-14 18:02 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-12-14 16:28 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2011-12-14 16:28 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-12-14 16:28 . 2008-04-14 17:39 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-12-14 16:28 . 2008-04-14 17:39 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-12-14 16:27 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2011-12-14 16:27 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-12-14 16:27 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-12-14 16:27 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-12-11 16:10 . 2011-12-11 16:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AVG Secure Search 2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2011-12-11 16:08 . 2011-12-11 16:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\program files\AVG Secure Search . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 19:31 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-28 19:31 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 16:56 . 2011-05-16 18:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2007-04-12 22:08 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2001-09-07 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2001-09-06 19:53 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-12-11 16:08 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-11 1547104] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-26 2078048] "sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-11 827232] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-28 296056] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\ Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2001-9-7 33792] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-11-28 19:31 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20-8-2010 10:34 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-8-2010 10:34 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-8-2010 10:34 243152] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-5-2011 18:59 308136] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [12-4-2007 21:38 44928] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21-10-2010 13:44 189064] R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21-10-2010 13:44 1130120] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [11-12-2011 17:08 855904] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [12-4-2007 21:38 55808] R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S0 vsfsyqa;vsfsyqa;c:\windows\system32\drivers\hxsrsrpk.sys --> c:\windows\system32\drivers\hxsrsrpk.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 22:47 136176] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30-3-2011 8:16 30312] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27-10-2010 8:10 167264] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [27-12-2007 9:34 1527900] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 22:47 136176] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30-3-2011 8:16 121192] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30-3-2011 8:16 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30-3-2011 8:16 136680] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [27-12-2007 9:31 544768] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7-9-2001 13:00 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504] S3 wq13t1eco.sys;wq13t1eco.sys;\??\c:\windows\system32\drivers\wq13t1eco.sys --> c:\windows\system32\drivers\wq13t1eco.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2012-01-04 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06] . 2012-01-08 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06] . 2012-01-08 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06] . 2012-01-06 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06] . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47] . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47] . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01] . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01] . 2012-01-08 c:\windows\Tasks\HP Photo Creations Messager.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-01-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2011-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe MSConfigStartUp-EyelineRun - c:\program files\NCH Software\Eyeline\eyeline.exe MSConfigStartUp-HyvesDesktop - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe AddRemove-Fireworks Extravaganza Deluxe - c:\program files\Zylom Games\Fireworks Extravaganza Deluxe\GameInstaller.exe AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-09 17:44 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003) @Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-01-09 17:47:47 ComboFix-quarantined-files.txt 2012-01-09 16:47 . Pre-Run: 104.881.704.960 bytes beschikbaar Post-Run: 105.558.716.416 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 8C5169AF604F1D9FEE57FEECF0F820B8
  19. paolo
    Het laatste hijack rapp. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:47:05, on 8-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Fighters\sfagent.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\real\realplayer\update\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Fighters\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fighters\FighterSuiteService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- End of file - 9288 bytes Het eerste MBAM-log: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Databaseversie: v2012.01.08.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Eigenaar :: PAOLO [administrator] 8-1-2012 20:14:40 mbam-log-2012-01-08 (20-14-40).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 172877 Verstreken tijd: 7 minuut/minuten, 8 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 35 HKCR\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04} (Adware.LoudMo) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-YH94Lw_7HfY (Adware.AdRotator) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: 8196 -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: 8195 -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\WINDOWS\system32\-YH94Lw_7HfY.exe (Adware.AdRotator) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Eigenaar\Application Data\usernt.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Het tweede MBAM-log: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Databaseversie: v2012.01.08.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Eigenaar :: PAOLO [administrator] 8-1-2012 20:35:55 mbam-log-2012-01-08 (20-35-55).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 172847 Verstreken tijd: 6 minuut/minuten, 13 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Het herstarten lukte niet echt, hij bleef hangen. Moest met de reset-knop herstarten. Hoop dat de troj. horse niet al teveel schade heeft opgeleverd. Hoop dat je in bovenstaande logs dit kunt aflezen. GR en bedankt Paolo
  20. paolo
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:15:21, on 8-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Fighters\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fighters\FighterSuiteService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Fighters\sfagent.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\real\realplayer\update\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: flvdome - {eb2e9375-b70f-1b33-b671-2e1c72b97794} - C:\WINDOWS\system32\N-d50jAjAv.dll (file missing) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18O361CW05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- End of file - 10367 bytes Ik hoop dat dit hetgene is wat je bedoeld. Alvast bedankt. Gr. Paolo
  21. paolo
    Hallo allemaal, dit is voor mij de eerste keer dat ik via n' forum een vraag stel. Krijg van AVG de melding dat ik volgend trojan horse: PSW.Agent ARJV heb. AVG krijgt hem niet verwijderd of in quarantaine gezet. De PC. start zeer slecht op en wordt steeds trager. Hoop dat ik hulp middels dit forum kan krijgen. Groetjes Paolo:top:
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.