paolo
-
Items
21 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door paolo
-
-
Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 22-6-2012 16:32:19
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Scan archieven: Aan
ADS Scan: Aan
Scan gestart: 22-6-2012 16:33:26
C:\TDSSKiller_Quarantine\22.06.2012_15.42.15\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!E2
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-21f5ac4e -> FlashPlayer.class Ontdekt: JAVA.Agent!E2
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-2912c758 -> FlashPlayer.class Ontdekt: JAVA.Agent!E2
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-55123358 -> FlashPlayer.class Ontdekt: JAVA.Agent!E2
Gescand 577368
Gevonden 4
Scan geëindigd: 22-6-2012 18:49:28
Scantijd: 2:16:02
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-21f5ac4e -> FlashPlayer.class Verwijderd JAVA.Agent!E2
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-2912c758 -> FlashPlayer.class Verwijderd JAVA.Agent!E2
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\15\6314a28f-55123358 -> FlashPlayer.class Verwijderd JAVA.Agent!E2
C:\TDSSKiller_Quarantine\22.06.2012_15.42.15\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!E2
Verwijderd 4
-
15:53:37.0406 1852 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:53:38.0531 1852 ============================================================
15:53:38.0531 1852 Current date / time: 2012/06/22 15:53:38.0531
15:53:38.0531 1852 SystemInfo:
15:53:38.0531 1852
15:53:38.0531 1852 OS Version: 5.1.2600 ServicePack: 3.0
15:53:38.0531 1852 Product type: Workstation
15:53:38.0531 1852 ComputerName: PAOLO
15:53:38.0531 1852 UserName: Eigenaar
15:53:38.0531 1852 Windows directory: C:\WINDOWS
15:53:38.0531 1852 System windows directory: C:\WINDOWS
15:53:38.0531 1852 Processor architecture: Intel x86
15:53:38.0531 1852 Number of processors: 1
15:53:38.0531 1852 Page size: 0x1000
15:53:38.0531 1852 Boot type: Normal boot
15:53:38.0531 1852 ============================================================
15:53:41.0796 1852 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:53:42.0390 1852 ============================================================
15:53:42.0390 1852 \Device\Harddisk0\DR0:
15:53:42.0390 1852 MBR partitions:
15:53:42.0390 1852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
15:53:42.0421 1852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0xE75FD3F
15:53:42.0421 1852 ============================================================
15:53:42.0531 1852 C: <-> \Device\Harddisk0\DR0\Partition0
15:53:42.0562 1852 D: <-> \Device\Harddisk0\DR0\Partition1
15:53:42.0562 1852 ============================================================
15:53:42.0562 1852 Initialize success
15:53:42.0562 1852 ============================================================
15:53:44.0859 3200 ============================================================
15:53:44.0859 3200 Scan started
15:53:44.0859 3200 Mode: Manual;
15:53:44.0859 3200 ============================================================
15:53:46.0062 3200 Abiosdsk - ok
15:53:46.0062 3200 abp480n5 - ok
15:53:46.0203 3200 ACDaemon (127532ee2de2333e1b72a7482b739a82) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:53:46.0265 3200 ACDaemon - ok
15:53:46.0359 3200 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:53:46.0515 3200 ACPI - ok
15:53:46.0546 3200 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:53:46.0703 3200 ACPIEC - ok
15:53:46.0859 3200 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:46.0953 3200 AdobeFlashPlayerUpdateSvc - ok
15:53:46.0953 3200 adpu160m - ok
15:53:47.0031 3200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:53:47.0218 3200 aec - ok
15:53:47.0250 3200 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
15:53:47.0437 3200 Afc - ok
15:53:47.0531 3200 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:53:47.0750 3200 AFD - ok
15:53:47.0765 3200 Aha154x - ok
15:53:47.0781 3200 aic78u2 - ok
15:53:47.0828 3200 aic78xx - ok
15:53:49.0812 3200 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:53:50.0203 3200 ALCXWDM - ok
15:53:50.0609 3200 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
15:53:52.0062 3200 Alerter - ok
15:53:52.0156 3200 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
15:53:52.0156 3200 ALG - ok
15:53:52.0187 3200 AliIde - ok
15:53:52.0234 3200 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:53:52.0265 3200 AmdK8 - ok
15:53:52.0281 3200 amsint - ok
15:53:52.0359 3200 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
15:53:52.0390 3200 androidusb - ok
15:53:52.0421 3200 AppMgmt - ok
15:53:52.0437 3200 asc - ok
15:53:52.0437 3200 asc3350p - ok
15:53:52.0453 3200 asc3550 - ok
15:53:52.0640 3200 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:53:52.0734 3200 aspnet_state - ok
15:53:52.0750 3200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:53:52.0921 3200 AsyncMac - ok
15:53:52.0953 3200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:53:52.0953 3200 atapi - ok
15:53:52.0968 3200 Atdisk - ok
15:53:53.0156 3200 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\System32\Ati2evxx.exe
15:53:53.0390 3200 Ati HotKey Poller - ok
15:53:53.0656 3200 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe
15:53:53.0890 3200 ATI Smart - ok
15:53:54.0562 3200 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:53:54.0750 3200 ati2mtag - ok
15:53:55.0203 3200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:53:55.0406 3200 Atmarpc - ok
15:53:55.0468 3200 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
15:53:55.0656 3200 AudioSrv - ok
15:53:55.0671 3200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:53:55.0843 3200 audstub - ok
15:53:56.0109 3200 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
15:53:56.0171 3200 AVG Security Toolbar Service - ok
15:53:56.0343 3200 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
15:53:56.0437 3200 avg9wd - ok
15:53:56.0562 3200 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
15:53:56.0656 3200 AvgLdx86 - ok
15:53:56.0687 3200 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
15:53:56.0718 3200 AvgMfx86 - ok
15:53:56.0750 3200 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
15:53:56.0812 3200 AvgRkx86 - ok
15:53:56.0937 3200 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
15:53:57.0031 3200 AvgTdiX - ok
15:53:57.0062 3200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:53:57.0250 3200 Beep - ok
15:53:57.0468 3200 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
15:53:57.0828 3200 BITS - ok
15:53:57.0890 3200 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
15:53:57.0906 3200 Browser - ok
15:53:57.0906 3200 catchme - ok
15:53:58.0171 3200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:53:58.0218 3200 cbidf2k - ok
15:53:58.0218 3200 cd20xrnt - ok
15:53:58.0234 3200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:53:58.0250 3200 Cdaudio - ok
15:53:58.0328 3200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:53:58.0343 3200 Cdfs - ok
15:53:58.0359 3200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:53:58.0359 3200 Cdrom - ok
15:53:58.0375 3200 Changer - ok
15:53:58.0406 3200 cisvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
15:53:58.0406 3200 cisvc - ok
15:53:58.0437 3200 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
15:53:58.0453 3200 ClipSrv - ok
15:53:58.0718 3200 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:58.0812 3200 clr_optimization_v2.0.50727_32 - ok
15:53:58.0875 3200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:58.0921 3200 clr_optimization_v4.0.30319_32 - ok
15:53:58.0921 3200 CmdIde - ok
15:53:58.0937 3200 COMSysApp - ok
15:53:58.0953 3200 Cpqarray - ok
15:53:58.0984 3200 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
15:53:58.0984 3200 CryptSvc - ok
15:53:59.0000 3200 dac2w2k - ok
15:53:59.0015 3200 dac960nt - ok
15:53:59.0093 3200 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
15:53:59.0093 3200 DcomLaunch - ok
15:53:59.0140 3200 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
15:53:59.0140 3200 Dhcp - ok
15:53:59.0156 3200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:53:59.0156 3200 Disk - ok
15:53:59.0156 3200 dmadmin - ok
15:53:59.0218 3200 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
15:53:59.0250 3200 dmboot - ok
15:53:59.0265 3200 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
15:53:59.0281 3200 dmio - ok
15:53:59.0312 3200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:53:59.0312 3200 dmload - ok
15:53:59.0343 3200 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
15:53:59.0343 3200 dmserver - ok
15:53:59.0375 3200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:53:59.0375 3200 DMusic - ok
15:53:59.0406 3200 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
15:53:59.0406 3200 Dnscache - ok
15:53:59.0453 3200 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
15:53:59.0453 3200 Dot3svc - ok
15:53:59.0453 3200 dpti2o - ok
15:53:59.0468 3200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:53:59.0468 3200 drmkaud - ok
15:53:59.0500 3200 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
15:53:59.0500 3200 EapHost - ok
15:53:59.0546 3200 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
15:53:59.0546 3200 ERSvc - ok
15:53:59.0578 3200 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:53:59.0593 3200 Eventlog - ok
15:53:59.0640 3200 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\System32\es.dll
15:53:59.0640 3200 EventSystem - ok
15:53:59.0734 3200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:53:59.0750 3200 Fastfat - ok
15:53:59.0796 3200 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:53:59.0796 3200 FastUserSwitchingCompatibility - ok
15:53:59.0828 3200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:53:59.0828 3200 Fdc - ok
15:53:59.0843 3200 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
15:53:59.0843 3200 Fips - ok
15:54:00.0015 3200 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
15:54:00.0046 3200 FirebirdServerMAGIXInstance - ok
15:54:00.0125 3200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:54:00.0125 3200 Flpydisk - ok
15:54:00.0156 3200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:54:00.0156 3200 FltMgr - ok
15:54:00.0250 3200 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:00.0250 3200 FontCache3.0.0.0 - ok
15:54:00.0281 3200 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
15:54:00.0281 3200 fssfltr - ok
15:54:00.0421 3200 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:54:00.0437 3200 fsssvc - ok
15:54:00.0468 3200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:54:00.0468 3200 Fs_Rec - ok
15:54:00.0484 3200 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:54:00.0500 3200 Ftdisk - ok
15:54:00.0500 3200 GMSIPCI - ok
15:54:00.0562 3200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:54:00.0562 3200 Gpc - ok
15:54:00.0625 3200 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:00.0640 3200 gupdate - ok
15:54:00.0640 3200 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:00.0640 3200 gupdatem - ok
15:54:00.0734 3200 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:54:00.0734 3200 helpsvc - ok
15:54:00.0750 3200 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
15:54:00.0765 3200 HidServ - ok
15:54:00.0781 3200 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:54:00.0781 3200 HidUsb - ok
15:54:00.0828 3200 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
15:54:00.0843 3200 hkmsvc - ok
15:54:00.0843 3200 hpn - ok
15:54:00.0859 3200 hpt3xx - ok
15:54:00.0906 3200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:54:00.0906 3200 HTTP - ok
15:54:00.0953 3200 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
15:54:00.0953 3200 HTTPFilter - ok
15:54:00.0968 3200 i2omgmt - ok
15:54:00.0968 3200 i2omp - ok
15:54:01.0015 3200 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:54:01.0015 3200 i8042prt - ok
15:54:01.0140 3200 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:01.0156 3200 idsvc - ok
15:54:01.0187 3200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:54:01.0187 3200 Imapi - ok
15:54:01.0234 3200 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
15:54:01.0234 3200 ImapiService - ok
15:54:01.0250 3200 ini910u - ok
15:54:01.0265 3200 IntelIde - ok
15:54:01.0296 3200 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:54:01.0296 3200 ip6fw - ok
15:54:01.0343 3200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:54:01.0343 3200 IpFilterDriver - ok
15:54:01.0359 3200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:54:01.0359 3200 IpInIp - ok
15:54:01.0390 3200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:54:01.0406 3200 IpNat - ok
15:54:01.0421 3200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:54:01.0421 3200 IPSec - ok
15:54:01.0437 3200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:54:01.0437 3200 IRENUM - ok
15:54:01.0468 3200 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:54:01.0468 3200 isapnp - ok
15:54:01.0609 3200 JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe
15:54:01.0609 3200 JavaQuickStarterService - ok
15:54:01.0656 3200 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:54:01.0656 3200 Kbdclass - ok
15:54:01.0703 3200 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:54:01.0703 3200 kbdhid - ok
15:54:01.0734 3200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:54:01.0750 3200 kmixer - ok
15:54:01.0781 3200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:54:01.0796 3200 KSecDD - ok
15:54:01.0828 3200 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
15:54:01.0828 3200 lanmanserver - ok
15:54:01.0875 3200 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
15:54:01.0906 3200 lanmanworkstation - ok
15:54:01.0906 3200 lbrtfdc - ok
15:54:01.0953 3200 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
15:54:01.0953 3200 LmHosts - ok
15:54:02.0015 3200 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:54:02.0015 3200 MDM - ok
15:54:02.0046 3200 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
15:54:02.0046 3200 Messenger - ok
15:54:02.0078 3200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:54:02.0093 3200 mnmdd - ok
15:54:02.0125 3200 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\System32\mnmsrvc.exe
15:54:02.0125 3200 mnmsrvc - ok
15:54:02.0140 3200 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
15:54:02.0140 3200 Modem - ok
15:54:02.0171 3200 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:54:02.0171 3200 Mouclass - ok
15:54:02.0218 3200 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:54:02.0218 3200 mouhid - ok
15:54:02.0234 3200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:54:02.0234 3200 MountMgr - ok
15:54:02.0250 3200 mraid35x - ok
15:54:02.0265 3200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:54:02.0265 3200 MRxDAV - ok
15:54:02.0328 3200 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:54:02.0343 3200 MRxSmb - ok
15:54:02.0375 3200 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\System32\msdtc.exe
15:54:02.0375 3200 MSDTC - ok
15:54:02.0390 3200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:54:02.0390 3200 Msfs - ok
15:54:02.0406 3200 MSIServer - ok
15:54:02.0421 3200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:54:02.0421 3200 MSKSSRV - ok
15:54:02.0437 3200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:54:02.0437 3200 MSPCLOCK - ok
15:54:02.0453 3200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:54:02.0453 3200 MSPQM - ok
15:54:02.0468 3200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:54:02.0468 3200 mssmbios - ok
15:54:02.0500 3200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:54:02.0500 3200 Mup - ok
15:54:02.0546 3200 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
15:54:02.0562 3200 napagent - ok
15:54:02.0578 3200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:54:02.0593 3200 NDIS - ok
15:54:02.0625 3200 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:54:02.0625 3200 NdisTapi - ok
15:54:02.0656 3200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:54:02.0656 3200 Ndisuio - ok
15:54:02.0671 3200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:54:02.0687 3200 NdisWan - ok
15:54:02.0703 3200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:54:02.0703 3200 NDProxy - ok
15:54:02.0718 3200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:54:02.0718 3200 NetBIOS - ok
15:54:02.0750 3200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:54:02.0750 3200 NetBT - ok
15:54:02.0781 3200 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:54:02.0796 3200 NetDDE - ok
15:54:02.0796 3200 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:54:02.0796 3200 NetDDEdsdm - ok
15:54:02.0828 3200 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:02.0828 3200 Netlogon - ok
15:54:02.0859 3200 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
15:54:02.0859 3200 Netman - ok
15:54:02.0953 3200 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:02.0953 3200 NetTcpPortSharing - ok
15:54:03.0000 3200 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
15:54:03.0000 3200 Nla - ok
15:54:03.0031 3200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:54:03.0031 3200 Npfs - ok
15:54:03.0078 3200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:54:03.0078 3200 Ntfs - ok
15:54:03.0093 3200 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\System32\lsass.exe
15:54:03.0093 3200 NtLmSsp - ok
15:54:03.0156 3200 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
15:54:03.0171 3200 NtmsSvc - ok
15:54:03.0203 3200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:54:03.0203 3200 Null - ok
15:54:03.0234 3200 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
15:54:03.0234 3200 nvata - ok
15:54:03.0265 3200 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:54:03.0265 3200 NVENETFD - ok
15:54:03.0281 3200 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:54:03.0281 3200 nvnetbus - ok
15:54:03.0328 3200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:54:03.0328 3200 NwlnkFlt - ok
15:54:03.0359 3200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:54:03.0359 3200 NwlnkFwd - ok
15:54:03.0421 3200 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:03.0453 3200 ose - ok
15:54:03.0500 3200 ousb2hub (b69051d59730c61d188adbabfc7c0517) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
15:54:03.0515 3200 ousb2hub - ok
15:54:03.0546 3200 ousbehci (46c4b42e2621a9b002f93ed18b349254) C:\WINDOWS\system32\Drivers\ousbehci.sys
15:54:03.0546 3200 ousbehci - ok
15:54:03.0593 3200 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
15:54:03.0593 3200 Parport - ok
15:54:03.0625 3200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:54:03.0625 3200 PartMgr - ok
15:54:03.0687 3200 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
15:54:03.0687 3200 ParVdm - ok
15:54:03.0703 3200 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
15:54:03.0765 3200 PCI - ok
15:54:03.0781 3200 PCIDump - ok
15:54:03.0921 3200 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:54:03.0937 3200 PCIIde - ok
15:54:03.0984 3200 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:54:03.0984 3200 Pcmcia - ok
15:54:04.0000 3200 PDCOMP - ok
15:54:04.0031 3200 PDFRAME - ok
15:54:04.0046 3200 PDRELI - ok
15:54:04.0062 3200 PDRFRAME - ok
15:54:04.0078 3200 perc2 - ok
15:54:04.0093 3200 perc2hib - ok
15:54:04.0187 3200 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:54:04.0187 3200 PlugPlay - ok
15:54:04.0218 3200 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:04.0234 3200 PolicyAgent - ok
15:54:04.0250 3200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:54:04.0250 3200 PptpMiniport - ok
15:54:04.0296 3200 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
15:54:04.0296 3200 Processor - ok
15:54:04.0312 3200 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:04.0312 3200 ProtectedStorage - ok
15:54:04.0343 3200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:54:04.0343 3200 PSched - ok
15:54:04.0375 3200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:54:04.0375 3200 Ptilink - ok
15:54:04.0406 3200 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:54:04.0421 3200 PxHelp20 - ok
15:54:04.0437 3200 ql1080 - ok
15:54:04.0453 3200 Ql10wnt - ok
15:54:04.0453 3200 ql12160 - ok
15:54:04.0468 3200 ql1240 - ok
15:54:04.0468 3200 ql1280 - ok
15:54:04.0500 3200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:54:04.0500 3200 RasAcd - ok
15:54:04.0531 3200 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
15:54:04.0531 3200 RasAuto - ok
15:54:04.0562 3200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:54:04.0578 3200 Rasl2tp - ok
15:54:04.0625 3200 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
15:54:04.0625 3200 RasMan - ok
15:54:04.0640 3200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:54:04.0640 3200 RasPppoe - ok
15:54:04.0656 3200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:54:04.0656 3200 Raspti - ok
15:54:04.0671 3200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:54:04.0687 3200 Rdbss - ok
15:54:04.0687 3200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:54:04.0703 3200 RDPCDD - ok
15:54:04.0750 3200 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:54:04.0750 3200 RDPWD - ok
15:54:04.0781 3200 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
15:54:04.0796 3200 RDSessMgr - ok
15:54:04.0812 3200 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:54:04.0812 3200 redbook - ok
15:54:04.0843 3200 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
15:54:04.0843 3200 RemoteAccess - ok
15:54:04.0875 3200 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\System32\locator.exe
15:54:04.0875 3200 RpcLocator - ok
15:54:04.0937 3200 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll
15:54:04.0937 3200 RpcSs - ok
15:54:04.0984 3200 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\System32\rsvp.exe
15:54:04.0984 3200 RSVP - ok
15:54:05.0015 3200 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:54:05.0015 3200 SamSs - ok
15:54:05.0046 3200 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
15:54:05.0046 3200 SCardSvr - ok
15:54:05.0093 3200 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
15:54:05.0109 3200 Schedule - ok
15:54:05.0140 3200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:54:05.0140 3200 Secdrv - ok
15:54:05.0156 3200 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
15:54:05.0171 3200 seclogon - ok
15:54:05.0187 3200 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
15:54:05.0187 3200 SENS - ok
15:54:05.0234 3200 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:54:05.0234 3200 serenum - ok
15:54:05.0250 3200 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
15:54:05.0250 3200 Serial - ok
15:54:05.0281 3200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:54:05.0296 3200 Sfloppy - ok
15:54:05.0343 3200 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
15:54:05.0343 3200 SharedAccess - ok
15:54:05.0375 3200 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:54:05.0390 3200 ShellHWDetection - ok
15:54:05.0390 3200 Simbad - ok
15:54:05.0484 3200 SPAMfighter Update Service (1ec0a00a13095e8423548dfa3394e727) C:\Program Files\Fighters\SPAMfighter\sfus.exe
15:54:05.0484 3200 SPAMfighter Update Service - ok
15:54:05.0500 3200 Sparrow - ok
15:54:05.0515 3200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:54:05.0531 3200 splitter - ok
15:54:05.0562 3200 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:54:05.0562 3200 Spooler - ok
15:54:05.0609 3200 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
15:54:05.0609 3200 sr - ok
15:54:05.0656 3200 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
15:54:05.0656 3200 srservice - ok
15:54:05.0703 3200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:54:05.0703 3200 Srv - ok
15:54:05.0750 3200 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:54:05.0750 3200 ssadbus - ok
15:54:05.0765 3200 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:54:05.0765 3200 ssadmdfl - ok
15:54:05.0796 3200 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:54:05.0796 3200 ssadmdm - ok
15:54:05.0828 3200 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
15:54:05.0843 3200 SSDPSRV - ok
15:54:05.0875 3200 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
15:54:05.0875 3200 ssm_bus - ok
15:54:05.0906 3200 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
15:54:05.0906 3200 ssm_mdfl - ok
15:54:05.0953 3200 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
15:54:05.0968 3200 ssm_mdm - ok
15:54:05.0984 3200 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
15:54:05.0984 3200 StarOpen - ok
15:54:06.0031 3200 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:54:06.0031 3200 StillCam - ok
15:54:06.0093 3200 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
15:54:06.0093 3200 stisvc - ok
15:54:06.0140 3200 STV680 (a7c201297fa5118b95518f31af729da0) C:\WINDOWS\system32\drivers\STV680.sys
15:54:06.0156 3200 STV680 - ok
15:54:06.0328 3200 Suite Service (a7e21e907c39fab021ced41296fc8019) C:\Program Files\Fighters\FighterSuiteService.exe
15:54:06.0343 3200 Suite Service - ok
15:54:06.0437 3200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:54:06.0437 3200 swenum - ok
15:54:06.0453 3200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:54:06.0453 3200 swmidi - ok
15:54:06.0468 3200 SwPrv - ok
15:54:06.0468 3200 symc810 - ok
15:54:06.0484 3200 symc8xx - ok
15:54:06.0500 3200 sym_hi - ok
15:54:06.0500 3200 sym_u3 - ok
15:54:06.0515 3200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:54:06.0531 3200 sysaudio - ok
15:54:06.0562 3200 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
15:54:06.0562 3200 SysmonLog - ok
15:54:06.0609 3200 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
15:54:06.0609 3200 TapiSrv - ok
15:54:06.0671 3200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:54:06.0687 3200 Tcpip - ok
15:54:06.0703 3200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:54:06.0718 3200 TDPIPE - ok
15:54:06.0734 3200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:54:06.0734 3200 TDTCP - ok
15:54:06.0750 3200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:54:06.0765 3200 TermDD - ok
15:54:06.0796 3200 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
15:54:06.0812 3200 TermService - ok
15:54:06.0859 3200 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:54:06.0859 3200 Themes - ok
15:54:06.0875 3200 TosIde - ok
15:54:06.0890 3200 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
15:54:06.0890 3200 TrkWks - ok
15:54:06.0921 3200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:54:06.0921 3200 Udfs - ok
15:54:06.0937 3200 ultra - ok
15:54:07.0000 3200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:54:07.0015 3200 Update - ok
15:54:07.0046 3200 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
15:54:07.0046 3200 upnphost - ok
15:54:07.0156 3200 UPnPService (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
15:54:07.0171 3200 UPnPService - ok
15:54:07.0187 3200 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
15:54:07.0203 3200 UPS - ok
15:54:07.0234 3200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:54:07.0234 3200 usbccgp - ok
15:54:07.0265 3200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:54:07.0281 3200 usbhub - ok
15:54:07.0312 3200 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:54:07.0312 3200 usbohci - ok
15:54:07.0343 3200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:54:07.0359 3200 USBSTOR - ok
15:54:07.0390 3200 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:54:07.0390 3200 usb_rndisx - ok
15:54:07.0406 3200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:54:07.0406 3200 VgaSave - ok
15:54:07.0421 3200 ViaIde - ok
15:54:07.0453 3200 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
15:54:07.0453 3200 VolSnap - ok
15:54:07.0484 3200 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
15:54:07.0500 3200 VSS - ok
15:54:07.0609 3200 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
15:54:07.0625 3200 vToolbarUpdater11.1.0 - ok
15:54:07.0656 3200 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
15:54:07.0671 3200 W32Time - ok
15:54:07.0718 3200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:54:07.0718 3200 Wanarp - ok
15:54:07.0781 3200 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:54:07.0796 3200 Wdf01000 - ok
15:54:07.0796 3200 WDICA - ok
15:54:07.0828 3200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:54:07.0828 3200 wdmaud - ok
15:54:07.0859 3200 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
15:54:07.0875 3200 WebClient - ok
15:54:07.0921 3200 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:54:07.0921 3200 winmgmt - ok
15:54:08.0031 3200 WinRM (250f8d15406269cb3a690b4a4859d92d) C:\WINDOWS\system32\WsmSvc.dll
15:54:08.0062 3200 WinRM - ok
15:54:08.0093 3200 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:54:08.0109 3200 WmdmPmSN - ok
15:54:08.0140 3200 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:54:08.0140 3200 WmiApSrv - ok
15:54:08.0281 3200 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:54:08.0296 3200 WMPNetworkSvc - ok
15:54:08.0343 3200 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:54:08.0343 3200 WpdUsb - ok
15:54:08.0484 3200 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:54:08.0500 3200 WPFFontCache_v0400 - ok
15:54:08.0531 3200 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:54:08.0546 3200 WS2IFSL - ok
15:54:08.0578 3200 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
15:54:08.0593 3200 wscsvc - ok
15:54:08.0593 3200 WSearch - ok
15:54:08.0609 3200 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
15:54:08.0640 3200 wuauserv - ok
15:54:08.0671 3200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:54:08.0687 3200 WudfPf - ok
15:54:08.0703 3200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:54:08.0718 3200 WudfRd - ok
15:54:08.0734 3200 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:54:08.0750 3200 WudfSvc - ok
15:54:08.0812 3200 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
15:54:08.0828 3200 WZCSVC - ok
15:54:08.0875 3200 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
15:54:08.0906 3200 xmlprov - ok
15:54:08.0906 3200 xpsec - ok
15:54:08.0937 3200 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
15:54:09.0343 3200 \Device\Harddisk0\DR0 - ok
15:54:09.0343 3200 Boot (0x1200) (5a79a42dc2ed4deaced87b41a79c25bc) \Device\Harddisk0\DR0\Partition0
15:54:09.0343 3200 \Device\Harddisk0\DR0\Partition0 - ok
15:54:09.0375 3200 Boot (0x1200) (1c9dd1011de39039774693cb03ff007b) \Device\Harddisk0\DR0\Partition1
15:54:09.0375 3200 \Device\Harddisk0\DR0\Partition1 - ok
15:54:09.0375 3200 ============================================================
15:54:09.0375 3200 Scan finished
15:54:09.0375 3200 ============================================================
15:54:09.0390 3832 Detected object count: 0
15:54:09.0390 3832 Actual detected object count: 0
Bovenstaande log file was nadat ik moest rebooten en weer een scan deed.
-
Hallo Kape, heeft lang geduurd, maar helaas kreeg ik onderstaande meldingen. In totaal 25 stuks.
Gr. Paolo
"C:\PROGRA~1\AVG\AVG9\avgtray.exe (1380)";"Trojaans paard PSW.Generic9.UCX";""
"C:\PROGRA~1\AVG\AVG9\avgtray.exe (1380):\memory_012d0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\AVG Secure Search\vprot.exe (1252)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\AVG Secure Search\vprot.exe (1252):\memory_01c80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\AVG\AVG9\avgui.exe (4060)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\AVG\AVG9\avgui.exe (4060):\memory_01470000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\AVG\AVG9\avgwdsvc.exe (1280)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\AVG\AVG9\avgwdsvc.exe (1280):\memory_00f60000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe (2624)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe (2624):\memory_00960000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2024)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2024):\memory_008f0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Fighters\FighterSuiteService.exe (2492)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Fighters\FighterSuiteService.exe (2492):\memory_01280000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Fighters\SPAMfighter\sfagent.exe (1404)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Fighters\SPAMfighter\sfagent.exe (1404):\memory_02630000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Fighters\SPAMfighter\sfus.exe (2176)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Fighters\SPAMfighter\sfus.exe (2176):\memory_009c0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Fighters\Tray\FightersTray.exe (1508)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Fighters\Tray\FightersTray.exe (1508):\memory_01190000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (1688)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Internet Explorer\iexplore.exe (1688):\memory_00cc0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (1688):\memory_010a0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (1748)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Internet Explorer\iexplore.exe (1748):\memory_00d80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (1748):\memory_01950000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (552)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Internet Explorer\iexplore.exe (552):\memory_03750000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (552):\memory_03aa0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Java\jre6\bin\jqs.exe (1952)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Java\jre6\bin\jqs.exe (1952):\memory_00fa0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\Program Files\Real\RealPlayer\Update\realsched.exe (1536)";"Trojaans paard PSW.Generic9.UCX";""
"C:\Program Files\Real\RealPlayer\Update\realsched.exe (1536):\memory_00e80000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\explorer.exe (2240)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\explorer.exe (2240):\memory_02e40000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\explorer.exe (2240):\memory_03600000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
"C:\WINDOWS\system32\ati2evxx.exe (1524)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\ati2evxx.exe (1524):\memory_00b50000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\ctfmon.exe (1360)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\ctfmon.exe (1360):\memory_00bb0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\searchindexer.exe (2788)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\searchindexer.exe (2788):\memory_0bfc0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\services.exe (704)";"Trojaans paard PSW.Agent.ASOH";""
"C:\WINDOWS\system32\services.exe (704):\memory_00ea0000";"Trojaans paard PSW.Agent.ASOH";"Object is niet toegankelijk."
"C:\WINDOWS\system32\services.exe (704):\memory_01270000";"Trojaans paard PSW.Agent.ASOI";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (1056)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\svchost.exe (1056):\memory_01650000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (1056):\memory_01d10000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (1092)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\svchost.exe (1092):\memory_00640000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (1092):\memory_00ac0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (2432)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\svchost.exe (2432):\memory_01220000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (2432):\memory_012e0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (892)";"Trojaans paard PSW.Generic9.UCX";""
"C:\WINDOWS\system32\svchost.exe (892):\memory_00ac0000";"Trojaans paard PSW.Generic9.UCX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\svchost.exe (892):\memory_00cf0000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
"C:\WINDOWS\system32\winlogon.exe (660)";"Trojaans paard PSW.Agent.AUET";""
"C:\WINDOWS\system32\winlogon.exe (660):\memory_01530000";"Trojaans paard PSW.Agent.AUET";"Object is niet toegankelijk."
-
ComboFix 12-06-21.03 - Eigenaar 22-06-2012 10:59:27.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.356 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\046474829976d4cc.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8414d5f81b26c0ca.fb
c:\windows\system32\Cache\84789b608a6425ba.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\roboot.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-21 18:53 . 2012-06-21 18:53 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-21 18:50 . 2012-06-22 08:29 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2012-06-16 09:51 . 2012-06-16 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2012-06-13 17:52 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 07:01 . 2012-06-13 07:01 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AVG Secure Search
2012-06-04 17:31 . 2012-06-04 17:31 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-02 07:51 . 2012-06-02 07:51 -------- d-----w- c:\program files\BitTorrent
2012-06-02 07:45 . 2012-06-02 07:46 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 17:30 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-04 17:30 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-02 13:19 . 2007-06-21 15:30 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-04-12 20:31 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-04-12 20:31 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2005-05-26 02:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-04-12 20:31 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-04-12 20:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-04-12 20:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2001-09-07 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-21 15:30 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-06-21 15:30 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-04-12 20:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-06-21 15:30 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-04-12 20:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2007-06-22 15:27 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2007-04-29 13:25 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2005-05-26 02:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2001-09-07 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 13:28 . 2012-04-01 18:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 13:28 . 2011-05-16 18:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 03:15 . 2001-09-07 12:00 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:15 . 2001-09-06 19:53 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2007-04-12 20:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 13:56 . 2012-01-08 19:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 18:55 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-28 2077536]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-02 1197704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-04 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk]
path=c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk
backup=c:\windows\pss\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-03-24 12:13 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-04 17:30 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\downloads\\BitTorrent\\bittorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20-8-2010 11:34 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-8-2010 11:34 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-8-2010 11:34 243152]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-5-2011 19:59 308136]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [12-4-2007 22:38 44928]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [2-2-2012 17:07 215688]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [23-1-2012 14:40 1324680]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [12-6-2012 20:55 935480]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [12-4-2007 22:38 55808]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 23:47 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1-4-2012 20:18 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30-3-2011 9:16 30312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27-10-2010 9:10 167264]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [27-12-2007 10:34 1527900]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 23:47 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30-3-2011 9:16 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30-3-2011 9:16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30-3-2011 9:16 136680]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [27-12-2007 10:31 544768]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - xcpip
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:28]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job
- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job
- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]
.
2012-06-22 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-22 11:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)
@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2240)
c:\program files\Fighters\SPAMfighter\LiveKit.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Voltooingstijd: 2012-06-22 11:17:19 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-22 09:17
.
Pre-Run: 100.087.209.984 bytes beschikbaar
Post-Run: 100.333.916.160 bytes beschikbaar
.
- - End Of File - - 2D22990207DC36FFB85FCE1E98338088
---------- Post toegevoegd om 11:25 ---------- Vorige post was om 11:21 ----------
Hallo Kape, hoop dat het zo goed is. gr. Paolo
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:29, on 22-6-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fighters\Tray\FightersTray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fighters\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Fighters\FighterLauncher.exe
C:\Program Files\Fighters\SPAMfighter\sfagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
--
End of file - 8454 bytes
Dacht dat het gelukt was.
-
Hallo allemaal,
Men zou zeggen dat 1 tr.h al 1 teveel is, maar ik heb er 4. Niet te verwijderen met AVG. Zal ze opnoemen.
- PSW. Generic 9 UCX
- PSW. Agent. AUET
- PSW. Agent. ASOH
- PSW. Agent. ASOl
Dit kreeg ik gisteren met de scan als resultaat. Wat me wel opviel is dat de pc. trager was/is en dat internet niet fatsoenlijk werkt. Laden van de pagina traag/ of helemaal niet. Popups die opeens tevoorschijn komen.
Ben ervan overtuigd, gezien mijn eerdere ervaring van jullie hulp, dat het nu ook wel zal lukken om ze te verwjderen.
Misschien dat me ook iemand tips/raad kan geven om de trojan horses buiten de deur/PC te houden.
Bvd. groetjes Paolo
-
Hallo, ik krijg bovenstaande update niet geinstalleerd.
Krijg wel elke keer als ik de pc. opstart de melding dat de update geinstalleerd kan worden.
Als ik dat doe krijg ik even later het bericht dat de update niet geinstalleerd kan worden. Waarom ????
Groetjes Paolo
-
Hallo Kape, ik heb niets meer van combofix, 2 bewaarde kladblokbestandjes heb ik verwijderd.Qoobox heb ik ook kunnen verwijderen. CCleaner laten lopen waarbij toen ik op register klikte alleen "Ontbrekende gedeelde DLL-bestanden" aangevinkt stond. Ik heb dus ook alleen die problemen geselecteerd voor te herstellen. Moet ik alsnog de overige items aanvinken en daar ook een scan over laten gaan? De PC. werkt verder prima, start snel op. Vooralsnog geen virusmelding van AVG gehad. Gr. Paolo
-
Het lukt niet, krijg de melding "windows kan het bestand ComboFix /Uninstall niet vinden. Heb het meerdere keren geprobeert, in het vak "üitvoeren"
-
Ik vind ComboFix /Uninstall nergens, zowel met uitvoeren als zoekopdracht niet!!
De map Qoobox vond ik wel, maar laat zich niet verwijderen, de toegang is geweigerd.
CCcleaner had ik al op de pc. gr. p
-
Hallo Kape, het is gelukt, volgens AVG is de pc. virusvrij, krijg ook geen melding meer van die trojan horse.
Hartelijk dank voor jullie hulp. Gr. Paolo:top:
-
16:47:44.0500 1072 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
16:47:44.0578 1072 ============================================================
16:47:44.0578 1072 Current date / time: 2012/01/11 16:47:44.0578
16:47:44.0578 1072 SystemInfo:
16:47:44.0578 1072
16:47:44.0578 1072 OS Version: 5.1.2600 ServicePack: 3.0
16:47:44.0578 1072 Product type: Workstation
16:47:44.0578 1072 ComputerName: PAOLO
16:47:44.0578 1072 UserName: Eigenaar
16:47:44.0578 1072 Windows directory: C:\WINDOWS
16:47:44.0578 1072 System windows directory: C:\WINDOWS
16:47:44.0578 1072 Processor architecture: Intel x86
16:47:44.0578 1072 Number of processors: 1
16:47:44.0578 1072 Page size: 0x1000
16:47:44.0578 1072 Boot type: Normal boot
16:47:44.0578 1072 ============================================================
16:47:45.0859 1072 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
16:47:45.0937 1072 Initialize success
16:48:02.0109 3932 ============================================================
16:48:02.0109 3932 Scan started
16:48:02.0109 3932 Mode: Manual;
16:48:02.0109 3932 ============================================================
16:48:02.0343 3932 Abiosdsk - ok
16:48:02.0359 3932 abp480n5 - ok
16:48:02.0406 3932 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:48:02.0421 3932 ACPI - ok
16:48:02.0468 3932 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:48:02.0468 3932 ACPIEC - ok
16:48:02.0484 3932 adpu160m - ok
16:48:02.0531 3932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:48:02.0531 3932 aec - ok
16:48:02.0578 3932 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
16:48:02.0593 3932 Afc - ok
16:48:02.0625 3932 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:48:02.0640 3932 AFD - ok
16:48:02.0656 3932 Aha154x - ok
16:48:02.0687 3932 aic78u2 - ok
16:48:02.0703 3932 aic78xx - ok
16:48:02.0828 3932 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:48:02.0921 3932 ALCXWDM - ok
16:48:02.0937 3932 AliIde - ok
16:48:02.0984 3932 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:48:03.0000 3932 AmdK8 - ok
16:48:03.0015 3932 amsint - ok
16:48:03.0062 3932 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
16:48:03.0062 3932 androidusb - ok
16:48:03.0093 3932 asc - ok
16:48:03.0109 3932 asc3350p - ok
16:48:03.0125 3932 asc3550 - ok
16:48:03.0171 3932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:48:03.0171 3932 AsyncMac - ok
16:48:03.0203 3932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:48:03.0218 3932 atapi - ok
16:48:03.0234 3932 Atdisk - ok
16:48:03.0328 3932 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:48:03.0328 3932 ati2mtag - ok
16:48:03.0375 3932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:48:03.0375 3932 Atmarpc - ok
16:48:03.0406 3932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:48:03.0406 3932 audstub - ok
16:48:03.0453 3932 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
16:48:03.0453 3932 AvgLdx86 - ok
16:48:03.0484 3932 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
16:48:03.0484 3932 AvgMfx86 - ok
16:48:03.0515 3932 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
16:48:03.0515 3932 AvgRkx86 - ok
16:48:03.0546 3932 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
16:48:03.0562 3932 AvgTdiX - ok
16:48:03.0609 3932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:48:03.0609 3932 Beep - ok
16:48:03.0625 3932 catchme - ok
16:48:03.0656 3932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:48:03.0656 3932 cbidf2k - ok
16:48:03.0671 3932 cd20xrnt - ok
16:48:03.0703 3932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:48:03.0703 3932 Cdaudio - ok
16:48:03.0750 3932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:48:03.0750 3932 Cdfs - ok
16:48:03.0781 3932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:48:03.0781 3932 Cdrom - ok
16:48:03.0796 3932 Changer - ok
16:48:03.0828 3932 CmdIde - ok
16:48:03.0859 3932 Cpqarray - ok
16:48:03.0890 3932 dac2w2k - ok
16:48:03.0906 3932 dac960nt - ok
16:48:03.0937 3932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:48:03.0937 3932 Disk - ok
16:48:03.0984 3932 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
16:48:04.0000 3932 dmboot - ok
16:48:04.0031 3932 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
16:48:04.0046 3932 dmio - ok
16:48:04.0062 3932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:48:04.0078 3932 dmload - ok
16:48:04.0109 3932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:48:04.0109 3932 DMusic - ok
16:48:04.0140 3932 dpti2o - ok
16:48:04.0156 3932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:48:04.0156 3932 drmkaud - ok
16:48:04.0203 3932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:48:04.0203 3932 Fastfat - ok
16:48:04.0234 3932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:48:04.0250 3932 Fdc - ok
16:48:04.0265 3932 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
16:48:04.0281 3932 Fips - ok
16:48:04.0296 3932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:48:04.0296 3932 Flpydisk - ok
16:48:04.0328 3932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:48:04.0343 3932 FltMgr - ok
16:48:04.0406 3932 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:48:04.0406 3932 fssfltr - ok
16:48:04.0421 3932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:48:04.0421 3932 Fs_Rec - ok
16:48:04.0453 3932 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:48:04.0453 3932 Ftdisk - ok
16:48:04.0468 3932 GMSIPCI - ok
16:48:04.0484 3932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:48:04.0500 3932 Gpc - ok
16:48:04.0546 3932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:48:04.0562 3932 HidUsb - ok
16:48:04.0578 3932 hpn - ok
16:48:04.0593 3932 hpt3xx - ok
16:48:04.0656 3932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:48:04.0656 3932 HTTP - ok
16:48:04.0687 3932 i2omgmt - ok
16:48:04.0703 3932 i2omp - ok
16:48:04.0718 3932 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:48:04.0734 3932 i8042prt - ok
16:48:04.0765 3932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:48:04.0765 3932 Imapi - ok
16:48:04.0796 3932 ini910u - ok
16:48:04.0812 3932 IntelIde - ok
16:48:04.0859 3932 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:48:04.0859 3932 ip6fw - ok
16:48:04.0906 3932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:48:04.0906 3932 IpFilterDriver - ok
16:48:04.0921 3932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:48:04.0937 3932 IpInIp - ok
16:48:04.0968 3932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:48:04.0968 3932 IpNat - ok
16:48:05.0000 3932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:48:05.0000 3932 IPSec - ok
16:48:05.0031 3932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:48:05.0031 3932 IRENUM - ok
16:48:05.0078 3932 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:48:05.0078 3932 isapnp - ok
16:48:05.0109 3932 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:48:05.0109 3932 Kbdclass - ok
16:48:05.0140 3932 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:48:05.0140 3932 kbdhid - ok
16:48:05.0171 3932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:48:05.0187 3932 kmixer - ok
16:48:05.0218 3932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:48:05.0218 3932 KSecDD - ok
16:48:05.0234 3932 lbrtfdc - ok
16:48:05.0281 3932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:48:05.0281 3932 mnmdd - ok
16:48:05.0312 3932 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
16:48:05.0328 3932 Modem - ok
16:48:05.0343 3932 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:48:05.0343 3932 Mouclass - ok
16:48:05.0375 3932 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:48:05.0375 3932 mouhid - ok
16:48:05.0406 3932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:48:05.0406 3932 MountMgr - ok
16:48:05.0421 3932 mraid35x - ok
16:48:05.0453 3932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:48:05.0453 3932 MRxDAV - ok
16:48:05.0500 3932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:48:05.0515 3932 MRxSmb - ok
16:48:05.0546 3932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:48:05.0546 3932 Msfs - ok
16:48:05.0578 3932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:48:05.0593 3932 MSKSSRV - ok
16:48:05.0609 3932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:48:05.0609 3932 MSPCLOCK - ok
16:48:05.0640 3932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:48:05.0640 3932 MSPQM - ok
16:48:05.0687 3932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:48:05.0687 3932 mssmbios - ok
16:48:05.0718 3932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:48:05.0718 3932 Mup - ok
16:48:05.0765 3932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:48:05.0765 3932 NDIS - ok
16:48:05.0812 3932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:48:05.0812 3932 NdisTapi - ok
16:48:05.0843 3932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:48:05.0843 3932 Ndisuio - ok
16:48:05.0859 3932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:48:05.0859 3932 NdisWan - ok
16:48:05.0906 3932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:48:05.0906 3932 NDProxy - ok
16:48:05.0937 3932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:48:05.0937 3932 NetBIOS - ok
16:48:05.0968 3932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:48:05.0968 3932 NetBT - ok
16:48:06.0015 3932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:48:06.0015 3932 Npfs - ok
16:48:06.0062 3932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:48:06.0078 3932 Ntfs - ok
16:48:06.0109 3932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:48:06.0109 3932 Null - ok
16:48:06.0140 3932 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
16:48:06.0140 3932 nvata - ok
16:48:06.0171 3932 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:48:06.0171 3932 NVENETFD - ok
16:48:06.0203 3932 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:48:06.0203 3932 nvnetbus - ok
16:48:06.0250 3932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:48:06.0250 3932 NwlnkFlt - ok
16:48:06.0281 3932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:48:06.0281 3932 NwlnkFwd - ok
16:48:06.0328 3932 ousb2hub (b69051d59730c61d188adbabfc7c0517) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
16:48:06.0343 3932 ousb2hub - ok
16:48:06.0359 3932 ousbehci (46c4b42e2621a9b002f93ed18b349254) C:\WINDOWS\system32\Drivers\ousbehci.sys
16:48:06.0375 3932 ousbehci - ok
16:48:06.0406 3932 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
16:48:06.0406 3932 Parport - ok
16:48:06.0421 3932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:48:06.0421 3932 PartMgr - ok
16:48:06.0468 3932 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
16:48:06.0468 3932 ParVdm - ok
16:48:06.0500 3932 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
16:48:06.0500 3932 PCI - ok
16:48:06.0515 3932 PCIDump - ok
16:48:06.0546 3932 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:48:06.0546 3932 PCIIde - ok
16:48:06.0578 3932 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:48:06.0578 3932 Pcmcia - ok
16:48:06.0593 3932 PDCOMP - ok
16:48:06.0625 3932 PDFRAME - ok
16:48:06.0640 3932 PDRELI - ok
16:48:06.0656 3932 PDRFRAME - ok
16:48:06.0671 3932 perc2 - ok
16:48:06.0703 3932 perc2hib - ok
16:48:06.0734 3932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:48:06.0734 3932 PptpMiniport - ok
16:48:06.0765 3932 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
16:48:06.0781 3932 Processor - ok
16:48:06.0812 3932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:48:06.0812 3932 PSched - ok
16:48:06.0828 3932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:48:06.0828 3932 Ptilink - ok
16:48:06.0859 3932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:48:06.0859 3932 PxHelp20 - ok
16:48:06.0890 3932 ql1080 - ok
16:48:06.0906 3932 Ql10wnt - ok
16:48:06.0921 3932 ql12160 - ok
16:48:06.0937 3932 ql1240 - ok
16:48:06.0953 3932 ql1280 - ok
16:48:06.0984 3932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:48:06.0984 3932 RasAcd - ok
16:48:07.0000 3932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:48:07.0015 3932 Rasl2tp - ok
16:48:07.0031 3932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:48:07.0031 3932 RasPppoe - ok
16:48:07.0046 3932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:48:07.0062 3932 Raspti - ok
16:48:07.0093 3932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:48:07.0109 3932 Rdbss - ok
16:48:07.0125 3932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:48:07.0125 3932 RDPCDD - ok
16:48:07.0171 3932 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:48:07.0187 3932 RDPWD - ok
16:48:07.0218 3932 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:48:07.0218 3932 redbook - ok
16:48:07.0296 3932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:48:07.0312 3932 Secdrv - ok
16:48:07.0343 3932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:48:07.0343 3932 serenum - ok
16:48:07.0375 3932 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
16:48:07.0375 3932 Serial - ok
16:48:07.0421 3932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:48:07.0421 3932 Sfloppy - ok
16:48:07.0453 3932 Simbad - ok
16:48:07.0484 3932 Sparrow - ok
16:48:07.0515 3932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:48:07.0515 3932 splitter - ok
16:48:07.0546 3932 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
16:48:07.0546 3932 sr - ok
16:48:07.0609 3932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:48:07.0609 3932 Srv - ok
16:48:07.0671 3932 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
16:48:07.0671 3932 ssadbus - ok
16:48:07.0687 3932 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
16:48:07.0703 3932 ssadmdfl - ok
16:48:07.0718 3932 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
16:48:07.0734 3932 ssadmdm - ok
16:48:07.0781 3932 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
16:48:07.0781 3932 ssm_bus - ok
16:48:07.0812 3932 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
16:48:07.0812 3932 ssm_mdfl - ok
16:48:07.0859 3932 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
16:48:07.0859 3932 ssm_mdm - ok
16:48:07.0890 3932 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
16:48:07.0890 3932 StarOpen - ok
16:48:07.0921 3932 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:48:07.0921 3932 StillCam - ok
16:48:07.0968 3932 STV680 (a7c201297fa5118b95518f31af729da0) C:\WINDOWS\system32\drivers\STV680.sys
16:48:07.0984 3932 STV680 - ok
16:48:08.0015 3932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:48:08.0015 3932 swenum - ok
16:48:08.0046 3932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:48:08.0046 3932 swmidi - ok
16:48:08.0078 3932 symc810 - ok
16:48:08.0093 3932 symc8xx - ok
16:48:08.0125 3932 sym_hi - ok
16:48:08.0140 3932 sym_u3 - ok
16:48:08.0156 3932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:48:08.0171 3932 sysaudio - ok
16:48:08.0218 3932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:48:08.0250 3932 Tcpip - ok
16:48:08.0281 3932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:48:08.0281 3932 TDPIPE - ok
16:48:08.0312 3932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:48:08.0312 3932 TDTCP - ok
16:48:08.0328 3932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:48:08.0328 3932 TermDD - ok
16:48:08.0359 3932 TosIde - ok
16:48:08.0406 3932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:48:08.0406 3932 Udfs - ok
16:48:08.0437 3932 ultra - ok
16:48:08.0484 3932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:48:08.0484 3932 Update - ok
16:48:08.0546 3932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:48:08.0546 3932 usbccgp - ok
16:48:08.0562 3932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:48:08.0562 3932 usbhub - ok
16:48:08.0593 3932 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:48:08.0593 3932 usbohci - ok
16:48:08.0625 3932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:48:08.0640 3932 USBSTOR - ok
16:48:08.0656 3932 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:48:08.0656 3932 usb_rndisx - ok
16:48:08.0671 3932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:48:08.0687 3932 VgaSave - ok
16:48:08.0703 3932 ViaIde - ok
16:48:08.0734 3932 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
16:48:08.0734 3932 VolSnap - ok
16:48:08.0781 3932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:48:08.0781 3932 Wanarp - ok
16:48:08.0828 3932 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:48:08.0843 3932 Wdf01000 - ok
16:48:08.0859 3932 WDICA - ok
16:48:08.0890 3932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:48:08.0890 3932 wdmaud - ok
16:48:08.0984 3932 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:48:09.0000 3932 WpdUsb - ok
16:48:09.0031 3932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:48:09.0031 3932 WS2IFSL - ok
16:48:09.0078 3932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:48:09.0093 3932 WudfPf - ok
16:48:09.0125 3932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:48:09.0125 3932 WudfRd - ok
16:48:09.0156 3932 xcpip - ok
16:48:09.0187 3932 xpsec - ok
16:48:09.0218 3932 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
16:48:09.0375 3932 \Device\Harddisk0\DR0 - ok
16:48:09.0375 3932 Boot (0x1200) (5a79a42dc2ed4deaced87b41a79c25bc) \Device\Harddisk0\DR0\Partition0
16:48:09.0375 3932 \Device\Harddisk0\DR0\Partition0 - ok
16:48:09.0406 3932 Boot (0x1200) (1c9dd1011de39039774693cb03ff007b) \Device\Harddisk0\DR0\Partition1
16:48:09.0406 3932 \Device\Harddisk0\DR0\Partition1 - ok
16:48:09.0406 3932 ============================================================
16:48:09.0406 3932 Scan finished
16:48:09.0406 3932 ============================================================
16:48:09.0421 0516 Detected object count: 0
16:48:09.0421 0516 Actual detected object count: 0
Hallo Kape, dit is de tweede logfile, het lukte me niet 1-2-3- om de eerste te coöpieren. Bij de eerste scan was er een ernstige dreiging gedetecteerd die zoals je kan zien na de reboot verdwenen is.
Ik zal AVG. er nog eens over heen laten gaan, kijken of hij nog een melding geeft. Gr. Paolo
-
"C:\WINDOWS\system32\services.exe (708)";"Trojaans paard PSW.Agent.ARJV";""
"C:\WINDOWS\system32\services.exe (708):\memory_011b0000";"Trojaans paard PSW.Agent.ARJV";"Object is niet toegankelijk."
Helaas, geeft AVG nog steeds bovenstaande melding.
-
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 10-1-2012 15:01:54
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 10-1-2012 15:03:00
Value: HKEY_CURRENT_USER\Software\Twilight\Beetle Bomp\Gkernel --> EnableSafeLogging Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_CURRENT_USER\Software\Twilight\Warnings --> AudigyWarning Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> CustomCursors Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> InProgress Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredX Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredY Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> ScreenMode Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> WaitForVSync Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> DisplayGUID Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> FailureReason Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> MinVidMemory Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> RecVidMemory Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Version Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Warning Ontdekt: Trace.Registry.GameFiesta Beetle Bomp!A2
c:\windows\Matrix Code.scr Ontdekt: Trace.File.Matrix Code Screensaver!A2
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\49\49fdb3b1-1912b442/Market.class Ontdekt: Exploit.Java.CVE-2011!IK
C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe/$0\pev.3XE Ontdekt: Win32.Rootkit!IK
C:\Program Files\Games\Zuma Deluxe\Zuma.exe Ontdekt: Riskware.Crack.Zuma!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210083.exe Ontdekt: Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210292.exe/$0\pev.3XE Ontdekt: Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210344.exe Ontdekt: Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210375.exe Ontdekt: Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP882\A0211456.exe Ontdekt: Win32.Rootkit!IK
C:\WINDOWS\PEV.exe Ontdekt: Win32.Rootkit!IK
D:\downloads\SoftonicDownloader_voor_imgburn.exe Ontdekt: Riskware.Win32.SoftonicDownloader.AMN!A2
Gescand
Bestanden: 298028
Sporen: 441862
Cookies: 20
Processen: 48
Gevonden
Bestanden: 10
Sporen: 15
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 10-1-2012 17:25:15
Scantijd: 2:22:15
D:\downloads\SoftonicDownloader_voor_imgburn.exe Verwijderd Riskware.Win32.SoftonicDownloader.AMN!A2
C:\Program Files\Games\Zuma Deluxe\Zuma.exe Verwijderd Riskware.Crack.Zuma!IK
C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe/$0\pev.3XE Verwijderd Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210083.exe Verwijderd Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210292.exe/$0\pev.3XE Verwijderd Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210344.exe Verwijderd Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP881\A0210375.exe Verwijderd Win32.Rootkit!IK
C:\System Volume Information\_restore{F2343E7C-8062-4A56-926D-FD6EDC1C4508}\RP882\A0211456.exe Verwijderd Win32.Rootkit!IK
C:\WINDOWS\PEV.exe Verwijderd Win32.Rootkit!IK
C:\Documents and Settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\49\49fdb3b1-1912b442/Market.class Verwijderd Exploit.Java.CVE-2011!IK
c:\windows\Matrix Code.scr Verwijderd Trace.File.Matrix Code Screensaver!A2
Value: HKEY_CURRENT_USER\Software\Twilight\Beetle Bomp\Gkernel --> EnableSafeLogging Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_CURRENT_USER\Software\Twilight\Warnings --> AudigyWarning Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> CustomCursors Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> InProgress Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredX Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> PreferredY Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> ScreenMode Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp --> WaitForVSync Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> DisplayGUID Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> FailureReason Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> MinVidMemory Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> RecVidMemory Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Version Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TwilightEngine\Beetle Bomp\Test3D --> Warning Verwijderd Trace.Registry.GameFiesta Beetle Bomp!A2
Verwijderd
Bestanden: 10
Sporen: 15
Cookies: 0
-
"C:\Program Files\Internet Explorer\iexplore.exe (2868)";"Trojaans paard PSW.Generic9.RDX";""
"C:\Program Files\Internet Explorer\iexplore.exe (2868):\memory_02f20000";"Trojaans paard PSW.Generic9.RDX";"Object is niet toegankelijk."
"C:\Program Files\Internet Explorer\iexplore.exe (5900)";"Trojaans paard PSW.Generic9.RDX";""
"C:\Program Files\Internet Explorer\iexplore.exe (5900):\memory_025f0000";"Trojaans paard PSW.Generic9.RDX";"Object is niet toegankelijk."
"C:\WINDOWS\system32\services.exe (704)";"Trojaans paard PSW.Agent.ARJV";""
"C:\WINDOWS\system32\services.exe (704):\memory_011b0000";"Trojaans paard PSW.Agent.ARJV";"Object is niet toegankelijk."
Hallo Kape, scan net afgelopen, de laatste 2 zijn het probleem waarmee ik bij jullie ben gekomen. De eerste 4 meldingen zijn erbij gekomen. Kan het probleem bij AVG liggen?
Gr. P
-
ComboFix 12-01-09.07 - Eigenaar 10-01-2012 10:34:19.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.460 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\windows\system32\drivers\hxsrsrpk.sys"
"c:\windows\system32\drivers\wq13t1eco.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WQ13T1ECO.SYS
-------\Service_vsfsyqa
-------\Service_wq13t1eco.sys
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))))
.
.
2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-08 19:04 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-08 16:13 . 2012-01-08 16:13 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-08 16:13 . 2012-01-08 16:13 -------- d-----w- c:\program files\Trend Micro
2012-01-06 11:25 . 2012-01-10 09:28 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2012-01-06 11:15 . 2012-01-06 11:16 -------- d-----w- c:\program files\CCleaner
2012-01-06 10:40 . 2012-01-06 14:10 -------- d-----w- c:\program files\Emsisoft HiJackFree
2012-01-06 10:25 . 2012-01-06 10:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Systweak
2012-01-06 10:25 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2012-01-04 15:56 . 2001-09-06 19:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-04 15:56 . 2001-09-06 19:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\Hewlett-Packard
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\HP Photo Creations
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-01-04 15:54 . 2012-01-05 16:36 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\HpUpdate
2012-01-04 15:54 . 2011-06-08 17:06 544616 ------w- c:\windows\system32\HPDiscoPMa211.dll
2012-01-04 15:54 . 2011-06-08 21:49 488296 ----a-w- c:\windows\system32\HPWia1_DJ3070_B611.dll
2012-01-04 15:54 . 2011-06-08 21:49 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3070_B611.dll
2012-01-04 15:54 . 2011-06-08 21:49 429928 ----a-w- c:\windows\system32\hpinkstsa211.dll
2012-01-04 15:54 . 2011-06-08 21:49 270696 ----a-w- c:\windows\system32\hpinkstsa211LM.dll
2012-01-04 15:54 . 2011-06-08 21:49 216424 ----a-w- c:\windows\system32\hpinkcoia211.dll
2012-01-04 15:53 . 2012-01-04 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-01-04 15:53 . 2012-01-04 15:54 -------- d-----w- c:\program files\HP
2012-01-04 15:52 . 2012-01-04 15:57 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\HP
2012-01-03 21:48 . 2012-01-03 21:48 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\ElevatedDiagnostics
2012-01-02 09:53 . 2012-01-02 09:53 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-14 16:28 . 2008-04-14 18:02 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-14 16:28 . 2008-04-14 18:02 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-14 16:28 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-12-14 16:28 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-14 16:28 . 2008-04-14 17:39 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-14 16:28 . 2008-04-14 17:39 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-14 16:27 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-14 16:27 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-14 16:27 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-12-14 16:27 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-12-11 16:10 . 2011-12-11 16:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AVG Secure Search
2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2011-12-11 16:08 . 2011-12-11 16:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\program files\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 19:31 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-28 19:31 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 16:56 . 2011-05-16 18:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2007-04-12 22:08 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2001-09-07 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2001-09-06 19:53 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Fout !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 16:08 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-11 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-26 2078048]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-11 827232]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-28 296056]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2001-9-7 33792]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-28 19:31 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-20 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-20 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-11 243152]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-05-11 308136]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2004-06-15 44928]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe service [x]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2010-10-21 1130120]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2004-06-15 55808]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys [x]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job
- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job
- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]
.
2012-01-09 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2012-01-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-10 10:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)
@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\MPRAPI.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Fighters\sfus.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-10 10:58:03 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-10 09:57
ComboFix2.txt 2012-01-09 16:47
.
Pre-Run: 105.515.200.512 bytes beschikbaar
Post-Run: 105.418.657.792 bytes beschikbaar
.
- - End Of File - - 7FC1167C51EA36CC9A30AA7A31FB8DDE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:01, on 10-1-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Fighters\sfagent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fighters\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
--
End of file - 8271 bytes
-
Goedenavond Kape, het is een groot logbestand. Hoop dat het goed is. Groetjes Paolo
ComboFix 12-01-09.03 - Eigenaar 09-01-2012 17:35:04.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.362 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\alcrmv.exe
c:\windows\IsUn0413.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-09 to 2012-01-09 ))))))))))))))))))))))))))))))
.
.
2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-08 19:04 . 2012-01-08 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-08 19:04 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-08 16:13 . 2012-01-08 16:13 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-08 16:13 . 2012-01-08 16:13 -------- d-----w- c:\program files\Trend Micro
2012-01-06 11:25 . 2012-01-09 16:23 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2012-01-06 11:15 . 2012-01-06 11:16 -------- d-----w- c:\program files\CCleaner
2012-01-06 10:40 . 2012-01-06 14:10 -------- d-----w- c:\program files\Emsisoft HiJackFree
2012-01-06 10:25 . 2012-01-06 10:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Systweak
2012-01-06 10:25 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2012-01-04 15:56 . 2001-09-06 19:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-04 15:56 . 2001-09-06 19:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\Hewlett-Packard
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\MSN Toolbar
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\Bing Bar Installer
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\program files\HP Photo Creations
2012-01-04 15:55 . 2012-01-04 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-01-04 15:54 . 2012-01-05 16:36 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\HpUpdate
2012-01-04 15:54 . 2011-06-08 17:06 544616 ------w- c:\windows\system32\HPDiscoPMa211.dll
2012-01-04 15:54 . 2011-06-08 21:49 488296 ----a-w- c:\windows\system32\HPWia1_DJ3070_B611.dll
2012-01-04 15:54 . 2011-06-08 21:49 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3070_B611.dll
2012-01-04 15:54 . 2011-06-08 21:49 429928 ----a-w- c:\windows\system32\hpinkstsa211.dll
2012-01-04 15:54 . 2011-06-08 21:49 270696 ----a-w- c:\windows\system32\hpinkstsa211LM.dll
2012-01-04 15:54 . 2011-06-08 21:49 216424 ----a-w- c:\windows\system32\hpinkcoia211.dll
2012-01-04 15:53 . 2012-01-04 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-01-04 15:53 . 2012-01-04 15:54 -------- d-----w- c:\program files\HP
2012-01-04 15:52 . 2012-01-04 15:57 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\HP
2012-01-03 21:48 . 2012-01-03 21:48 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\ElevatedDiagnostics
2012-01-02 09:53 . 2012-01-02 09:53 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-14 16:28 . 2008-04-14 18:02 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-14 16:28 . 2008-04-14 18:02 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-14 16:28 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-12-14 16:28 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-14 16:28 . 2008-04-14 17:39 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-14 16:28 . 2008-04-14 17:39 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-14 16:27 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-14 16:27 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-14 16:27 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-12-14 16:27 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-12-11 16:10 . 2011-12-11 16:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AVG Secure Search
2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2011-12-11 16:08 . 2011-12-11 16:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-11 16:08 . 2011-12-11 16:09 -------- d-----w- c:\program files\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 19:31 . 2007-04-23 15:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-28 19:31 . 2007-04-23 15:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 16:56 . 2011-05-16 18:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2004-08-23 16:17 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2001-09-07 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2007-04-12 22:08 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2001-09-07 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2001-09-06 19:53 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 16:08 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-11 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-26 2078048]
"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-11 827232]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-28 296056]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk - c:\windows\system32\RunDll32.exe [2001-9-7 33792]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 09:06 178688 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 20:01 136176 ----atw- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 23:22 577536 ------r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-28 19:31 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-10-26 18:48 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20-8-2010 10:34 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-8-2010 10:34 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-8-2010 10:34 243152]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11-5-2011 18:59 308136]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [12-4-2007 21:38 44928]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21-10-2010 13:44 189064]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21-10-2010 13:44 1130120]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [11-12-2011 17:08 855904]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [12-4-2007 21:38 55808]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 vsfsyqa;vsfsyqa;c:\windows\system32\drivers\hxsrsrpk.sys --> c:\windows\system32\drivers\hxsrsrpk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 22:47 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30-3-2011 8:16 30312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27-10-2010 8:10 167264]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [27-12-2007 9:34 1527900]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13-3-2011 22:47 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30-3-2011 8:16 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30-3-2011 8:16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30-3-2011 8:16 136680]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [27-12-2007 9:31 544768]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7-9-2001 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 wq13t1eco.sys;wq13t1eco.sys;\??\c:\windows\system32\drivers\wq13t1eco.sys --> c:\windows\system32\drivers\wq13t1eco.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-04 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06]
.
2012-01-08 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06]
.
2012-01-08 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06]
.
2012-01-06 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 17:06]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 21:47]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003Core.job
- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-261478967-839522115-1003UA.job
- c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:01]
.
2012-01-08 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-261478967-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
2011-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-261478967-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-EyelineRun - c:\program files\NCH Software\Eyeline\eyeline.exe
MSConfigStartUp-HyvesDesktop - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-Fireworks Extravaganza Deluxe - c:\program files\Zylom Games\Fireworks Extravaganza Deluxe\GameInstaller.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-09 17:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-261478967-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)
@Allowed: (Read) (S-1-5-21-1708537768-261478967-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2012-01-09 17:47:47
ComboFix-quarantined-files.txt 2012-01-09 16:47
.
Pre-Run: 104.881.704.960 bytes beschikbaar
Post-Run: 105.558.716.416 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8C5169AF604F1D9FEE57FEECF0F820B8
-
Het laatste hijack rapp.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:05, on 8-1-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Fighters\sfagent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fighters\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
--
End of file - 9288 bytes
Het eerste MBAM-log:
Malwarebytes Anti-Malware 1.60.0.1800
Databaseversie: v2012.01.08.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eigenaar :: PAOLO [administrator]
8-1-2012 20:14:40
mbam-log-2012-01-08 (20-14-40).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 172877
Verstreken tijd: 7 minuut/minuten, 8 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 35
HKCR\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04} (Adware.LoudMo) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-YH94Lw_7HfY (Adware.AdRotator) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: 8196 -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: 8195 -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 2
C:\WINDOWS\system32\-YH94Lw_7HfY.exe (Adware.AdRotator) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Eigenaar\Application Data\usernt.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Het tweede MBAM-log:
Malwarebytes Anti-Malware 1.60.0.1800
Databaseversie: v2012.01.08.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eigenaar :: PAOLO [administrator]
8-1-2012 20:35:55
mbam-log-2012-01-08 (20-35-55).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 172847
Verstreken tijd: 6 minuut/minuten, 13 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Het herstarten lukte niet echt, hij bleef hangen. Moest met de reset-knop herstarten. Hoop dat de troj. horse niet al teveel schade heeft opgeleverd.
Hoop dat je in bovenstaande logs dit kunt aflezen. GR en bedankt Paolo
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:15:21, on 8-1-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fighters\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Fighters\sfagent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: flvdome - {eb2e9375-b70f-1b33-b671-2e1c72b97794} - C:\WINDOWS\system32\N-d50jAjAv.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18O361CW05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176409856373
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666201296
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
--
End of file - 10367 bytes
Ik hoop dat dit hetgene is wat je bedoeld. Alvast bedankt. Gr. Paolo
-
Hallo allemaal, dit is voor mij de eerste keer dat ik via n' forum een vraag stel.
Krijg van AVG de melding dat ik volgend trojan horse: PSW.Agent ARJV heb.
AVG krijgt hem niet verwijderd of in quarantaine gezet. De PC. start zeer slecht op en wordt steeds trager.
Hoop dat ik hulp middels dit forum kan krijgen.
Groetjes Paolo:top:
4 trojan horses
in Archief Bestrijding malware & virussen
Geplaatst:
Hallo Kape,
AVG geeft geen enkele melding meer. De pc. is dus worm/virusvrij. Alles werkt weer als voorheen. Nou wilde ik je vragen of er niet een programma is wat me beter beschermd tegen die trojans/virussen? Avg. blijkt toch niet voldoende.
In ieder geval hartelijk dank. Paolo