David Dierickx
-
Items
14 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door David Dierickx
-
-
Vipre uitgevoerd
blijft hetzelfde qua opstarttijd. :-(
David
-
Ik heb ook Spybot eens uitgevoerd
Deze heeft 2 entries gevonden
logSpybot.JPG gratis downloaden vanaf Uploading.com
Dr Web CureIt heb ik ook uitgevoerd daarna
emailcatcher.exe;C:\Program Files;Tool.MassMail.3;Verplaatst.;pslist.exe;C:\ProgramFiles;Program.PsList.126;;A0005334.exe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP4;Tool.MassMail.3;Verplaatst.;
mvg
David
-
En voila scan voltooid
Heeft bijna 8 uur geduurd.
Log zoals gevraagd (Er zouden trojan horse opzitten)
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 10, 2010 12:49:57
Records in database: 4251104
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
Scan statistics:
Objects scanned: 146012
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 07:43:23
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0A8C0000\4EDDD8EC.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0A8C0001\4EDDD8FE.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0A8C0002\4EDDD913.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0A8C0003\4EDDD924.VBN Infected: Trojan.JS.Iframe.eu 1
Selected area has been scanned.
mvg
David
-
jammerlijk genoeg nog rond de 15 minuten
mvg
David
-
Ok dat is gelukt
Hier is de log van ComboFix
ComboFix 10-11-07.07 - dierda01 07/11/2010 20:58:07.5.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.743 [GMT 1:00]
Running from: c:\documents and settings\dierda01\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.
2010-11-04 19:16 . 2010-11-04 19:16 -------- d-----w- c:\program files\Rittal
2010-11-02 10:28 . 2010-11-02 10:28 388096 ----a-r- c:\documents and settings\dierda01\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:28 . 2010-11-01 19:28 -------- d-----w- c:\documents and settings\dierda01\Application Data\AVG10
2010-11-01 19:26 . 2010-11-01 19:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-01 19:24 . 2010-11-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-01 19:19 . 2010-11-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-01 19:01 . 2010-11-01 19:01 -------- d-----w- c:\program files\CCleaner
2010-11-01 18:00 . 2010-11-01 18:03 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-11-01 18:00 . 2010-11-01 18:00 -------- d-----w- c:\documents and settings\dierda01\Application Data\TweakNow RegCleaner
2010-10-14 06:49 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 06:49 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 06:49 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 06:49 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 11:49 . 2010-03-19 13:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-25 11:49 . 2010-04-21 12:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 14:00 . 2009-07-24 08:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-22 14:00 . 2009-07-24 08:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-18 10:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 21:32 . 2010-09-22 14:04 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-09-10 05:58 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 07:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2007-03-30 11:34 . 2007-08-03 13:06 25263144 ------w- c:\program files\Skype.exe
2006-12-11 19:58 . 2007-08-03 13:06 826936 ------w- c:\program files\blacklightrootkit.exe
2006-11-12 12:23 . 2007-08-03 13:06 174163 ------w- c:\program files\utorrent.exe
2006-11-09 06:29 . 2007-08-03 13:06 2198320 ------w- c:\program files\Procmon.exe
2006-11-01 12:07 . 2007-08-03 13:06 3623736 ------w- c:\program files\procexp.exe
2006-11-01 12:07 . 2007-10-31 12:04 363320 ------w- c:\program files\portmon.exe
2006-09-23 20:05 . 2007-08-03 13:06 340992 ------w- c:\program files\FolderSize.exe
2006-08-09 10:56 . 2007-08-03 13:06 1413120 ------w- c:\program files\WinsockXPFix.exe
2006-07-10 12:22 . 2007-08-03 13:06 398912 ------w- c:\program files\autoruns.exe
2006-07-10 12:21 . 2007-08-03 13:06 294912 ------w- c:\program files\autorunsc.exe
2006-06-27 22:05 . 2007-08-03 13:06 262144 ------w- c:\program files\xp-AntiSpy.exe
2006-03-24 10:33 . 2007-08-03 13:06 69632 ------w- c:\program files\Contig.exe
2006-02-18 01:50 . 2007-08-03 13:06 1024000 ------w- c:\program files\vncviewer.exe
2006-02-17 20:06 . 2007-08-03 13:06 12411150 ------w- c:\program files\YamiPod.exe
2006-02-01 15:02 . 2007-08-03 13:06 237651 ------w- c:\program files\RootkitRevealer.exe
2006-01-11 20:31 . 2007-08-03 13:06 992399 ------w- c:\program files\JHymn.exe
2005-09-20 20:45 . 2007-08-03 13:06 49664 ------w- c:\program files\WMDecode.exe
2005-07-14 04:06 . 2007-08-03 13:06 98361 ------w- c:\program files\pagedfrg.exe
2005-06-30 01:07 . 2007-08-03 13:06 181776 ------w- c:\program files\handle.exe
2005-05-25 16:10 . 2007-08-03 13:06 784896 ------w- c:\program files\DoubleKiller.exe
2005-04-20 11:07 . 2007-08-03 13:06 106496 ------w- c:\program files\Tcpview.exe
2005-04-13 13:32 . 2007-08-03 13:06 186368 ------w- c:\program files\LSPFix.exe
2005-04-09 20:12 . 2007-08-03 13:06 32768 ------w- c:\program files\PPSFix.exe
2005-04-04 11:15 . 2007-08-03 13:06 53248 ------w- c:\program files\whois.exe
2005-03-24 11:56 . 2007-08-03 13:06 291792 ------w- c:\program files\vnc-4_1_1_viewer.exe
2005-03-24 11:56 . 2007-08-03 13:06 291792 ------w- c:\program files\realvncviewer.exe
2005-03-21 14:03 . 2007-08-03 13:06 345600 ------w- c:\program files\SafeXP.exe
2005-02-20 09:34 . 2007-08-03 13:06 865792 ------w- c:\program files\ExplorerXP.exe
2005-02-16 09:06 . 2007-08-03 13:06 218112 ------w- c:\program files\HijackThis.exe
2005-02-16 07:57 . 2007-08-03 13:06 45056 ------w- c:\program files\streams.exe
2005-02-13 12:43 . 2007-08-03 13:06 1013211 ------w- c:\program files\tv.exe
2005-02-01 12:48 . 2007-08-03 13:06 94208 ------w- c:\program files\WINOBJ.EXE
2005-01-28 21:23 . 2007-08-03 13:06 1036800 ------w- c:\program files\filmerit_21en.exe
2004-12-21 07:23 . 2007-08-03 13:06 65536 ------w- c:\program files\LISTDLLS.exe
2004-12-08 13:26 . 2007-08-03 13:06 49152 ------w- c:\program files\junction.exe
2004-12-01 15:27 . 2007-08-03 13:06 86016 ------w- c:\program files\pslist.exe
2004-11-29 16:43 . 2007-08-03 13:06 81920 ------w- c:\program files\sherlock2.0.exe
2004-11-21 07:26 . 2007-08-03 13:06 331776 ------w- c:\program files\emailcatcher.exe
2004-11-05 11:05 . 2007-08-03 13:06 81920 ------w- c:\program files\logonsessions.exe
2004-10-03 07:15 . 2007-08-03 13:06 253952 ------w- c:\program files\LockedCopy.exe
2004-09-22 14:46 . 2007-08-03 13:06 741421 ------w- c:\program files\Bginfo.exe
2004-09-15 09:39 . 2007-08-03 13:06 585728 ------w- c:\program files\OEView.exe
2004-08-26 12:04 . 2007-08-03 13:06 159795 ------w- c:\program files\ShareEnum.exe
2004-08-19 17:18 . 2007-08-03 13:06 343040 ------w- c:\program files\OptimumJPEG.exe
2004-08-08 14:10 . 2007-08-03 13:06 94208 ------w- c:\program files\tcpvcon.exe
2004-07-16 08:39 . 2007-08-03 13:06 135168 ------w- c:\program files\tweakol2003.exe
2004-06-22 13:14 . 2007-08-03 13:06 118784 ------w- c:\program files\Diskmon.exe
2004-03-20 23:47 . 2007-08-03 13:06 94208 ------w- c:\program files\tweakol.exe
2004-03-19 23:20 . 2007-08-03 13:06 98304 ------w- c:\program files\DetachOL.exe
2004-02-27 11:58 . 2007-08-03 13:06 45056 ------w- c:\program files\DriveZ.exe
2004-01-29 23:10 . 2007-08-03 13:06 208896 ------w- c:\program files\ConfigInspector.exe
2003-12-30 12:33 . 2007-08-03 13:06 253952 ------w- c:\program files\md5.exe
2003-12-20 19:57 . 2007-08-03 13:06 224256 ------w- c:\program files\fentun.exe
2003-07-17 10:19 . 2007-08-03 13:06 5632 ------w- c:\program files\wol.exe
2003-06-18 10:49 . 2007-08-03 13:06 406528 ------w- c:\program files\UnknownDeviceIdentifier.exe
2003-04-01 16:08 . 2007-08-03 13:06 16384 ------w- c:\program files\IP_Agent.exe
2003-03-20 15:43 . 2007-08-03 13:06 73728 ------w- c:\program files\DiskCheckup.exe
2003-02-21 07:31 . 2007-08-03 13:06 659456 ------w- c:\program files\VCD_PLAY.EXE
2003-02-10 09:07 . 2007-08-03 13:06 53028 ------w- c:\program files\netio.exe
2002-03-25 08:52 . 2007-08-03 13:06 644976 ------w- c:\program files\BootVis.exe
2002-03-19 15:30 . 2007-08-03 13:06 216576 ------w- c:\program files\PowerCalc.exe
2002-01-02 13:12 . 2007-08-03 13:06 410624 ------w- c:\program files\DNSQuery.exe
2001-08-23 23:00 . 2007-08-03 13:06 90112 ------w- c:\program files\PlacesBar Editor.exe
2001-03-04 16:01 . 2007-08-03 13:06 13824 ------w- c:\program files\IP2.exe
2001-02-21 19:03 . 2007-08-03 13:06 35840 ------w- c:\program files\base64.exe
2000-11-16 01:01 . 2007-08-03 13:06 210944 ------w- c:\program files\putty.exe
2000-07-29 06:20 . 2007-08-03 13:06 188416 ------w- c:\program files\TDIMON.EXE
2000-06-14 09:30 . 2007-08-03 13:06 872448 ------w- c:\program files\EZSMART.exe
1999-04-12 11:15 . 2007-08-03 13:06 236032 ------w- c:\program files\BINCHUNK.EXE
1998-08-02 22:53 . 2007-08-03 13:06 287232 ------w- c:\program files\syslog_server.exe
1998-05-10 16:43 . 2007-08-03 13:06 483840 ------w- c:\program files\SFV32W.exe
1997-07-09 11:53 . 2007-08-03 13:06 40960 ------w- c:\program files\MAPIMAIL.EXE
1997-04-04 15:04 . 2007-08-03 13:06 513536 ------w- c:\program files\TFTPd.exe
1996-11-20 16:35 . 2007-08-03 13:06 340480 ------w- c:\program files\hexedit.exe
1996-10-07 07:16 . 2007-08-03 13:06 114176 ------w- c:\program files\wsttcp.exe
1996-07-28 18:58 . 2007-08-03 13:06 14305 ------w- c:\program files\rawrite.exe
1996-07-24 18:30 . 2007-08-03 13:06 90144 ------w- c:\program files\WINGIF.EXE
2009-12-25 10:12 203776 --sh--w- c:\windows\system32\unrar.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 292152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-20 115560]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-100122\Scripts\Logon\0\0]
"Script"=EnvVar.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-100122\Scripts\Logon\1\0]
"Script"=IAEMACT-Logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-441436\Scripts\Logon\0\0]
"Script"=EnvVar.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-441436\Scripts\Logon\1\0]
"Script"=IAEMACT-Logon.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 16:36 872448 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\CBA\\pds.exe"=
"c:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"=
"%windir%\\system32\\msgsys.exe"=
"c:\\Program Files\\Foxit Software\\PDFEdit.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"67:TCP"= 67:TCP:LANDesk® PXE TCP Port
"67:UDP"= 67:UDP:LANDesk® PXE UDP Port
"9535:TCP"= 9535:TCP:LANDesk® Remote Control Agent TCP Port
"9535:UDP"= 9535:UDP:LANDesk® Remote Control Agent UDP Port
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [22/02/2010 13:32 224816]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/09/2006 17:58 36608]
S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [10/11/2009 12:32 155648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [21/06/2009 07:59 3584]
S2 glpntdrv;glpntdrv;\??\c:\windows\system32\drivers\glpntdrv.sys --> c:\windows\system32\drivers\glpntdrv.sys [?]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [24/02/2010 15:11 139264]
S2 MSSQL$SQL_CTSELECT;SQL Server (SQL_CTSELECT);c:\program files\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 02:27 29262680]
S2 Peakcan;Peakcan;c:\windows\system32\drivers\Peakcan.sys [11/09/2008 15:15 87904]
S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [22/02/2010 13:33 649776]
S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [22/02/2010 13:33 231984]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [24/02/2010 15:11 385024]
S2 SsfdcPp;Parallel Port Ssfdc Programmer Driver;c:\windows\system32\drivers\SsfdcPp.sys [30/09/2008 09:12 14604]
S2 TcCam;TwinCAT CAM Server;c:\twincat\Driver\TCCam.sys [17/04/2008 13:24 192563]
S2 TcEventLogger;TcEventLogger;c:\twincat\EventLogger\TcEventLogger.exe [17/04/2008 13:24 249932]
S2 TcIo;TwinCAT IO Server;c:\twincat\Driver\TcIo.sys [17/04/2008 13:24 1154048]
S2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\Driver\TcPlc.sys [17/04/2008 13:24 390709]
S2 TcRouter;TwinCAT Router Server;c:\twincat\Driver\TCRouter.sys [17/04/2008 13:24 186880]
S2 TcRTime;TwinCAT Realtime Server;c:\twincat\Driver\TCRtime.sys [17/04/2008 13:24 138752]
S2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [17/04/2008 13:24 622652]
S2 VERISMIC PowerManager Client;VERISMIC PowerManager Client;c:\program files\VERISMIC\PowerManager\Client\VERISMIC.PowerManager.ClientService.exe [26/03/2010 08:29 424960]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\ddcdrv.sys [13/08/2010 08:55 10240]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [16/03/2009 11:25 23888]
S3 ctndrvd;CTNet NT Driver;c:\windows\system32\drivers\ctndrv2.sys [06/08/2007 08:01 6488]
S3 CTNDRVWDM;CTNet Driver (WDM);c:\windows\system32\drivers\ctndrwdm.sys [03/10/2002 09:45 5145]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 11:08 102448]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [08/01/2009 17:00 11904]
S3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [08/01/2009 17:00 3328]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [08/01/2009 17:00 3712]
S3 pcan_usb;PCAN-USB Device Driver;c:\windows\system32\drivers\pcan_usb.sys [01/03/2003 01:42 201175]
S3 R-ImageDisk;R-ImageDisk;\??\c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\R-ImageDisk.sys --> c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\R-ImageDisk.sys [?]
S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [17/01/2010 18:05 29292]
S3 TrioUSB;TrioUSB;c:\windows\system32\drivers\TrioUSB.sys [25/10/2007 09:11 9984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.skynet.be
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = europroxy.emrsn.co.uk:80
uInternet Settings,ProxyOverride = www.controltechniques.com;192.186.1.100;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: ia.priv\lx-gbnew-app.controltechniques
Trusted Zone: ia.priv\lx-gbnew-tst.controltechniques
Trusted Zone: ia.priv\lx-gbnew-app.controltechniques
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\pssogina.dll
c:\windows\system32\LogonAgentAPI.dll
c:\windows\system32\msi.dll
- - - - - - - > 'explorer.exe'(1300)
c:\windows\system32\WININET.dll
.
Completion time: 2010-11-07 21:06:05
ComboFix-quarantined-files.txt 2010-11-07 20:06
Pre-Run: 43,820,736,512 bytes free
Post-Run: 43,820,982,272 bytes free
- - End Of File - - E6412A14EAEA5DAF8144CD7E6476D194
mvg
David
-
Helaas geen log te vinden van ComboFix
Computer start nog steeds traag op.
Misschien wel iets sneller als vroeger.
Laat ons zeggen 15 minuten nu
mvg
David
-
Ik heb de ComboFix uitgevoerd met het filetje CFScript.txt
Alles uitgevoerd maar de Log wordt niet meer gemaakt, zelfs niet in safe mode.
Heb daarna HijackThis uitgevoerd
log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:01:03, on 04/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
c:\Program Files\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\TwinCAT\EventLogger\TcEventLogger.exe
C:\TwinCAT\TCATSysSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktop, Printers, Servers, and more
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = europroxy.emrsn.co.uk:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.controltechniques.com;192.186.1.100;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://lx-gbnew-app.controltechniques.ia.priv
O15 - Trusted Zone: http://lx-gbnew-tst.controltechniques.ia.priv
O15 - Trusted Zone: http://lx-gbnew-app.controltechniques.ia.priv (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203422187479
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227783639184
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\Software\..\Telephony: DomainName = emrsn.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emrsn.org
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Pointsec - Check Point Software Tech Ltd - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Check Point Software Tech Ltd - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe
O23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exe
O23 - Service: VERISMIC PowerManager Client - VERISMIC Software - C:\Program Files\VERISMIC\PowerManager\Client\VERISMIC.PowerManager.ClientService.exe
--
End of file - 10136 bytes
-
In veilige modus is het gelukt
Hier is de log
ComboFix 10-11-02.06 - dierda01 04/11/2010 0:12.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.743 [GMT 1:00]
Running from: c:\documents and settings\dierda01\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Security
((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.
2010-11-03 07:33 . 2010-11-03 07:33 114688 ----a-w- c:\windows\system32\chg.exe
2010-11-02 10:28 . 2010-11-02 10:28 388096 ----a-r- c:\documents and settings\dierda01\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:28 . 2010-11-01 19:28 -------- d-----w- c:\documents and settings\dierda01\Application Data\AVG10
2010-11-01 19:26 . 2010-11-01 19:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-01 19:24 . 2010-11-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-01 19:19 . 2010-11-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-01 19:01 . 2010-11-01 19:01 -------- d-----w- c:\program files\CCleaner
2010-11-01 18:00 . 2010-11-01 18:03 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-11-01 18:00 . 2010-11-01 18:00 -------- d-----w- c:\documents and settings\dierda01\Application Data\TweakNow RegCleaner
2010-10-14 06:49 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 06:49 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 06:49 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 06:49 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 11:49 . 2010-03-19 13:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-25 11:49 . 2010-04-21 12:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 14:00 . 2009-07-24 08:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-22 14:00 . 2009-07-24 08:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-18 10:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 21:32 . 2010-09-22 14:04 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-09-10 05:58 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 07:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2007-03-30 11:34 . 2007-08-03 13:06 25263144 ------w- c:\program files\Skype.exe
2006-12-11 19:58 . 2007-08-03 13:06 826936 ------w- c:\program files\blacklightrootkit.exe
2006-11-12 12:23 . 2007-08-03 13:06 174163 ------w- c:\program files\utorrent.exe
2006-11-09 06:29 . 2007-08-03 13:06 2198320 ------w- c:\program files\Procmon.exe
2006-11-01 12:07 . 2007-08-03 13:06 3623736 ------w- c:\program files\procexp.exe
2006-11-01 12:07 . 2007-10-31 12:04 363320 ------w- c:\program files\portmon.exe
2006-09-23 20:05 . 2007-08-03 13:06 340992 ------w- c:\program files\FolderSize.exe
2006-08-09 10:56 . 2007-08-03 13:06 1413120 ------w- c:\program files\WinsockXPFix.exe
2006-07-10 12:22 . 2007-08-03 13:06 398912 ------w- c:\program files\autoruns.exe
2006-07-10 12:21 . 2007-08-03 13:06 294912 ------w- c:\program files\autorunsc.exe
2006-06-27 22:05 . 2007-08-03 13:06 262144 ------w- c:\program files\xp-AntiSpy.exe
2006-03-24 10:33 . 2007-08-03 13:06 69632 ------w- c:\program files\Contig.exe
2006-02-18 01:50 . 2007-08-03 13:06 1024000 ------w- c:\program files\vncviewer.exe
2006-02-17 20:06 . 2007-08-03 13:06 12411150 ------w- c:\program files\YamiPod.exe
2006-02-01 15:02 . 2007-08-03 13:06 237651 ------w- c:\program files\RootkitRevealer.exe
2006-01-11 20:31 . 2007-08-03 13:06 992399 ------w- c:\program files\JHymn.exe
2005-12-04 18:00 . 2007-08-03 13:06 79384 ------w- c:\program files\xpy.exe
2005-10-27 07:57 . 2007-08-03 13:06 36864 ------w- c:\program files\sync.exe
2005-09-20 20:45 . 2007-08-03 13:06 49664 ------w- c:\program files\WMDecode.exe
2005-07-14 04:06 . 2007-08-03 13:06 98361 ------w- c:\program files\pagedfrg.exe
2005-06-30 01:07 . 2007-08-03 13:06 181776 ------w- c:\program files\handle.exe
2005-05-25 16:10 . 2007-08-03 13:06 784896 ------w- c:\program files\DoubleKiller.exe
2005-04-20 11:07 . 2007-08-03 13:06 106496 ------w- c:\program files\Tcpview.exe
2005-04-13 13:32 . 2007-08-03 13:06 186368 ------w- c:\program files\LSPFix.exe
2005-04-09 20:12 . 2007-08-03 13:06 32768 ------w- c:\program files\PPSFix.exe
2005-04-04 11:15 . 2007-08-03 13:06 53248 ------w- c:\program files\whois.exe
2005-03-24 11:56 . 2007-08-03 13:06 291792 ------w- c:\program files\vnc-4_1_1_viewer.exe
2005-03-24 11:56 . 2007-08-03 13:06 291792 ------w- c:\program files\realvncviewer.exe
2005-03-21 14:03 . 2007-08-03 13:06 345600 ------w- c:\program files\SafeXP.exe
2005-02-20 09:34 . 2007-08-03 13:06 865792 ------w- c:\program files\ExplorerXP.exe
2005-02-16 09:06 . 2007-08-03 13:06 218112 ------w- c:\program files\HijackThis.exe
2005-02-16 07:57 . 2007-08-03 13:06 45056 ------w- c:\program files\streams.exe
2005-02-13 12:43 . 2007-08-03 13:06 1013211 ------w- c:\program files\tv.exe
2005-02-01 12:48 . 2007-08-03 13:06 94208 ------w- c:\program files\WINOBJ.EXE
2005-01-28 21:23 . 2007-08-03 13:06 1036800 ------w- c:\program files\filmerit_21en.exe
2004-12-21 07:23 . 2007-08-03 13:06 65536 ------w- c:\program files\LISTDLLS.exe
2004-12-08 13:26 . 2007-08-03 13:06 49152 ------w- c:\program files\junction.exe
2004-12-01 15:27 . 2007-08-03 13:06 86016 ------w- c:\program files\pslist.exe
2004-11-29 16:43 . 2007-08-03 13:06 81920 ------w- c:\program files\sherlock2.0.exe
2004-11-21 07:26 . 2007-08-03 13:06 331776 ------w- c:\program files\emailcatcher.exe
2004-11-05 11:05 . 2007-08-03 13:06 81920 ------w- c:\program files\logonsessions.exe
2004-10-03 07:15 . 2007-08-03 13:06 253952 ------w- c:\program files\LockedCopy.exe
2004-09-22 14:46 . 2007-08-03 13:06 741421 ------w- c:\program files\Bginfo.exe
2004-09-15 09:39 . 2007-08-03 13:06 585728 ------w- c:\program files\OEView.exe
2004-08-26 12:04 . 2007-08-03 13:06 159795 ------w- c:\program files\ShareEnum.exe
2004-08-19 17:18 . 2007-08-03 13:06 343040 ------w- c:\program files\OptimumJPEG.exe
2004-08-08 14:10 . 2007-08-03 13:06 94208 ------w- c:\program files\tcpvcon.exe
2004-07-16 08:39 . 2007-08-03 13:06 135168 ------w- c:\program files\tweakol2003.exe
2004-06-22 13:14 . 2007-08-03 13:06 118784 ------w- c:\program files\Diskmon.exe
2004-03-20 23:47 . 2007-08-03 13:06 94208 ------w- c:\program files\tweakol.exe
2004-03-19 23:20 . 2007-08-03 13:06 98304 ------w- c:\program files\DetachOL.exe
2004-02-27 11:58 . 2007-08-03 13:06 45056 ------w- c:\program files\DriveZ.exe
2004-01-29 23:10 . 2007-08-03 13:06 208896 ------w- c:\program files\ConfigInspector.exe
2003-12-30 12:33 . 2007-08-03 13:06 253952 ------w- c:\program files\md5.exe
2003-12-20 19:57 . 2007-08-03 13:06 224256 ------w- c:\program files\fentun.exe
2003-07-17 10:19 . 2007-08-03 13:06 5632 ------w- c:\program files\wol.exe
2003-06-18 10:49 . 2007-08-03 13:06 406528 ------w- c:\program files\UnknownDeviceIdentifier.exe
2003-04-01 16:08 . 2007-08-03 13:06 16384 ------w- c:\program files\IP_Agent.exe
2003-03-20 15:43 . 2007-08-03 13:06 73728 ------w- c:\program files\DiskCheckup.exe
2003-02-21 07:31 . 2007-08-03 13:06 659456 ------w- c:\program files\VCD_PLAY.EXE
2003-02-10 09:07 . 2007-08-03 13:06 53028 ------w- c:\program files\netio.exe
2002-03-25 08:52 . 2007-08-03 13:06 644976 ------w- c:\program files\BootVis.exe
2002-03-19 15:30 . 2007-08-03 13:06 216576 ------w- c:\program files\PowerCalc.exe
2002-01-02 13:12 . 2007-08-03 13:06 410624 ------w- c:\program files\DNSQuery.exe
2001-08-23 23:00 . 2007-08-03 13:06 90112 ------w- c:\program files\PlacesBar Editor.exe
2001-03-04 16:01 . 2007-08-03 13:06 13824 ------w- c:\program files\IP2.exe
2001-02-21 19:03 . 2007-08-03 13:06 35840 ------w- c:\program files\base64.exe
2000-11-16 01:01 . 2007-08-03 13:06 210944 ------w- c:\program files\putty.exe
2000-07-29 06:20 . 2007-08-03 13:06 188416 ------w- c:\program files\TDIMON.EXE
2000-06-14 09:30 . 2007-08-03 13:06 872448 ------w- c:\program files\EZSMART.exe
2000-03-24 11:16 . 2007-08-03 13:06 617984 ------w- c:\program files\Dup.exe
1999-04-12 11:15 . 2007-08-03 13:06 236032 ------w- c:\program files\BINCHUNK.EXE
1998-08-02 22:53 . 2007-08-03 13:06 287232 ------w- c:\program files\syslog_server.exe
1998-05-10 16:43 . 2007-08-03 13:06 483840 ------w- c:\program files\SFV32W.exe
1997-07-09 11:53 . 2007-08-03 13:06 40960 ------w- c:\program files\MAPIMAIL.EXE
1997-04-04 15:04 . 2007-08-03 13:06 513536 ------w- c:\program files\TFTPd.exe
1996-11-20 16:35 . 2007-08-03 13:06 340480 ------w- c:\program files\hexedit.exe
1996-10-07 07:16 . 2007-08-03 13:06 114176 ------w- c:\program files\wsttcp.exe
1996-07-28 18:58 . 2007-08-03 13:06 14305 ------w- c:\program files\rawrite.exe
2009-12-25 10:12 203776 --sh--w- c:\windows\system32\unrar.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 292152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-20 115560]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-100122\Scripts\Logon\0\0]
"Script"=EnvVar.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-100122\Scripts\Logon\1\0]
"Script"=IAEMACT-Logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-441436\Scripts\Logon\0\0]
"Script"=EnvVar.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-441436\Scripts\Logon\1\0]
"Script"=IAEMACT-Logon.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 16:36 872448 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\CBA\\pds.exe"=
"c:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"=
"%windir%\\system32\\msgsys.exe"=
"c:\\Program Files\\Foxit Software\\PDFEdit.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"67:TCP"= 67:TCP:LANDesk® PXE TCP Port
"67:UDP"= 67:UDP:LANDesk® PXE UDP Port
"9535:TCP"= 9535:TCP:LANDesk® Remote Control Agent TCP Port
"9535:UDP"= 9535:UDP:LANDesk® Remote Control Agent UDP Port
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [22/02/2010 13:32 224816]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/09/2006 17:58 36608]
S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [10/11/2009 12:32 155648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [21/06/2009 07:59 3584]
S2 glpntdrv;glpntdrv;\??\c:\windows\system32\drivers\glpntdrv.sys --> c:\windows\system32\drivers\glpntdrv.sys [?]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [24/02/2010 15:11 139264]
S2 MSSQL$SQL_CTSELECT;SQL Server (SQL_CTSELECT);c:\program files\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 02:27 29262680]
S2 Peakcan;Peakcan;c:\windows\system32\drivers\Peakcan.sys [11/09/2008 15:15 87904]
S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [22/02/2010 13:33 649776]
S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [22/02/2010 13:33 231984]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [24/02/2010 15:11 385024]
S2 SsfdcPp;Parallel Port Ssfdc Programmer Driver;c:\windows\system32\drivers\SsfdcPp.sys [30/09/2008 09:12 14604]
S2 TcCam;TwinCAT CAM Server;c:\twincat\Driver\TCCam.sys [17/04/2008 13:24 192563]
S2 TcEventLogger;TcEventLogger;c:\twincat\EventLogger\TcEventLogger.exe [17/04/2008 13:24 249932]
S2 TcIo;TwinCAT IO Server;c:\twincat\Driver\TcIo.sys [17/04/2008 13:24 1154048]
S2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\Driver\TcPlc.sys [17/04/2008 13:24 390709]
S2 TcRouter;TwinCAT Router Server;c:\twincat\Driver\TCRouter.sys [17/04/2008 13:24 186880]
S2 TcRTime;TwinCAT Realtime Server;c:\twincat\Driver\TCRtime.sys [17/04/2008 13:24 138752]
S2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [17/04/2008 13:24 622652]
S2 VERISMIC PowerManager Client;VERISMIC PowerManager Client;c:\program files\VERISMIC\PowerManager\Client\VERISMIC.PowerManager.ClientService.exe [26/03/2010 08:29 424960]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\ddcdrv.sys [13/08/2010 08:55 10240]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [16/03/2009 11:25 23888]
S3 ctndrvd;CTNet NT Driver;c:\windows\system32\drivers\ctndrv2.sys [06/08/2007 08:01 6488]
S3 CTNDRVWDM;CTNet Driver (WDM);c:\windows\system32\drivers\ctndrwdm.sys [03/10/2002 09:45 5145]
S3 DrvSnSht;DrvSnSht;\??\c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\DrvSnSht.sys --> c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\DrvSnSht.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 11:08 102448]
S3 IPCTYPE;IPCTYPE;\??\c:\documents and settings\All Users\Documents\Pro-face\GP-Pro EX 2.2\Simulator\IPCType.sys --> c:\documents and settings\All Users\Documents\Pro-face\GP-Pro EX 2.2\Simulator\IPCType.sys [?]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [08/01/2009 17:00 11904]
S3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [08/01/2009 17:00 3328]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [08/01/2009 17:00 3712]
S3 pcan_usb;PCAN-USB Device Driver;c:\windows\system32\drivers\pcan_usb.sys [01/03/2003 01:42 201175]
S3 PORTMON;PORTMON;\??\c:\program files\PORTMSYS.SYS --> c:\program files\PORTMSYS.SYS [?]
S3 R-ImageDisk;R-ImageDisk;\??\c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\R-ImageDisk.sys --> c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\R-ImageDisk.sys [?]
S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [17/01/2010 18:05 29292]
S3 TrioUSB;TrioUSB;c:\windows\system32\drivers\TrioUSB.sys [25/10/2007 09:11 9984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SRTSPL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.skynet.be
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = europroxy.emrsn.co.uk:80
uInternet Settings,ProxyOverride = www.controltechniques.com;192.186.1.100;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: ia.priv\lx-gbnew-app.controltechniques
Trusted Zone: ia.priv\lx-gbnew-tst.controltechniques
Trusted Zone: ia.priv\lx-gbnew-app.controltechniques
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Symantec Antvirus
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-04 00:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\pssogina.dll
c:\windows\system32\LogonAgentAPI.dll
c:\windows\system32\msi.dll
- - - - - - - > 'explorer.exe'(268)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-11-04 00:20:31
ComboFix-quarantined-files.txt 2010-11-03 23:20
Pre-Run: 39,649,845,248 bytes free
Post-Run: 39,592,603,648 bytes free
- - End Of File - - 5323E1E7DFADFED0A5955B999F6A2DB2
mvg
David
-
Helaas geen log te vinden
Voor alle zekerheid had ik combofix nog eens uitgevoerd maar hetzelfde resultaat
Ik vrees dat dieje rot Symantec Endpoint Protection hier de oorzaak van is en ik kan
hem niet uitshakelen.
Buiten dieje disable is er geen andere manier om dat uit te schakelen?
mvg
David
-
Heb ComboFix laten uitvoeren.
Ik kan jammer genoeg Symantec Endpoint Protection niet uitschakelen
De selectie Disable is niet toegankelijk.
Heb toch ComboFix uitgevoerd
ComboFix heeft alles uitgevoerd
tot het punt van van de logfile
toen is de computer gecrasht en heb ik hem zelf moeten herstarten
Heeft dan de volgende fout gegeven
Windows is hersteld van een ernstige fout (of zoiets)
BCCode : 1000008e BCP1 : 80000004 BCP2 : 8054B97F BCP3 : 9EE16888
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
Blijft traag opstarten
nog suggesties?
mvg
David
-
Dubbelpost aub niet,
Als je iets wilt toevoegen of verwijderen doeje een edit.
Is de pc ook traag tijdens het gebruik?
Tim,
Sorry Tim
Er was een foutje opgetreden tijdens de eerste post
Nee de PC reageert normaal tijdens gewoon werken.
Nu nog een opmerking:
Soms als ik Ctrl + Alt + Del moet drukken om in te loggen als de pc net opgestart is
dan duurt het zeer lang vooraleer het scherm met de Username en het Password
te voorschijn komt.
Hier is echter geen regelmaat op, soms gaat dit wel vrijwel onmiddelijk
@Kape
De twee URL's lijken mij bekend van mijn werk
emrsn.org komt waarschijnlijk van Emerson
Control Techniques is een dochterfirma van Emerson
Ik heb gedaan wat je gevraagd hebt met HijackThis maar resultaat blijft hetzelfde
mvg
David
-
Beste mensen
Mijn PC start zéér traag op.
Opstarten duurt zelfs tot 20 à 25 minuten
Afsluiten gaat redelijk.
Vanaf de Log in begint het...
Wat heb ik allemaal al uitgevoerd:
Symantec virusscanner (niks gevonden)
AVG virusscanner (niks gevonden)
MalwareBytes (niks gevonden)
CCleaner (+/-90 threads gevonden en gefixt)
Tweaknow Regcleaner (nog eens 3 threads gevonden en gefixt)
Windows Defragmentatie uitgevoerd (kan niet alles terug goed zetten)
Heel veel rommelprogramma's, die niet relevant waren, uninstalled
Dan heb ik een HijackThis Log genomen.
Ik hoop dat er iemand van jullie mij kan helpen ...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:14, on 02/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
c:\Program Files\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\TwinCAT\EventLogger\TcEventLogger.exe
C:\TwinCAT\TCATSysSrv.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktop, Printers, Servers, and more
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = europroxy.emrsn.co.uk:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.controltechniques.com;192.186.1.100;<local>
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://lx-gbnew-app.controltechniques.ia.priv
O15 - Trusted Zone: http://lx-gbnew-tst.controltechniques.ia.priv
O15 - Trusted Zone: http://lx-gbnew-app.controltechniques.ia.priv (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203422187479
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227783639184
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\Software\..\Telephony: DomainName = emrsn.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CE5E879-8E5F-4D40-A81C-2E9661431801}: NameServer = 129.111.0.5,129.111.1.14
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pointsec - Check Point Software Tech Ltd - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Check Point Software Tech Ltd - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe
O23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exe
O23 - Service: VERISMIC PowerManager Client - VERISMIC Software - C:\Program Files\VERISMIC\PowerManager\Client\VERISMIC.PowerManager.ClientService.exe
--
End of file - 10960 bytes
met vriendelijke groeten
David
-
Sinds enige tijd start mijn PC zeer traag op.
Zelfs 20 à 25 minuten vooraleer alle icoontjes op de XP werkbalk er staan.
Alsfuiten gaat redelijk
Wat heb ik gedaan.
Viruscanner Symantec (niks gevonden)
MalwareBytes (niks gevonden)
CCcleaner laten uitvoeren (+/-90 thre
TweakNow RegCleaner laten uitvoeren
PC start zeer traag op !!
in Archief Hardware algemeen
Geplaatst:
Checkdisk heeft het opgelost
Nu start hij op in zo een 2 à 3 minuten