NGINX (2)

zorosha · 10 augustus 2011

ComboFix 11-08-10.01 - Eigenaar 10-08-2011 14:25:01.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1423 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-10 to 2011-08-10 ))))))))))))))))))))))))))))))

2011-08-10 09:22:57 . 2011-08-10 09:22:57 388096 ----a-r- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-10 09:22:55 . 2011-08-10 09:22:56 -------- d-----w- C:\Program Files\Trend Micro

2011-08-09 19:10:25 . 2011-08-10 09:18:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2011-08-09 19:10:25 . 2011-08-09 19:15:00 -------- d-----w- C:\Program Files\Spybot - Search & Destroy

2011-08-09 18:44:20 . 2011-08-09 18:44:20 -------- d-sh--w- C:\Documents and Settings\Eigenaar\IECompatCache

2011-08-09 18:41:56 . 2011-08-09 18:41:56 -------- d-sh--w- C:\Documents and Settings\Eigenaar\PrivacIE

2011-08-09 18:39:07 . 2011-08-09 18:39:07 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache

2011-08-09 18:38:36 . 2011-08-09 18:38:36 -------- d-sh--w- C:\Documents and Settings\Eigenaar\IETldCache

2011-08-09 18:30:39 . 2011-08-09 18:32:13 -------- dc-h--w- C:\WINDOWS\ie8

2011-08-09 18:25:03 . 2010-10-18 11:10:56 7680 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll

2011-08-09 18:24:53 . 2011-06-23 18:31:52 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll

2011-08-09 18:24:53 . 2011-06-23 18:31:52 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll

2011-08-09 18:24:53 . 2011-06-23 18:31:51 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll

2011-08-08 19:34:45 . 2011-08-08 22:24:55 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware

2011-08-08 17:40:14 . 2011-05-04 02:52:22 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2011-08-08 16:57:24 . 2011-08-10 11:41:09 -------- d--h--r- C:\Documents and Settings\Eigenaar\Onlangs geopend

2011-08-08 12:21:53 . 2011-08-08 12:21:54 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\SUPERAntiSpyware.com

2011-08-08 12:21:30 . 2011-08-08 12:21:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\!SASCORE

2011-08-08 12:20:59 . 2011-08-08 12:21:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-08-03 09:31:29 . 2011-08-03 09:36:33 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\AVG

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-07-06 17:52:42 . 2009-05-24 15:04:02 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-07-06 17:52:42 . 2009-05-24 15:04:00 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-07-01 21:05:02 . 2011-04-20 13:07:14 101720 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys

2011-06-23 18:31:52 . 2008-04-14 20:33:22 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-06-23 18:31:52 . 2008-04-14 20:32:46 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-06-23 18:31:52 . 2008-04-14 20:32:30 43520 ------w- C:\WINDOWS\system32\licmgr10.dll

2011-06-23 12:05:34 . 2008-04-14 20:05:38 385024 ------w- C:\WINDOWS\system32\html.iec

2011-06-06 11:35:33 . 2008-04-14 20:05:10 1859072 ----a-w- C:\WINDOWS\system32\win32k.sys

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 21:12:58 3872080]

"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 18:08:00 16050688]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 08:50:42 155648]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 10:59:52 254696]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 15:10:28 35696]

"OFFICEKB"="C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Keyboard\kbdap32a.EXE" [2010-05-19 17:51:28 396800]

"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2011-04-18 15:40:08 2334560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 20:32:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 02:32:48 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2008-03-03 16:06:00 1848648 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-10 16:20:00 689488 ----a-w- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]

2010-05-19 17:51:28 370176 ----a-w- C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-29 16:59:56 98304 ----a-w- C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-02-22 11:42:40 26101032 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 16:04:00 2879488 ----a-w- C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07:20 2260480 ------w- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-07-29 01:09:07 4599680 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FrostWire\\FrostWire.exe"=

"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Spotify\\spotify.exe"=

"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"C:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"C:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27:24 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [7-9-2010 4:48:50 32592]

R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [8-12-2010 5:12:38 248656]

R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [12-11-2010 14:19:38 297168]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27:02 12880]

R1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55:22 67664]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore.exe [19-7-2011 2:02:03 123264]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;C:\Program Files\Emsisoft Anti-Malware\a2service.exe [8-8-2011 21:34:46 3029208]

R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33:42 269520]

R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [29-10-2009 11:47:38 233472]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\l151x86.sys [23-5-2009 10:15:01 37376]

R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [3-8-2010 16:23:34 134480]

R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [3-8-2010 16:23:32 24144]

R3 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\AVGIDSShim.sys [3-8-2010 16:23:36 27216]

R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [29-10-2009 11:47:38 36608]

R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\drivers\sncp106.sys [27-8-2009 10:17:18 243712]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18-4-2011 17:39:42 7398752]

S2 gupdate;Google Updateservice (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [6-3-2010 18:07:40 135664]

S3 a2acc;a2acc;C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys [8-8-2011 21:34:48 73728]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\WINDOWS\system32\drivers\aabed2.sys [20-3-2008 4:34:52 21888]

S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [6-3-2010 18:07:40 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys --> C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 RSUSBCCID;Realtek Smartcard Reader Driver;C:\WINDOWS\system32\drivers\RtsUCcid.sys [23-6-2011 22:58:36 44032]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\system32\drivers\RtsUStor.sys [23-6-2011 22:58:36 189984]

S3 RtsUIr;Realtek IR Driver;C:\WINDOWS\system32\drivers\RtsUIr.sys [23-6-2011 22:58:36 17536]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [29-10-2009 11:47:48 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [29-10-2009 11:47:48 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [29-10-2009 11:47:48 121856]

Inhoud van de 'Gedeelde Taken' map

2011-07-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 16:07:40 . 2010-03-06 16:07:34]

2011-08-10 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 16:07:40 . 2010-03-06 16:07:34]

------- Bijkomende Scan -------

uStart Page = hxxp://www.hyves.nl/

TCP: DhcpNameServer = 192.168.2.254

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

Helaas is het probleem nog steeds niet opgelost

zorosha · 10 augustus 2011